Diameter Security: An Auditor's Viewpoint

Mashukov, Sergey

doi:10.13052/jicts2245-800x.513

Cited by 4 publications

(4 citation statements)

References 2 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Location tracking [20] • Denial of Service [21] • SMS interception [22] There is a constant evolution and fine tuning of those attacks ongoing e.g. in [28] and [29] many of the above attacks were refined and the Insert Subscriber Data command features exploited to modify and extract data. This article can be seen in the spirit of the further refinements and extensions of those attacks, where we will work out the details of [29].…”

Section: Recent Security Research Resultsmentioning

confidence: 99%

“…Many of those items can be used for DoS against the user, basically changing the settings to something strange, so that the user would not have a properly working access. Since a simple DoS is possible using a Purge or Cancel Location message [21] or [28], we assume that the attacker had a more sophisticated attack in mind like changing the profile to obtain some fraud or similar things. The following items could be interesting for an attacker to modify.…”

Section: Subscriber Profilementioning

confidence: 99%

See 1 more Smart Citation

Mobile Subscriber Profile DataPrivacy Breach via 4GDiameter Interconnection

Holtmanns

Oliver

Miché

2018

JICTS

View full text Add to dashboard Cite

The interconnection network (IPX) connects telecommunication networks with each other on the globe. The IPX network enables features like voice and data roaming with your mobile device while traveling. Designed as a closed network it is now opening and unauthorized entities now misuse the IPX network for their purposes. The majority of the IPX still runs the Signalling System No 7 (SS7) protocol stack, while the more technically advanced operators roll out and deploy Diameter based LTE roaming. SS7 is known to suffer from many attacks. The first attacks using the Diameter protocol appeared. We will show how an attacker can breach the subscriber's privacy by deducting the subscriber profile from the Home Subscriber Service (HSS) and use the obtained information. The subscriber profile contains all key information related to the users'subscription e.g. location, billing information, MSISDN etc. We will close with a recommendation how to prevent such an attack.

show abstract

Section: Recent Security Research Resultsmentioning

confidence: 99%

Section: Subscriber Profilementioning

confidence: 99%

Mobile Subscriber Profile DataPrivacy Breach via 4GDiameter Interconnection

Holtmanns

Oliver

Miché

2018

JICTS

View full text Add to dashboard Cite

show abstract

“…Diameter protocol, the successor of SS7 for interconnection in LTE networks, o ers be er security features than SS7. Despite that, many a acks that rely on SS7 can also be replicated using Diameter, e.g., due to improper deployment of the security features [104,122,138]. Also, SS7-based a acks can be translated into Diameter a acks using GSM-to-LTE inter-working functions [80] even if the adversary has limited knowledge of LTE networks.…”

Section: Security Audit Camouflagementioning

confidence: 99%

“…Despite the odds, mobile communication systems have undergone a fair amount of scrutiny from the security research community. For example, internal components of a mobile device [71,74,101], radio communication between the phone and the cell towers [37,162], and mobile core network protocols [55,80,122] have been tested for security-critical issues. All these isolated research e orts are sca ered across underlying protocols and technologies, and, it has resulted in an obscure and complex view of mobile communication security.…”

Section: Introductionmentioning

confidence: 99%

Threat modeling framework for mobile communication systems

Rao¹,

Holtmanns²,

Aura³

2020

Preprint

View full text Add to dashboard Cite

Due to the complex nature of mobile communication systems, most of the security e orts in its domain are isolated and sca ered across underlying technologies. is has resulted in an obscure view of the overall security. In this work, we a empt to x this problem by proposing a domain-speci c threat modeling framework. By gleaning from a diverse and large body of security literature, we systematically organize the a acks on mobile communications into various tactics and techniques. Our framework is designed to model adversarial behavior in terms of its a ack phases and to be used as a common taxonomy matrix. We also provide concrete examples of using the framework for modeling the a acks individually and comparing them with similar ones. CCS CONCEPTS•Security and privacy → Security requirements; Mobile and wireless security; •Networks → Mobile networks;

show abstract