210 likes | 426 Views
Security and Privacy in Next Generation Mobile Networks. Long Term Evolution and Femtocells. By Igor Bilogrevic, LCA1 Supervisor: Jean-Pierre Hubaux. Mini-Project Security and Cooperation in Wireless Networks | EPFL January 19, 2010. Why Next Generation Networks ?.
E N D
Security and Privacy in Next Generation Mobile Networks Long Term Evolution and Femtocells By Igor Bilogrevic, LCA1 Supervisor: Jean-Pierre Hubaux Mini-Project Security and Cooperation in Wireless Networks | EPFL January 19, 2010
Why Next Generation Networks ? • Higher data-rate demands • Smartphones, laptops with 3G modems, multimedia apps • Origin of mobile network traffic* • Weak indoor coverage * Presentations by ABI Research, Picochip, Airvana, IP.access, Gartner, Telefonica Espana, 2nd Int’l. Conf. Home Access Points and Femtocells; http://www.avrenevents.com/dallasfemto2007/purchase_presentations.htm Security and Privacy in Next Generation Mobile Networks
Femtocells • Home base stations for mobile networks • Licensed spectrum • Low-power, low-range • At user’s premises • Operated by cell. provider • Cellular access throughfixed broadband connection (ADSL,…) • Why femtocells? • Better throughput, coverage, lower prices for users • Unload wide area cellular networks, reduce op. costs Security and Privacy in Next Generation Mobile Networks
ProblemStatement • New mobile network architecture • Long Term Evolution is All-IP (EPS) • Untrusted connection: cell site operator • User-installed but operator controlled equipment • Challenges • Contributions Context-aware, user-triggeredtemporary ID change DDoS protection offer/demand model betweenISPs and mobile operators Security and Privacy in Next Generation Mobile Networks
Outline • Related Work • Identity and Location Privacy • Context-aware, user-triggered ID change • Distributed Denial of Service (DDoS) Protection • Location-aware DDoS defense for femtocell networks • Conclusion and Future Work Security and Privacy in Next Generation Mobile Networks
1. RelatedWork • Privacy in cellular networks • Subscriber de-anonymization using GSM location traces [DeMulderDBP2008] • Privacy-preserving 3-way authentication protocol (PP3WAKA) [KoeinO2006] • Mobile device – serving network – home network • Security in the core network • Nobody talks about it • Economics of DDoS attacks on femtocell gateways [SeguraL2009] • Criminal organizations queried for costs of bandwidth attacks Security and Privacy in Next Generation Mobile Networks
2. Identity and Location Privacy • Currently in UMTS/LTE • Each device is assigned a temporary identifier • Operator decides when to renew it (one each 100 cells) Pseudo B Pseudo A Pseudo A Pseudo C Pseudo D Pseudo A Pseudo A Security and Privacy in Next Generation Mobile Networks
2. Identity and Location Privacy • Substantial research in mobile/vehicular ad hoc networks • Temporary identifiers (pseudonyms) • Mix zones [FreudigerSH2009] • Idea for cellular networks • Context-aware, device-triggeredtemporary ID change but • Challenges • Standards • Implementation Security and Privacy in Next Generation Mobile Networks
3. DDoS Protection Attacker • Intuition • Use femtocell location to enhance protection • Only « insiders » allowed to connect • Model • Interaction ISPs– mobile op • ISPs offer protection, can collaborate • Mobile operator chooses to be protected or not • Each entity wants to maximize individual benefits X Femto GW X « Game Theory … whatelse ? » X Security and Privacy in Next Generation Mobile Networks
3. DDoS Protection • Game Theory • Stackelberggame • Complete information • Players • Mob. Op leader, plays first • ISPs followers, know the leader’sstrategy, one-shotgame • Strategies • Mob. Op. {Protected, Vulnerable} = {P, V} • ISPs {Alone, Cooperate, Nothing} = {A, C, N} Security and Privacy in Next Generation Mobile Networks
3. DDoS Protection • Payoffs , , “ , , , , Security and Privacy in Next Generation Mobile Networks
3. DDoS Protection • Results • Mobile operator • ISP j Security and Privacy in Next Generation Mobile Networks
3. DDoS Protection • Numerical evaluation • 2 games • 1 mobile operator, 2 ISPs = 0.5 = 0.9 Nash equilibriumis (Alone, Nothing) Nash equilibriumis (Alone, Alone) ? Security and Privacy in Next Generation Mobile Networks
4. Conclusion • Security and privacy are still an issue • LTE has shortcomings even before its debut • All-IP is more efficient but more exposed to attacks • Contributions • Identified privacy and security challenges in LTE • Suggested context-aware, user-triggered temporary ID change inspired by MANET research • Modeled and numerically evaluated DDoS defense dynamics between ISPs and mobile network operators Security and Privacy in Next Generation Mobile Networks
4. Future Work • Privacy • Feasibility study of proposed idea • Implementation on mobile devices (N900 ?) • How easy is it to get cell ID on mobile phone? P2P communication? How to trigger core network action? • DDoS Security • Improve flaws of current model • Refine payoff functions, system parameters, effectiveness of ISPs if not exclusive provider Security and Privacy in Next Generation Mobile Networks
References • [DeMulderDBP2008] Y. De Mulder, G. Danezis, L. Batina, and B. Preneel, “Identification via location-profiling in GSM networks,” in Proceedings of the 7th ACM workshop on Privacy in the electronic society. ACM New York, NY, USA, 2008, pp. 23–32. • [FreudigerSH2009] J. Freudiger, R. Shokri, and J.-P. Hubaux, “On the optimal placement of mix zones,” in The 9th Privacy Enhancing Technologies Symposium. Springer, 2009. • [KoeinO2006] G. Koien and V. Oleshchuk, “Location Privacy for Cellular Systems; Analysis and Solution,” Lecture Notes in Computer Science, vol. 3856, p. 40, 2006. • [SeguraL2009] V. Segura and J. Lahuerta, “Modeling the economic incentives of DDoS Attacks: femtocell case study,” The Eighth Workshop on the Economics of Information Security (WEIS 2009), 2009. Security and Privacy in Next Generation Mobile Networks
Backup Slides Security and Privacy in Next Generation Mobile Networks
Network Architectures • 3G: UMTS vs LTE Security and Privacy in Next Generation Mobile Networks
Security and Privacy Challenges • New threats • Attacks on femtocells • Attacks on backhaul and core network (IPsec tunnel) Source: www.SafeNet-Inc.com Security and Privacy in Next Generation Cellular Networks
Location and Identity Privacy • UMTS and LTE identity management • Temporary identifiers (“pseudonyms”) LA 0 Pseudo A LA 1 Pseudo B LA 3 Pseudo D LA 2 Pseudo C Security and Privacy in Next Generation Cellular Networks