Patrick Traynor
William Enck
ABSTRACT
The transformation of telecommunications networks from homogeneous closed systems providing only voice services to Internet-connected open networks that provide voice and data services presents significant security challenges. For example, recent research illustrated that a carefully crafted DoS attack via text messaging could incapacitate all voice communications in a metropolitan area with little more than a cable modem. This attack highlights a growing threat to these systems; namely, cellular networks are increasingly exposed to adversaries both in and outside the network. In this paper, we use a combination of modeling and simulation to demonstrate the feasibility of targeted text messaging attacks. Under realistic network conditions, we show that adversaries can achieve blocking rates of more than 70% with only limited resources. We then develop and characterize five techniques from within two broad classes of countermeasures - queue management and resource provisioning. Our analysis demonstrates that these techniques can eliminate or extensively mitigate even the most intense targeted text messaging attacks. We conclude by considering the tradeoffs inherent to the application of these techniques in current and next generation telecommunications networks.
- The National Strategy to Secure Cyberspace. http://www.us-cert.gov/reading room/cyberspace strategy.pdf, February 2003.]]Google Scholar
- Young prefer texting to calls'. http://news.bbc.co.uk/2/hi/business/2985072.stm, June 2003.]]Google Scholar
- 3rd Generation Partnership Project. Physical layer on the radio path; General description. Technical Report 3GPP TS 04.18 v8.26.0.]]Google Scholar
- 3rd Generation Partnership Project. Physical layer on the radio path; General description. Technical Report 3GPP TS 05.01 v8.9.0.]]Google Scholar
- A. Acampora and M. Naghshineh. Control and Quality-of-Service Provisioning in High- Speed Microcellular Networks. IEEE Personal Communications, 1(2):36--43, 1994.]]Google ScholarCross Ref
- S. Berinato. Online Extortion - How a Bookmaker and a Whiz Kid Took On an Extortionist and Won. CSO Online, May 2005.]]Google Scholar
- B. Branden, D. Clark, J. Crowcroft, B. Davie, S. Deering, D. Estrin, S. Floyd, V. Jacobson, G. Minshall, C. Partridge, L. Peterson, K. Ramakrishnan, S. Shenker, J. Wroclawski, and L. Zhang. RFC 2309 - Recommendations on Queue Management and congestion Avoidance in the Internet. rfc2309.txt, 1998.]] Google ScholarDigital Library
- S. Byers, A. Rubin, and D. Kormann. Defending Against an Internet-based Attack on the Physical World. ACM Transactions on Internet Technology (TOIT), 4(3):239--254, August 2004.]] Google ScholarDigital Library
- A. Demers, S. Keshav, and S. Shenker. Analysis and Simulation of a Fair Queueing Algorithm. In Proceedings of ACM SIGCOMM, pages 3--12, 1989.]] Google ScholarDigital Library
- L. Dryburgh and J. Hewett. Signaling System No. 7: The Role of SS7. http://www.ciscopress.com/articles/article.asp?p= 330805&rl=1, 2004.]]Google Scholar
- C. M. Ellison and B. Schneier. Ten Risks of PKI: What You're Not Being Told About Public-Key Infrastructure. Computer Security Journal, 16(1):1--7, 1999.]]Google Scholar
- W. Enck, P. Traynor, T. F. La Porta, and P. McDaniel. Exploiting Open Functionality in SMS-Capable Cellular Networks. In Proceedings of the ACM Conference on Computer and Communication Security (CCS), November 2005.]] Google ScholarDigital Library
- S. Floyd and V. Jacobson. Random Early Detection Gateways for Congestion Avoidance. IEEE/ACMTransactions on Networking, 1(4):397--413, August 1993.]] Google ScholarDigital Library
- C. Haney. NAI is latest DoS victim. http://security.itworld.com/4339/NWW116617 02-05-2001/page 1.html, February 5 2001.]]Google Scholar
- J. Hedden. Math::Random::MT::Auto - Auto-seeded Mersenne Twister PRNGs. http://search.cpan.org/.jdhedden/Math-Random-MT-Auto-5.01/lib/Math/Random/MT/Auto.pm. Version 5.01.]]Google Scholar
- J. Ioannidis and S. Bellovin. Implementing Pushback: Router-Based Defense Against DDoS Attacks. In Proceedings of Network and Distributed System Security Symposium (NDSS), February 2002.]]Google Scholar
- R. Jain. Myths about congestion management in high speed networks. Internetworking: Research and Experience, 3:101--113, 1992.]]Google Scholar
- G. Kunene. Perimeter Security Ain't What It Used to Be, Experts Say. DevX.com, 2004.]]Google Scholar
- Lucent Technologies. 5ESS(R) 2000 - Switch Mobile Switching Centre (MSC) for Service Providers. http://www.lucent.com/products/solution/0,,CTID+2019-STID+10048-SOID+824-LOCL+1,00.html, 2006.]]Google Scholar
- C. Luders and R. Haferbeck. The Performance of the GSM Random Access Procedure. In Vehicular Technology Conference, pages 1165--1169, June 1994.]]Google Scholar
- K. Maney. Surge in text messaging makes cell operators :-). July 27 2005.]]Google Scholar
- Mike Grenville. Operators: Celebration Messages Overload SMS Network. http://www.160characters.org/news.php?action=view&nid=819, November 2003.]]Google Scholar
- J. Mirkovic and P. Reiher. A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39--53, 2004.]] Google ScholarDigital Library
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the Slammer Worm. IEEE Security and Privacy, 1(4), July 2003.]] Google ScholarDigital Library
- Motorola Corporation. Motorola GSM Solutions. www.motorola.com/networkoperators/pdfs/GSM-Solutions.pdf, 2006.]]Google Scholar
- J. B. Nagle. On Packet Switches with Infinite Storage. IEEE Transactions on Communications, COM-35(4), April 1987.]]Google ScholarCross Ref
- National Communications System. SMS over SS7. Technical Report Technical Information Bulletin 03-2 (NCS TIB 03-2), December 2003.]]Google Scholar
- Nyquetek, Inc. Wireless Priority Service for National Security. http://wireless.fcc.gov/releases/da051650PublicUse.pdf, 2002.]]Google Scholar
- R. Ramjee, R. Nagarajan, and D. F. Towsley. On optimal call admission control in cellular networks. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM), pages 43--50, 1996.]]Google ScholarCross Ref
- R. F. Rey, editor. Engineering and Operations in the Bell System.Bell Telephone Laboratories, INC, second edition, 1984.]]Google Scholar
- M. Richtel. Yahoo Attributes a Lengthy Service Failure to an Attack. The New York Times, February 8 2000.]]Google Scholar
- Roam Secure. 17 Counties & Cities in Washington, DC Region deploy Roam Secure Alert Network. http://www.roamsecure.net/story.php?news id=52, September 2005.]]Google Scholar
- P. Roberts. Al-Jazeera Sites Hit With Denial-of-Service Attacks. PCWorld Magazine, March 26 2003.]]Google Scholar
- S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical network support for IP traceback. In Proceedings of ACM SIGCOMM, pages 295--306, October 2000.]] Google ScholarDigital Library
- M. Schwartz. . In Telecommunication Networks - Protocols, Modeling and Analysis. Addison-Wesley Publishing Company, 1987.]] Google ScholarDigital Library
- Tamara Neale. VDOT LAUNCHES NEW 511 EMAIL ALERT SERVICE. http://www.virginiadot.org/infoservice/news/newsrelease.asp?D=CO-511-06, February 2006.]]Google Scholar
- B. Waters, A. Juels, J. Halderman, and E. Felten. New client puzzle outsourcing techniques for DoS resistance. In Proceedings of ACM CCS'04, pages 246--256, 2004.]] Google ScholarDigital Library
Index Terms
- Mitigating attacks on open functionality in SMS-capable cellular networks
Recommendations
New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecuritySMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the ...
Exploiting open functionality in SMS-capable cellular networks
CCS '05: Proceedings of the 12th ACM conference on Computer and communications securityCellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the ...
Exploiting open functionality in SMS-capable cellular networks
Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the ...
Comments