Real threats using GTP protocol and countermeasures on a 4G mobile grid computing environment

Abstract: Abstract:The number of mobile service users has drastically increased due to the development of mobile communication technologies and commercialisation of high-performance smartphones. As a result, the environment for mobile communication networks has changed into one that allows different types of abnormal traffic to easily flow, so the security threats on the network that had been hidden before have started to emerge. In particular, a 4G network is exposed to multiple forms of attacks that can maliciously us… Show more

“…When running Android debug bridge (ADB) command in Android terminal using a program called Packit, a packet is created, and when sending the packet to the IP band identified through Tracert in tethering status, the GTP-C packet is injected and transmitted to the mobile communication network. PGW checks this and sends echo response, where the attacker can identify that the source IP of that message is PGW IP [ 24 ].…”

“…The attacker can increase the terminal number in the create session request sequentially so that PGW allocates multiple IPs. If PGW allocates all of available IPs, create session requests from normal terminals would be rejected, and all of terminals accessing that core network could not communicate [ 24 ].…”

“…Additionally, SIP or MMS spoofing can be abused for voice phishing. When the “from” header that indicates the outgoing number in the SIP packet header is falsified, the incoming terminal displays that falsified number [ 24 , 27 ].…”

“…TC.C-UP1 EPC scanning [24] EPC equipment IP can be identified through the response message received after injecting GTP-C echo request into the user data and sending it to CN.…”

“…Targeted create session request [24] Causing DoS by newly allocating the victim's IP when injecting Create Session Request that contains the victim's NISIDN into the user data and transmitting the request.…”

5G Security Threat Assessment in Real Networks

“…When running Android debug bridge (ADB) command in Android terminal using a program called Packit, a packet is created, and when sending the packet to the IP band identified through Tracert in tethering status, the GTP-C packet is injected and transmitted to the mobile communication network. PGW checks this and sends echo response, where the attacker can identify that the source IP of that message is PGW IP [ 24 ].…”

“…The attacker can increase the terminal number in the create session request sequentially so that PGW allocates multiple IPs. If PGW allocates all of available IPs, create session requests from normal terminals would be rejected, and all of terminals accessing that core network could not communicate [ 24 ].…”

“…Additionally, SIP or MMS spoofing can be abused for voice phishing. When the “from” header that indicates the outgoing number in the SIP packet header is falsified, the incoming terminal displays that falsified number [ 24 , 27 ].…”

“…TC.C-UP1 EPC scanning [24] EPC equipment IP can be identified through the response message received after injecting GTP-C echo request into the user data and sending it to CN.…”

“…Targeted create session request [24] Causing DoS by newly allocating the victim's IP when injecting Create Session Request that contains the victim's NISIDN into the user data and transmitting the request.…”

5G Security Threat Assessment in Real Networks

Vestiges of Past Generation: Threats to 5G Core Network

Building and Utilizing Small-Scale Testbed for Research on 5G SA Network-Related Security Vulnerabilities