Storms in mobile networks

Mobile networks are vulnerable to signalling attacks and storms caused by traffic that overloads the control plane through excessive signalling, which can be introduced via malware and mobile botnets. With the advent of machine-to-machine (M2M) communications over mobile networks, the potential for signalling storms increases due to the normally periodic nature of M2M traffic and the sheer number of communicating nodes. Several mobile network operators have also experienced signalling storms due to poorly designed applications that result in service outage. The radio resource control (RRC) protocol is particularly susceptible to such attacks, motivating this work within the EU FP7 NEMESYS project which presents simulations that clarify the temporal dynamics of user behavior and signalling, allowing us to suggest how such attacks can be detected and mitigated

Detection and mitigation of signaling storms in mobile networks

Mobile Networks are subject to "signaling storms" launched by malware or apps, which overload the the bandwidth at the cell, the backbone signaling servers, and Cloud servers, and may also deplete the battery power of mobile devices. This paper reviews the subject and discusses a novel technique to detect and mitigate such signaling storms. Through a mathematical analysis we introduce a technique based on tracking time-out transitions in the signaling system that can substantially reduce both the number of misbehaving mobiles and the signaling overload in the backbone

Performance analysis of mobile networks under signalling storms

There are numerous security challenges in cellular mobile networks, many of which originate from the Internet world. One of these challenges is to answer the problem with increasing rate of signalling messages produced by smart devices. In particular, many services in the Internet are provided through mobile applications in an unobstructed manner, such that users get an always connected feeling. These services, which usually come from instant messaging, advertising and social networking areas, impose significant signalling loads on mobile networks by frequent exchange of control data in the background. Such services and applications could be built intentionally or unintentionally, and result in denial of service attacks known as signalling attacks or storms. Negative consequences, among others, include degradations of mobile network’s services, partial or complete net- work failures, increased battery consumption for infected mobile terminals. This thesis examines the influence of signalling storms on different mobile technologies, and proposes defensive mechanisms. More specifically, using stochastic modelling techniques, this thesis first presents a model of the vulnerability in a single 3G UMTS mobile terminal, and studies the influence of the system’s internal parameters on stability under a signalling storm. Further on, it presents a queueing network model of the radio access part of 3G UMTS and examines the effect of the radio resource control (RRC) inactivity timers. In presence of an attack, the proposed dynamic setting of the timers manage to lower the signalling load in the network and to increase the threshold above which a network failure could happen. Further on, the network model is upgraded into a more generic and detailed model, represent different generations of mobile technologies. It is than used to compare technologies with dedicated and shared organisation of resource allocation, referred to as traditional and contemporary networks, using performance metrics such as: signalling and communication delay, blocking probability, signalling load on the network’s nodes, bandwidth holding time, etc. Finally, based on the carried analysis, two mechanisms are proposed for detection of storms in real time, based on counting of same-type bandwidth allocations, and usage of allocated bandwidth. The mechanisms are evaluated using discrete event simulation in 3G UMTS, and experiments are done combining the detectors with a simple attack mitigation approach.Open Acces

Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book

Enabling Network Flexibility by Decomposing Network Functions

Next-generation networks are expected to serve a wide range of use cases, each of which features a set of diverse and stringent requirements. For instance, video streaming and industrial automation are becoming more and more prominent in our society, but while the first use case requires high bandwidth, the second one mandates sub-millisecond latency. To accommodate these requirements, networks must be flexible, i.e., they must provide cost-efficient ways of adapting to different requirements. For example, networks must be able to scale with the traffic load to support the bandwidth requirements of the video streaming use case. In response to the need for flexibility, the scientific community has proposed Software Defined Networking (SDN), Network Function Virtualization (NFV), and network slicing. SDN simplifies the management of networks by separating control plane and data plane, while NFV allows scaling the network functions with the traffic load. Network slicing provides the operators with virtual networks which can be tailored to meet the requirements of the use cases. While these technologies pave the way towards network flexibility, the capability of networks to adapt to different use cases is still limited by several inefficiencies. For example, to improve the scalability of network functions, network operators use dedicated systems which manage the state of network functions by keeping it in a data store. These systems are designed to offer specific features, such as reliability or performance, which determine the data store adopted and the Application Programming Interface (API) exposed to the network functions. Network operators need to change the data store depending on the features required by the use case served, but this operation involves refactoring the network functions, thus implying significant costs. Furthermore, network operators need to migrate the network functions, for example to minimize bandwidth usage during traffic peaks. Nevertheless, network slices convey the traffic coming from a multitude of sources through a small set of network functions, which are consequently resource-hungry and difficult to migrate, forcing the network operator to overprovision the network. Due to these inefficiencies, adapting the network to different use cases requires a significant increase in both Capital Expenditure (CapEx) and Operational Expenditure (OpEx), thus resulting in a showstopper for network operators. Addressing these inefficiencies would lower the costs of adapting networks to different use cases, thus improving network flexibility. To this end, we propose to decompose the network functions into fine-grained network functions, each providing only a subset of the functionalities, or processing only a share of the traffic, thus obtaining network functions which are less resource-hungry, easier to migrate, and easier to upgrade. We examine three directions along which we can perform the decomposition. The first direction is leveraging the networking planes, such as control and data planes, for example separating the functionalities for packet processing from the ones for network management. The second direction is leveraging the sources and destinations of the traffic flowing through each network function and creating a dedicated network function for each source-destination pair. The third direction is decoupling the state management of the network functions from the data store by leveraging an API which is independent from the data store adopted. We show that each decomposition addresses a specific inefficiency. For example, decoupling the state management from the data store enables network operators to change the data store adopted without the need for refactoring the network functions. Decomposing network functions also brings some drawbacks. For example, it can result in an increase of the number of network functions, thus making network management tasks, such as network reconfiguration, more challenging. We study two key drawbacks and we discuss the solutions we designed to contrast them. In this thesis, we show that decomposing network functions allows improving network flexibility, but it must be complemented with techniques to mitigate any negative side effect.Uuden sukupolven verkkojen odotetaan palvelevan monenlaisia käyttötapauksia, joista jokaisella on erilaisia vaatimuksia verkon toimintojen ja ominaisuuksien suhteen. Esimerkiksi videoiden suoratoisto ja teollisuusautomaatio ovat yhä tärkeämmässä asemassa yhteiskunnassamme, mutta vaikka ensimmäinen käyttötapaus vaatii suurta kaistanleveyttä, toinen edellyttää alle millisekunnin viivettä. Näiden vaatimusten täyttämiseksi verkkojen on oltava joustavia, toisin sanoen niiden on tarjottava kustannustehokkaita tapoja sopeutua erilaisiin vaatimuksiin. Vastauksena joustavuuden tarpeeseen tiedeyhteisö on ehdottanut ohjelmistopohjaista verkkoa (Software Defined Networking, SDN), verkkotoimintojen virtualisointia (Network Function Virtualization, NFV) ja verkon viipalointia (network slicing). SDN yksinkertaistaa verkkojen hallintaa erottamalla ohjaustason ja datatason, kun taas NFV sallii verkon toimintojen skaalaamisen liikenteen kuormituksella. Verkon viipalointi tarjoaa operaattoreille virtuaaliverkkoja, jotka voidaan räätälöidä vastaamaan käyttötapausten vaatimuksia. Vaikka nämä tekniikat tasoittavat tietä verkon joustavuuteen, verkkojen kykyä sopeutua erilaisiin käyttötapauksiin rajoittavat edelleen monet tehottomuudet. Esimerkiksi verkkotoimintojen skaalautuvuuden parantamiseksi verkko-operaattorit käyttävät erillisiä tilatiedon tallennusjärjestelmiä. Verkko-operaattorien on vaihdettava tietovarasto palvelun käyttötapauksessa vaadittujen ominaisuuksien mukaan, mutta tähän toimintaan sisältyy verkkotoimintojen uudelleenrakentaminen, mikä merkitsee merkittäviä kustannuksia. Näiden tehottomuuksien vuoksi verkon sopeuttaminen erilaisiin käyttötapauksiin edellyttää sekä investointien (Capital Expenditure, CapEx) että toimintamenojen (Operational Expenditure, OpEx) merkittävää kasvua. Tässä väitöskirjassa esitetään uusi menetelmä verkkotoimintojen osittamiseen sekä hajauttamiseen hienorakeisemmiksi toiminnoiksi, joista kukin tarjoaa osan alkuperäisestä toiminnallisuudesta. Menetelmän avulla saadaan hajautettuja ja yhteentoimivia verkkotoimintoja, jotka käyttävät vähemmän verkon resursseja ja ovat helpommin siirrettävissä ja käytettävissä erilaisissa käyttötapauksissa. Väitöskirja osoittaa, että kukin osa-alue auttaa korjaamaan tietyn tehottomuuden järjestelmässä. Esimerkiksi tilahallinnan eriyttäminen tietovarastosta antaa verkko-operaattoreille mahdollisuuden muuttaa käyttöön otettua tietovarastoa ilman, että verkkotoimintoja on muutettava. Verkkotoimintojen ositus ja hajautus voi myös joissain tilanteissa heikentää tietoverkon ominaisuuksia. Väitöskirja tutkii menetelmän keskeisiä heikkouksia ja esittää niihin ratkaisuita. Tässä tutkimuksessa osoitetaan, että verkkotoimintojen osittaminen ja hajauttaminen parantavat verkon joustavuutta, mutta menetelmää on täydennettävä mahdollisten haitallisten sivuvaikutusten lieventämiseksi

Measurements and Analysis of YouTube Traffic Profile and Energy Usage with LTE DRX Mode

In this thesis, YouTube data profile is examined in order to find transmitting patterns which could be used for increasing transmission efficiency during video transmission. The emphasis is on Discontinuous Reception (DRX) and a promotion timer, which is in control when a mobile station moves from the RRC_CONNECTED state to the RRC_IDLE state in Long Term Evolution (LTE) networks. After the measurements and a result analysis, a new Matlab model for YouTube data transmission is presented. Additionally, another model for YouTube energy calculations in LTE network is derived. The studies indicate that 97 % of YouTube traffic is transmitted in two parallel Transmission Control Protocol (TCP) streams. There is a 10-second speedup phase where 20 % of the video is transmitted at the beginning of the transfer that is followed by a steady phase where idle and transmission periods alternate. All of the video data has been delivered when 74 % of the viewing has elapsed. There are also dozens of small TCP streams that break idle periods into a few seconds. Delaying transmission of these small TCP streams allows longer idle periods and can result in up to 30 % energy savings with small promotion timer values