Privacy in LTE networks

Rao, Siddharth Prakash; Kotte, Bhanu Teja; Holtmanns, Silke

doi:10.4108/eai.18-6-2016.2264393

Cited by 10 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, if the MAP-UPDATE-LOCATION message is abused, it targets all subscribers, so in this case, the attacker can intercept the victim's call and text or make the victim DoS state. Therefore, operators should prevent this problem in advance [10][11][12][13][14].…”

Section: Testing the Security Diagnostic Frameworkmentioning

confidence: 99%

How to diagnose SS7 Protocol Vulnerability in Roaming Networks

Seongmin Park

2023

ReBICTE

View full text Add to dashboard Cite

As cellular networks spread to various operators in various countries, access to roaming networks by operators in other countries has become easier than before. As security attacks pretending to be roaming operators increased as the number of security attacks increased as the number of hours that were closed between trusted operators was gradually operated openly. By analyzing SS7 vulnerabilities in roaming networks and reenacting them through simulation, this study establishes a security threat scenario in a real commercial communication environment and builds a pre-simulation test environment that can identify and respond to the presence or absence of proactive measures through security analysis. The simulation test environment can be applied to the actual operational environment to reduce attack damage through pre-defense measures by preparing countermeasures against possible security attacks.

show abstract

Section: Testing the Security Diagnostic Frameworkmentioning

confidence: 99%

How to diagnose SS7 Protocol Vulnerability in Roaming Networks

Seongmin Park

2023

ReBICTE

View full text Add to dashboard Cite

show abstract

“…It also proposes how essential security monitoring may be deployed to secure the SS7 network more effectively [2]. Exploiting MAP messages can lead to several security attacks and research done by Rao et al explains the methods relied upon to accomplish such attacks [11]. In another research, Rao et al demonstrate SS7 location tracking attacks exposing vulnerabilities linked to the network's entry points.…”

Section: How Vulnerable Is the Ss7 Network?mentioning

confidence: 99%

Implementation of a Malicious Traffic Filter Using Snort and Wireshark as a Proof of Concept to Enhance Mobile Network Security

Afzal¹,

Murugesan²

2022

JTIT

View full text Add to dashboard Cite

In the 1970s, roaming interconnections for cellular networks were designed for a few trusted parties. Hence, security was not a major concern. Today, the SS7 (Signaling System no. 7) solution that is several decades old is still used for many roaming interconnections. SS7 has been proven vulnerable to serious threats due to deregulation, expansion, and convergence with IP-based Long Term Evolution (LTE) networks. The limitations of the SS7 network that it is unable to check the subscriber’s authentic location, verify their identity and filter illegitimate messages, makes the system vulnerable to attacks. Adversaries taking advantage of these shortcomings can inflict threats such as interception of calls and text messages, subscriber tracking and denial of service attacks. Although LTE and Diameter signaling protocols promise enhanced security keeping up with the latest attack vectors, their inherent flaws related to roaming interconnections are still there and continue to make the networks vulnerable. Hence, a highly secure signaling network is required to protect the operators and the subscribers from a diverse range of security attacks. SS7 network protocol layers, such as signaling connection control part (SCCP), transaction capabilities application part (TCAP), and global system for mobile Communications – mobile application part (GSM MAP), manage connectivity between networks and subscribers. An analysis of the parameters of these layers may provide a clear insight into any anomalies present. Unfortunately, these parameters are not validated and verified at the network’s edge. The major contribution of this research is a methodology for detecting anomalies by checking malformed parameters and intra-layer parameter discrepancies at the abovementioned protocol layers. This paper provides an insight into the severity of SS7 network security vulnerabilities. Furthermore, it provides a proof of concept for the analysis of SS7 network traffic using the Wireshark packet capture tool and the Snort intrusion detection system (IDS) capable of detecting malicious traffic patterns.

show abstract

“…Additionally, an attacker can run a precise DoS attack against a distinct user by deleting subscriber data in the VLR [56]. Attacks that are possible due to the interworking function between Diameter and SS7 are discussed by Holtmanns et al [168] and Rao et al [169]. Even Diameter has been found vulnerable and allows to intercept text messages [170].…”

Section: Cause: Insecure Inter-network Protocolsmentioning

confidence: 99%

“…With the specification of Diameter in LTE, a more secure protocol is used for internetworking functions. However, even Diameter is not free of flaws [169], [170]. Additionally, the inter-working function between SS7 and Diameter still allows attacks via Diameter based on SS7 vulnerabilities, as long as not all the network providers migrate to Diameter.…”

Section: Cause: Insecure Inter-network Protocolsmentioning

confidence: 99%

On Security Research Towards Future Mobile Network Generations

Rupprecht

Dabrowski

Holz

et al. 2018

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks.Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users' privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.

show abstract

Privacy in LTE networks

Cited by 10 publications

References 0 publications

How to diagnose SS7 Protocol Vulnerability in Roaming Networks

How to diagnose SS7 Protocol Vulnerability in Roaming Networks

Implementation of a Malicious Traffic Filter Using Snort and Wireshark as a Proof of Concept to Enhance Mobile Network Security

On Security Research Towards Future Mobile Network Generations

Contact Info

Product

Resources

About