1 / 21

CS712 병렬처리특강 | Dependable Software Lab. | Lee Dong Kun

Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom ‘06. CS712 병렬처리특강 | Dependable Software Lab. | Lee Dong Kun. Contents. Introduction Related Work System/Attack Characterization

kyrie
Download Presentation

CS712 병렬처리특강 | Dependable Software Lab. | Lee Dong Kun

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mitigating Attacks on Open Functionality in SMS-Capable Cellular NetworksPatrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta| MobiCom ‘06 CS712 병렬처리특강 | Dependable Software Lab. | Lee Dong Kun

  2. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Simulation Result • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  3. Introduction • Cellular Network System • Traditional cellular(phone) network system provided closed voice comm. • Currently cellular network system provides opened voice and data comm. • Service Interconnection • Phone network service and Internet service are interconnected by telecommunication provider. • Problems • Traditional phone networks had designed for only homogeneous closed system. • But current phone networks tightly interconnected with phone network and Internet. • Unexpected security problems occur • Heavy SMS traffics can flood over the phone network through Internet services. KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  4. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Result and Discussion • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  5. Related Work| Vulnerability and Approaches • Traditional Solution • Disconnection method • Disconnect from external network – effective way in the past • Not effective anymore, because of new access pattern and service • Vulnerability • Telecomm. Networks are not only systems to suffer from vulnerabilities related to expanded connectivity. • Systems less directly connected to the Internet have also been subject to attack. • DoS(Denial of Service) Attack • Traditional DoS attack happen on the online web site. • Reported DoS accident over the phone networks KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  6. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Result and Discussion • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  7. System characterization(I)| Message Delivery Overview KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  8. System characterization(I)| Message Delivery Overview – logical channel • TCH(Transfer Channel) • Carry voice traffic after call setup • CCH(Control Channel) • Transport information about the network • Assist in call setup/SMS delivery KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  9. Attack characterization(II)| System Vulnerability – Attack Phase Step Recognition(identification of a vulnerability) Reconnaissance(characterization of the conditions necessary to attack the vulnerability) Exploit(attacking the vulnerability) Recovery(cleanup and forensics) KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  10. Attack characterization(II)| System Vulnerability – Attach Phase Step • Recognition • Vul. of GSM cellular network in this paper • Problem : Bandwidth allocation in air interface(call blocking) • Shared SDCCHs Problem • Voice Communication • SMS • Reconnaissance • Using tools, an attacker can easily construct a “hit-list” of potential targets. • Exploit • Saturating sectors to their SDCCH capacity for some period of time KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  11. Attack Characterization| Experimental Attack Characterization • Events Characterization • Deploy a detailed GSM simulator • Base scenario • Cellular deployment in the scale of metropolitan. i.e.,) Manhattan • 12 SDCCHs / each of 55 sectors • No pre-SDCCH queue • Assume a Poisson distribution for the arrival of text message KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  12. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Result and Discussion • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  13. Mitigation Technique(I)| Current Solution • Goal • Not only protect voice services from targeted SMS attacks,But also allow SMS service to continue. • Current Deployed Solution : Edge Solution • Rate-Limiting Solution • Restrict the amount of messages on each IP • Drawbacks : Spoof IP and Existence of Zombie network • Filter SMS traffic • Similar to SPAM filtering methodology • Drawback : An adversary can bypass by generating legitimate looking SMS traffic KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  14. Mitigation Technique(II)| Queue Management • Queue Management Technique(Network-based) • Weighted Fair Queuing(WFQ) • Fair Queuing(FQ) • Separate flows into individual queues and then apportions bandwidth equally between them(Round Robin) • Drawback : small time for packet to be transferred • Weighted Fair Queue(WFQ) in this paper • To solve FQ drawback, set priority to each flow. • Voice Call has higher priority compare to SMS • Install two queue on SDCCHs for Voice Call and SMS KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  15. Mitigation Technique(II)| Queue Management(cont.) • Weighted Random Early Detection(WRED) • Random Early Detection(RED) • Prevent queue lockout by dropping packets base on Qavg • Weighted Random Early Detection(WRED) • Determine the victims to be dropped base on packet’s priority KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  16. Mitigation Technique(III)| Resource Provisioning • Resource Provisioning(Air Interface) • Strict Resource Provisioning(SRP) • Some subset of SDCCH is only for Voice Call • Voice Call and SMS are shared other SDCCHs. • Dynamic Resource Provisioning(DRP) • If a small number of unused TCHs could be repurposed as SDCCHs,additional bandwidth could be provided to mitigate such attack. • Drawback : increase call blocking because of TCH exhaustion • Direct Channel Allocation(DCA) • The ideal means of eliminating the competition for resource- the separation of shared mechanism. • Separate SDCCHs to only Call setup and only SMS, strictly KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  17. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Result and Discussion • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  18. Simulation Result(I)| Queue Management Technique • WFQ vs. WRED KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  19. Simulation Result(II)| Queue Management Technique • SRP vs. DRP vs. DCA KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  20. Contents • Introduction • Related Work • System/Attack Characterization • Mitigation Technique • Current Solution • Queue Management • Resource Provisioning • Result and Discussion • Conclusion KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

  21. Conclusion • Vulnerability by SMS-based DOS over the phone Network • Adversaries with limited resources can cause call blocking probabilities(70%) – incapacitating a cellular network • This work provides some preliminary solutions and analysis for these vulnerabilities. • Queue Management Scheme • Resource Provisioning • Future works • Seek more general solution that address these vulnerabilities KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

More Related