Third Generation (3G) wireless networks based on the CDMA2000 and UMTS standards are now increasingly being deployed throughout the world. Because of their complex signaling and relatively limited bandwidth, these 3G networks are generally more vulnerable than their wireline counterparts, thus making them fertile ground for new attacks. In this paper, we identify and study a novel Denial of Service (DoS) attack, called signaling attack, that exploits the unique vulnerabilities of the signaling/control plane in 3G wireless networks. Using simulations driven by real traces, we are able to demonstrate the impact of a signaling attack. Specifically, we show how a well-timed low-volume signaling attack can potentially overload the control plane and detrimentally affect the key elements in a 3G wireless infrastructure. The low-volume nature of the signaling attack allows it to avoid detection by existing intrusion detection algorithms, which are often signature or volume-based. As a counter-measure, we present and evaluate an online early detection algorithm based on the statistical CUSUM method. Through the use of extensive trace-driven simulations, we demonstrate that the algorithm is robust and can identify an attack in its inception, before significant damage is done. Apart from 3G networks, we also show that many emerging wide-area networks such as 802.16/WiMax share the same vulnerability and our solution can also apply.Key words: 3G wireless, security, DoS attacks.Note: An earlier and shorter conference version of this paper appeared in IEEE INFOCOM '07 [19]. This paper additionally includes a discussion of the signaling attack in WiMax/802.16, provides evaluation on different dimensions of attacks, * Corresponding author: Patrick P. C. Lee.Email addresses: pclee@cs.columbia.edu (Patrick P. C. Lee), tbu@research.bell-labs.com (Tian Bu), woo@research.bell-labs.com (Thomas Woo)
Preprint submitted to Computer NetworksApril 27, 2009 and presents more rigorous arguments in some of our analysis.