Mobile Subscriber Profile DataPrivacy Breach via 4GDiameter Interconnection

Holtmanns, Silke; Oliver, Ian; Miché, Yoan

doi:10.13052/jicts2245-800x.634

Cited by 2 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, Holtmann et al [30] have articulated different attacks on interworking function (IWF) between diameter and SS7 networks for LTE. Sharma et al [18] and Holtmann et al [30] have exposed the susceptibilities of the SS7 network and proposed some protection techniques such as the use of closed subscriber group in case of dealing with roaming scenarios or validate the authenticity of the incoming message requests, as protection measures to be implemented by GSMA (Global System for Mobile Communications) but no proof of concept is given. However, the approaches described above remain ineffective, owing to numerous inadequacies such as lack of detection mechanisms without maintaining user states and optimal accuracy and false-positive rates.…”

Section: Machine Learning and Secure Signalling Networkmentioning

confidence: 99%

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Afzal¹,

Murugesan²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

The global Signalling System No. 7 (SS7) network protocol standard has been developed and regulated based only on trusted partner networks. The SS7 network protocol by design neither secures the communication channel nor verifies the entire network peers. The SS7 network protocol used in telecommunications has deficiencies that include verification of actual subscribers, precise location, subscriber's belonging to a network, absence of illegitimate message filtering mechanism, and configuration deficiencies in home routing networks. Attackers can take advantage of these deficiencies and exploit them to impose threats such as subscriber or network data disclosure, intercept mobile traffic, perform account frauds, track subscriber location, and deny services. Existing methods are unable to identify suspicious hosts as they use a minimal number of network parameters. So, there is a vital need to overcome these deficiencies to detect the abnormal behaviour of users and hence mitigate security attacks in a mobile network. This research proposes a model for anomaly detection in mobile networks based on Rule-based filtering with stateful correlation. The performance of the proposed method is evaluated using synthetic datasets. Results show that the proposed anomaly detection model performs 0.37% better in terms of security attack detection rate, 24.25% better in terms of false alarm rate, and 31.45% better in terms of true positive rate when compared with the existing pattern recognition Artificial Neural Network (ANN) algorithm.

show abstract

Section: Machine Learning and Secure Signalling Networkmentioning

confidence: 99%

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Afzal¹,

Murugesan²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…Holtmanns demonstrates that SS7 vulnerabilities endanger LTE users as well as GSM/UMTS subscribers. Because of their internet-working capabilities, the attacker can monitor LTE subscribers through the Diameter protocol, taking advantage of SS7 vulnerabilities [9]. In [10], Jensen gave a summary of SS7 attacks, including a section on entry points to the SS7 core network.…”

Section: How Vulnerable Is the Ss7 Network?mentioning

confidence: 99%

Implementation of a Malicious Traffic Filter Using Snort and Wireshark as a Proof of Concept to Enhance Mobile Network Security

Afzal¹,

Murugesan²

2022

JTIT

View full text Add to dashboard Cite

In the 1970s, roaming interconnections for cellular networks were designed for a few trusted parties. Hence, security was not a major concern. Today, the SS7 (Signaling System no. 7) solution that is several decades old is still used for many roaming interconnections. SS7 has been proven vulnerable to serious threats due to deregulation, expansion, and convergence with IP-based Long Term Evolution (LTE) networks. The limitations of the SS7 network that it is unable to check the subscriber’s authentic location, verify their identity and filter illegitimate messages, makes the system vulnerable to attacks. Adversaries taking advantage of these shortcomings can inflict threats such as interception of calls and text messages, subscriber tracking and denial of service attacks. Although LTE and Diameter signaling protocols promise enhanced security keeping up with the latest attack vectors, their inherent flaws related to roaming interconnections are still there and continue to make the networks vulnerable. Hence, a highly secure signaling network is required to protect the operators and the subscribers from a diverse range of security attacks. SS7 network protocol layers, such as signaling connection control part (SCCP), transaction capabilities application part (TCAP), and global system for mobile Communications – mobile application part (GSM MAP), manage connectivity between networks and subscribers. An analysis of the parameters of these layers may provide a clear insight into any anomalies present. Unfortunately, these parameters are not validated and verified at the network’s edge. The major contribution of this research is a methodology for detecting anomalies by checking malformed parameters and intra-layer parameter discrepancies at the abovementioned protocol layers. This paper provides an insight into the severity of SS7 network security vulnerabilities. Furthermore, it provides a proof of concept for the analysis of SS7 network traffic using the Wireshark packet capture tool and the Snort intrusion detection system (IDS) capable of detecting malicious traffic patterns.

show abstract

Mobile Subscriber Profile DataPrivacy Breach via 4GDiameter Interconnection

Cited by 2 publications

References 6 publications

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Implementation of a Malicious Traffic Filter Using Snort and Wireshark as a Proof of Concept to Enhance Mobile Network Security

Contact Info

Product

Resources

About