Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

2014 aasta viimases kvartalis demonstreeriti mitmeid edukaid rünnakuid mobiilsidevõrkude vastu. Need baseerusid ühe peamise signaaliprotokolli, SS7 väärkasutamisel. Ründajatel õnnestus positsioneerida mobiilseadmete kasutajaid ja kuulata pealt nii kõnesid kui ka tekstisõnumeid. Ajal mil enamik viimase aja ründeid paljastavad nõrkusi lõppkasutajate seadmete tarkvaras, paljastavad need hiljutised rünnakud põhivõrkude endi haavatavust. Teadaolevalt on mobiilsete telekommunikatsioonivõrkude tööstuses raskusi haavatavuste õigeaegsel avastamisel ja nende mõistmisel. Käesolev töö on osa püüdlusest neid probleeme mõista. Töö annab põhjaliku ülevaate ja analüüsib teadaolevaid rünnakuid ning toob välja võimalikud lahendused. Rünnakud võivad olla väga suurte tagajärgedega, kuna vaatamata SS7 protokolli vanusele, jääb see siiski peamiseks signaaliprotokolliks mobiilsidevõrkudes veel pikaks ajaks. Uurimustöö analüüs ja tulemused aitavad mobiilsideoperaatoritel hinnata oma võrkude haavatavust ning teha paremaid investeeringuid oma taristu turvalisusele. Tulemused esitletakse mobiilsideoperaatoritele, võrguseadmete müüjatele ning 3GPP standardi organisatsioonile.In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

Discovering User-Interpretable Capabilities of Black-Box Planning Agents

Several approaches have been developed for answering users' specific questions about AI behavior and for assessing their core functionality in terms of primitive executable actions. However, the problem of summarizing an AI agent's broad capabilities for a user is comparatively new. This paper presents an algorithm for discovering from scratch the suite of high-level "capabilities" that an AI system with arbitrary internal planning algorithms/policies can perform. It computes conditions describing the applicability and effects of these capabilities in user-interpretable terms. Starting from a set of user-interpretable state properties, an AI agent, and a simulator that the agent can interact with, our algorithm returns a set of high-level capabilities with their parameterized descriptions. Empirical evaluation on several game-based scenarios shows that this approach efficiently learns descriptions of various types of AI agents in deterministic, fully observable settings. User studies show that such descriptions are easier to understand and reason with than the agent's primitive actions.Comment: KR 202

Study of microwave-assisted magnetization dynamics in magnetic films and structures

Ph.DDOCTOR OF PHILOSOPH

Advances in Non-Invasive Blood Pressure Monitoring

This paper reviews recent advances in non-invasive blood pressure monitoring and highlights the added value of a novel algorithm-based blood pressure sensor which uses machine-learning techniques to extract blood pressure values from the shape of the pulse waveform. We report results from preliminary studies on a range of patient populations and discuss the accuracy and limitations of this capacitive-based technology and its potential application in hospitals and communities

Transport of aerosols and nanoparticles through respirators and masks

In several countries wearing multiple surgical masks or N95 respirators was mandatory in public during the COVID pandemic. In this study, we investigated the transportation and filtering mechanism of heterogeneous nanoparticles and viruses through surgical masks and N95 respirators. We conducted experiments in vitro using aerosol spray paints containing nanoparticles and validated the findings in vivo on a human volunteer. Scanning electron microscopy was employed to analyse the transportation and distribution of nanoparticles in different mask layers and on pristine silicon substrates placed on human skin. We provide analytical insights into the pressure distribution and fluid velocity profiles within the complex polymer network. Remarkably, our results showed that both single surgical masks and N95 respirators demonstrated similar efficiency in filtering colloidal and jet-stream nanoparticles in the air. These comprehensive findings have significant implications for policymakers in defining regulations for airborne pandemics and air pollution control