1 / 14

On Cellular Botnets : Measuring the Impact of Malicious Devices on a Cellular Network Core

On Cellular Botnets : Measuring the Impact of Malicious Devices on a Cellular Network Core. Patrick Traynor , Michael Lin, Machigar Ongtang , Vikhyath Rao , Trent Jaeger, Patrick McDaniel, and Thomas La Porta. Overview. Objectives Cellular Networks Describing the Attack

shalin
Télécharger la présentation

On Cellular Botnets : Measuring the Impact of Malicious Devices on a Cellular Network Core

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Traynor, Michael Lin, MachigarOngtang, VikhyathRao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta

  2. Overview Objectives Cellular Networks Describing the Attack Quantifying the Attack Mitigating the Attack Conclusions

  3. Objectives Characterize an attack on cellular network core Test the attack Optimize it Propose defenses

  4. Background • Cellular networks have • Home Location Register (HLR) • Mobile Switching Centers (MSC) • Visiting Location Register (VLR) • Serving GPRS Support Node (SGSN) • Base Station Subsystem (BSS)

  5. Attack Characteristics • DDoS using a cellular botnet • Target part that will cause most disruption • HLR is necessary for most actions • Authentication • Phone calls • Text messages • Billing • Etc. • HLR most effective target

  6. Attack Characteristics Only ‘legitimate’ transactions reach HLR

  7. Attack Characteristics • Write transactions use more HLR resources per transaction than reads • Which one the best? • Update Location utilizes caching • Update Subscriber Data averages 2.5 seconds • Insert Call Forwarding averages 2.7 seconds • Delete Call Forwarding averages 2.5 seconds • Insert/Delete Call Forwarding must alternate • Best to use combination of Insert and Delete Call Forwarding

  8. Some Graphs

  9. Some More Graphs

  10. Attack Considerations • Why most resource usage per message? • Why not just send more messages? • When sending that many messages, will clog up communications channels and never reach HLR • Deny service for base station, not whole network • Need to distribute attack across multiple base stations

  11. Attack Numbers Testbed system dropped 93% of traffic under a simulated call-forwarding attack with 5000 messages/sec Need to be distributed evenly across 21 base stations to not DDoS the random access channel before getting to HLR Need 375 base stations to not DDoS control channels

  12. Command and Control • Tried and true (Internet coordination) • Easy to identify/snoop • Clogs communication channels • Local Wireless Coordination • Short range • Indirect Local Coordination • Using exponential backoff?

  13. Mitigation • Filtering • Can be aggressive because call forwarding is not critical • What if call forwarding is not the transaction used? • Shedding • How to deploy effective rules during an attack? • Make phone security better

  14. Conclusions Cellular network are vulnerable to DDoS attacks Single points of failure are bad Botnet must be fairly sophisticated Is there a way to distribute HLR data?

More Related