PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS

Mobile networks are vulnerable to signalling attacks and storms caused by trac that overloads the control plane through excessive signalling, which can be introduced via malware and mobile botnets. With the advent of machine- to-machine (M2M) communications over mobile networks, the potential for signalling storms increases due to the nor- mally periodic nature of M2M trac and the sheer number of communicating nodes. Several mobile network operators have also experienced signalling storms due to poorly de- signed applications that result in service outage. The radio resource control (RRC) protocol is particularly susceptible to such attacks, motivating this work within the EU FP7 NEMESYS project which presents simulations that clarify the temporal dynamics of user behavior and signalling, al- lowing us to suggest how such attacks can be detected and mitigated.

2016 International Conference on Computing, Networking and Communications (ICNC), 2016

Mobile Networks are subject to "signaling storms" launched by malware or apps, which overload the the bandwidth at the cell, the backbones signaling servers, and Cloud servers, and may also deplete the battery power of mobile devices. This paper reviews the subject and discusses a novel technique to detect and mitigate such signaling storms. Through a mathematical analysis we introduce a technique based on tracking time-out transitions in the signaling system that can substantially reduce both the number of attacked mobiles and the signaling overload in the backbone.

IEEE Transactions on Emerging Topics in Computing, 2015

Mobile networks are vulnerable to signalling attacks and storms that are caused by traffic patterns that overload the control plane, and differ from distributed denial of service (DDoS) attacks in the Internet since they directly affect the control plane, and also reserve wireless bandwidth and network resources without actually using them. Such storms can result from malware and mobile botnets, as well as from poorly designed applications, and can cause service outages in 3G and 4G networks which have been experienced by mobile operators. Since the radio resource control (RRC) protocol in 3G and 4G networks is particularly susceptible to such storms, we analyze their effect with a mathematical model that helps to predict the congestion that is caused by a storm. A detailed simulation model of a mobile network is used to better understand the temporal dynamics of user behavior and signalling in the network and to show how RRC-based signalling attacks and storms cause significant problems in both the control and user planes of the network. Our analysis also serves to identify how storms can be detected, and to propose how system parameters can be chosen to mitigate their effect.

The increase of the number of smart devices using mobile networks' services is followed by the increase of the number of security threats for mobile devices, generating new challenges for mobile network operators. Signaling attacks and storms represent an emerging type of distributed denial of service (DDoS) attacks and happen because of special malware installed on smart devices. These attacks are performed in the control plane of the network, rather than the data plane, and their goal is to overload the signaling servers which leads to service degradation and even network failures. This paper proposes a detection and mitigation mechanism of such attacks which is based on counting repetitive bandwidth allocations by mobile terminals and blocking the misbehaving ones. The mechanism is implemented in our simulation environment for security in mobile networks SECSIM. The detector is evaluated calculating the probabilities of false positive and false negative detection and is characterised by very low negative impact on un-attacked terminals. Simulation results using joint work of both detector and mitigator, are shown for: the number of allowed attacking bandwidth allocations, end-to-end delay for normal users, wasted bandwidth and load on the signaling server. Results suggest that for some particular settings of the mechanism, the impact of the attack is successfully lowered, keeping the network in stable condition and protecting the normal users from service degradations.

Mobile Networks are subject to signaling storms launched by misbehaving applications or malware, which result in bandwidth overload at the cell level and excessive signaling within the mobile operator, and may also deplete the battery power of mobile devices. This paper reviews the causes of signaling storms and proposes a novel technique for storm detection and mitigation. The approach is based on counting the number of successive signaling transitions that do not utilize allocated bandwidth, and temporarily blocking mobile devices that exceed a certain threshold to avoid overloading the network. Through a mathematical analysis, we derive the optimum value of the counter's threshold, which minimizes both the number of misbehaving mobiles and the signal-ing overload in the network. Simulation results are provided to illustrate the effectiveness of the proposed scheme.

IEEE Access, 2016

Since the 1G of mobile technology, mobile wireless communication systems have continued to evolve, bringing into the network architecture new interfaces and protocols, as well as unified services, high data capacity of data transmission, and packet-based transmission (4G). This evolution has also introduced new vulnerabilities and threats, which can be used to launch attacks on different network components, such as the access network and the core network. These drawbacks stand as a major concern for the security and the performance of mobile networks, since various types of attacks can take down the whole network and cause a denial of service, or perform malicious activities. In this survey, we review the main security issues in the access and core network (vulnerabilities and threats) and provide a classification and categorization of attacks in mobile network. In addition, we analyze major attacks on 4G mobile networks and corresponding countermeasures and current mitigation solutions, discuss limits of current solutions, and highlight open research areas.

Proceedings of the 10th ACM international symposium on Mobility management and wireless access - MobiWac '12, 2012

Long Term Evolution (LTE) is seen as the key enabler for delivering the fourth generation of mobile broadband and is the first cellular network primarily designed based on IP. Thus, telecom operators must support the diverse IP-based mobile applications and all the overhead associated with such applications which is mainly in the a result of the increased signaling traffic. By taking advantage of the signaling overhead, a malicious user can cause severe overload on the operator's infrastructure denying legitimate users from accessing the network. This work presents a study of a denial of service (DoS) oriented signaling attack against LTE networks that takes advantage of the signaling overhead required to set up dedicated radio bearers. The attack scenario is simulated in OPNET, and the signaling traces are analyzed. Results show that a well-coordinated attack creates significant stress on the operator's resources and inhibits legitimate subscribers from obtaining proper services. Then, a detection mechanism that can be used to thwart such attacks is proposed.

Signaling storms are becoming prevalent in mobile networks due to the proliferation of smartphone applications and new network uses, such as machine-to-machine communication, which are designed without due consideration to the signaling overheads associated with the de/allocation of radio resources to User Equipment (UE). In this work, we conduct a set of experiments on a 3G operational mobile network to validate previous claims in literature that it is possible to significantly change the signaling behavior of a normal UE so that the UE has an adverse impact on the mobile network. Our early results show that it is possible to increase by 0.330 signaling messages/s the signaling rate of a normal 3G UE loaded with popular applications when it is not in active use by the owner. In addition, we explore the different factors which can either increase or decrease the effectiveness of signaling attacks on mobile networks.

Wireless and Mobile Network Security, 2009

With the increase in popularity of mobile phones over landlines, the mobile telecommunication network has now become the primary source of communication for not only business and pleasure, but also for the many life and mission critical services such as E-911. These networks have become highly attractive targets to adversaries due to their heavy usage and their numerous vulnerabilities that may be easily exploited to cause major network outages.

Journal of ICT Standardization

Mobile communication systems are ubiquitous nowadays. The main requirements of these networks are privacy and security of the subscriber as well as a high performance. To provide these properties the 3GPP (Third Generation Partnership Project) developed the LTE (Long Term Evolution) mobile communication network which is deployed worldwide. In this paper, we give a brief overview of the LTE Network Architecture as well as a look on the security mechanism as defined by 3GPP. We describe the security architecture and discuss possible threats and attacks on the core and on the access network. Due to these possible attacks we developed a program which is able to extract certain security relevant information out of the message flow in real time and to detect a possible attach flood attack. Finally, we validate the function of the program with three test cases and discuss the impact of such flood attacks on the LTE network and other future work to extend it to other protocol exchanges.