Security Techniques for Beyond 3G Wireless Mobile Networks
Udaya Tupakula
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless networks. In this paper, we propose a security architecture for counteracting denial of service attacks in Beyond 3G (B3G) network architecture with mobile nodes. We describe the system architecture and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. Our proposed solution takes into account practical issues such as limited resources of the mobile nodes. It has distinct advantages such as monitoring of the traffic to the victim node and the attack traffic being dropped before reaching the victim; the ability to traceback the attacking node and prevent the attack at the home agent or foreign agent that is closer to the attacking node; and the ability to deal with dynamic changes in attack traffic patterns. We also present an analysis of our proposed architecture as well as simulation results.
Related papers
Securing wireless mobile nodes from distributed denial-of-service attacks
The current mobile devices have become smart and are increasingly being used for conducting business and personal activities. Also, there is increasing number of attacks targeting such mobile devices. The term mobile botnet refers to group of mobile devices that are compromised and controlled by the attacker that can be used for generating distributed denial-of-service attacks. The security protocols that have been proposed for wireless and mobile networks have several weaknesses that can be exploited by the attacker to obtain unauthorized access and generate attacks. Also, there is growing number of malicious applications that are aimed to compromise smartphones and using them for generating different types of attacks. In this paper, we propose techniques to counteract distributed denial-of-service attacks on wireless mobile devices. We describe the operation and architectural components of our model. We will show that our model is able to efficiently deal with the attacks by dropping the attack traffic before it targets the victim mobile node, can prevent the attack traffic at the upstream nodes, and also deal with the attack cases that involve mobility of the attacking and victim nodes.
Framework for defending against denial of service attacks in wireless networks
International conference on Wireless Communication and Sensor Networks, 2006
Wireless mobile nodes have extremely limited resources and are easily vulnerable to Denial of Service (DoS) attacks. The traditional techniques that can detect or prevent DoS attacks in wired networks often require considerable resources such as processing power, memory, and storage space. Hence, it is not possible to deploy the traditional techniques on the wireless nodes. In this paper, we identify the requirements and challenges that are to be addressed in order to efficiently deal with DoS attacks on wireless nodes. Then we consider a general architecture for different types of wireless networks and propose a framework to counteract DoS attacks in the general architecture. We will also present the simulation results of our approach and directions for the future work.
Mitigating denial of service threats in GSM networks
First International Conference on Availability, Reliability and Security (ARES'06), 2006
Mobile networks not only provide great benefits to their users but they also introduce inherent security issues. With respect to security, the emerging risks of denial of service (DOS) attacks will evolve into a critical danger as the availability of mobile networks becomes more and more important for the modern information society. This paper outlines a critical flaw in GSM networks which opens the avenue for distributed denial of service attacks. We propose a way to mitigate the attacks by adding minimal authentication to the GSM channel assignment protocol.
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
The advent of mobile smart phones has led to a surge in numerous applications with a lot of network traffic. This in turn leads to signal storm attacks from malicious users, who disrupt the system by creating signaling storms. Malware attacks are quickly becoming a major security concern due to the advent of smart mobile devices and the increasing capacity and use of mobile networks for Internet access. The increasing number of host mobile malware adds to the problem. The infected devices cause a cascading effect creating signaling and network disruptions both deliberately and also due to malicious attacks. A signaling storm is one where the users are denied service by making huge attacks on the resources of the system either directly or indirectly taking control of other nodes in the network and sending huge amounts of request signals. This causes flooding, identity problems, injection attacks etc. The purpose is to detect such signaling storms in the first place. Next using the proposed hybrid Radio Resource protocol such attacks should be blocked and the malicious node should be removed from the network. The revocation will show sufficient congestion relief in the network traffic.
Hierarchical security architecture for next generation mobile networks
ICSPCS'07-1st …, 2007
The integration of existing and emerging technologies in Next Generation Mobile Networks (NGMN) exposes the interworked infrastructure to malicious security threats arising from individual networks and heightens the possibility of their migration across network boundaries. Owing to their autonomous characteristics, the proprietary security solutions of legacy networks cannot be extended to address such multi-faceted security threats affecting NGMN functionality. In this paper, we propose a generic hierarchical security architecture that identifies and eliminates/isolates the dominant security threats in NGMN. While the architecture utilizes an anomaly-based security detection mechanism, elimination/isolation is carried out through a cooperative approach between the node under attack and its corresponding higher tier nodes. Performance evaluation indicates that the architecture is capable of isolating threats such as denial-of-service (DoS) and worm attacks in a timely manner.
Self-Protected Mobile Agent Paradigm for DDoS Threats Using Block Chain Technology This paper describes Mobile Agents paradigm for tracking and tracing the effects of Denial of Service security threat in Mobile Agent
International Journal of Advanced Networking and Applications (IJANA), 2019
This paper describes Mobile Agents paradigm for tracking and tracing the effects of Denial of Service security threat in Mobile Agent System, an implementation of this paradigm has been entirely developed in java programming language. The proposed paradigm considers a range of techniques that provide high degree of security during the mobile agent system life cycle in its environment. This paper highlights the spot to two main design objectives: The importance of including various supportive types of agents within a system e.g., police agents, service agents, …etc. Second: Evaluation analysis and number of checks to be done to trace the Mobile Agents if denial of the provided services during its path. Evaluation analysis for detecting tolerance differences for the calculated agent’s route before and during its journey, storing agent transactions, storing snapshots of agent state information, checking from time to time agent status and task completeness and lastly guard agent checks the changed variables of migrated agent. During tracing and monitoring Mobile Agents, the initiator node may destroy it and continue with another. In this paper a new paradigm is presented that detects and eliminate with high probability, any degree of tampering within a reasonable amount of time, also provide the ability of scalability of security administration.
Signaling oriented denial of service on LTE networks
Proceedings of the 10th ACM international symposium on Mobility management and wireless access - MobiWac '12, 2012
Long Term Evolution (LTE) is seen as the key enabler for delivering the fourth generation of mobile broadband and is the first cellular network primarily designed based on IP. Thus, telecom operators must support the diverse IP-based mobile applications and all the overhead associated with such applications which is mainly in the a result of the increased signaling traffic. By taking advantage of the signaling overhead, a malicious user can cause severe overload on the operator's infrastructure denying legitimate users from accessing the network. This work presents a study of a denial of service (DoS) oriented signaling attack against LTE networks that takes advantage of the signaling overhead required to set up dedicated radio bearers. The attack scenario is simulated in OPNET, and the signaling traces are analyzed. Results show that a well-coordinated attack creates significant stress on the operator's resources and inhibits legitimate subscribers from obtaining proper services. Then, a detection mechanism that can be used to thwart such attacks is proposed.
Security in Mobile Telecommunication Networks
Wireless and Mobile Network Security, 2009
With the increase in popularity of mobile phones over landlines, the mobile telecommunication network has now become the primary source of communication for not only business and pleasure, but also for the many life and mission critical services such as E-911. These networks have become highly attractive targets to adversaries due to their heavy usage and their numerous vulnerabilities that may be easily exploited to cause major network outages.
Denial of service attacks and challenges in broadband wireless networks
Broadband wireless networks are providing internet and related services to end users. The three most important broadband wireless technologies are IEEE 802.11, IEEE 802.16, and Wireless Mesh Network (WMN). Security attacks and vulnerabilities vary amongst these broadband wireless networks because of differences in topologies, network operations and physical setups. Amongst the various security risks, Denial of Service (DoS) attack is the most severe security threat, as DoS can compromise the availability and integrity of broadband wireless network. In this paper, we present DoS attack issues in broadband wireless networks, along with possible defenses and future directions.
Threats and Countermeasures in GSM Networks
Journal of Networks, 2006
Mobile networks not only provide great benefits to their users but they also introduce inherent security issues. With respect to security, the emerging risks of denial of service (DOS) attacks will evolve into a critical danger as the availability of mobile networks becomes more and more important for the modern information society. This paper outlines a critical flaw in GSM networks which opens the avenue for distributed denial of service attacks. We propose a way to mitigate the attacks by adding minimal authentication to the GSM channel assignment protocol.
Related topics
Related papers
Counteracting DDoS Attacks in WLAN
The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate attacks. In this paper, we propose a security architecture for counteracting denial of service attacks in wireless based network architecture with mobile nodes. We describe the system model and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. We describe how mobile IP protocol in conjunction with our model can be used to deal efficiently with the attacks on mobile nodes.
Security architectures for B3G mobile networks
Telecommunication Systems, 2007
This paper analyses the security architectures employed in the interworking model that integrates third-generation (3G) mobile networks and Wireless Local Area Networks (WLANs), materializing Beyond 3G (B3G) networks. Currently, B3G networks are deployed using two different access scenarios (i.e., WLAN Direct Access and WLAN 3GPP IP Access), each of which incorporates a specific security architecture that aims at protecting the involved parties and the data exchanged among them. These architectures consist of various security protocols that provide mutual authentication (i.e., user and network authentication), as well as confidentiality and integrity services to the data sent over the air interface of the deployed WLANs and specific parts of the core network. The strengths and weaknesses of the applied security measures are elaborated on the basis of the security services that they provide. In addition, some operational and performance issues that derives from the application of these measures in B3G networks are outlined. Finally, based on the analysis of the two access scenarios and the security architecture that each one employs, this paper presents a comparison of them, which aims at highlighting the deployment advantages of each scenario and classifying them in terms of: a) security, b) mobility, and c) reliability.
Security in third Generation Mobile Networks
Computer Communications, 2004
In the last few years, we have witnessed an explosion in demand for security measures motivated by the proliferation of mobile/wireless networks, the fixed-mobile network convergence, and the emergence of new services, such as e-commerce. 3G-systems play a key role in this network evolution, and, thus, all stakeholders are interested in the security level supported in the new emerging mobile environment. This paper elaborates on the security framework in 3G mobile networks. The security requirements imposed by the different types of traffic, and by the different players involved (mobile users, serving network and service providers) are investigated. The security architecture, which comprises all the security mechanisms that are projected for the Universal Mobile Telecommunication System (UMTS) network, is analyzed. The employment of traditional security technologies, originally designed for fixed networking, such as firewalls, and static Virtual Private Network (VPN), in order to safeguard the UMTS core network from external attacks, as well as to protect user data when conveyed over the network are examined. Critical points in the 3G-security architecture that may cause network and service vulnerability are identified and discussed. Furthermore, proposals for the enhancement of the 3G-security architecture, and the provision of advanced security services to end-user data traffic within and outside the UMTS core network are discussed. The proposed enhancements can be easily integrated in the existing network infrastructure, and operate transparently to the UMTS network functionality. q IPsec IP security KAC key administration center MAC message authentication code MAP mobile application part MAPsec MAP security MS mobile station MT mobile terminal MSC mobile switching centre NE network entities NDS network domain security PS packet switched Rel-4 release 4 Rel-5 release 5 R99 release '99 RAND random challenge RES user response to challenge RNC radio network controller
A Novel Framework for Prevent the Denial of Service Attacks in MANET
— In the field of networks, the Mobile ad hoc networks (MANETs) are one of the best and lively mobile networks which are capable of shaping when the infrastructure of pre-existing communication is not present. And in further to mobility, the restricted resources like storage space, bandwidth and battery power are used to categorize a MANET. The primary theory in MANETs is that the transitional nodes assist in forwarding the packets. Mobile Ad hoc Networks are very weak in terms of Denial of Service (DoS) because of their prominent characteristics. A MANET is a self-diagnostic model includes by multiple mobile wireless nodes. The node misbehaviour is due to egocentric reasons where it can considerably reduce the performance of MANET. A self-centred node endeavours to exploit the resources simply for its own intention and it hesitates to distribute the resources with their neighbours. As a result, it plays a central role to detect the self-centred nodes to progress the concert of MANET. Initially, our proposed structural design of a MANET is constructed and the message linking in the mobile is originated. The packet drop is able to ensue in MANET because of the egocentric node or network traffic. In this proposed paper, triangular vision modelling framework exploits the detection of the misbehaving nodes and the egocentric node in the MANET. The triangular vision view depicts a clear picture in identifying the ideal route by using the behaviour of nodes where it helps to detect the egocentric nodes and misbehaving nodes in the MANET. The two methods called Report Based Method (RBM) Detection and Trace and Hope based Method (THBM) detection are used to detect the egocentric nodes and misbehaving nodes in the proposed framework for the Mobile Ad hoc network.
Design of Effective Security Architecture for Mobile Cloud Computing to Prevent DDoS Attacks
International Journal of Wireless and Microwave Technologies, 2019
A DOS (Denial of Service) attack, as its name suggests, denies or blocks access to certain services by flooding either the bandwidth of a specified network or by targeting its connectivity. There are much security challenges in mobile cloud computing. Cloud indicates a period of the computing where the services, which are an application, are made available by the internet. Cloud based computing is very adjustable and cheap as to providing a platform for various IT services. The mobile systems can hinge on the cloud based computing with mobile agents and can undertake various processes such as the searching or storing, etc. While it's very economic, it has many challenges such as the security. Various researches have been carried out to build a secure mobile cloud based computing. In this paper, we have viewed and analyzed the DDOS (Distributed Denial of Service) attacks in depth to prevent it in the mobile cloud computing.
Layerwise security framework with snauthspmaodv to defend denial of service attack for mobile adhoc networks in hostile environment
Shodhganga, 2012
This is to certify that the thesis entitled "Layerwise Security Framework with SNAuth-SPMAODV to defend Denial of Service attack for Mobile adhoc Networks in Hostile Environment" submitted to Avinashilingam University for Women, Coimbatore, for the award of Doctor of Philosophy in Computer Science, is a record of original research work done by D. Devi Aruna, during the period of her study in the Department of Computer Science, Avinashilingam University for Women, Coimbatore, under my supervision and guidance and the thesis has not formed the basis for the award of any Degree/ Diploma / Associateship / Fellowship or similar title to any University or Institute.
Review on Effects and Countermeasure for Attack in Wireless Infrastructure Based Network
The usability rate of wireless communication in society has grown exponentially from the last era. Except using cell phones for voice communication, regularly use wireless devices to access the internet services, conduct online transactions, send messages and enquire about a lot of useful information regarding the location of specific places of the users. The use of mobile devices in day- to-day communication raises many unresolved security issues. The work focuses possible attacks on the wireless cellular network architecture. One of them is denial of service attack, in the Denial of Service attack the main goal of the attacker is to prevent the legitimate mobile users to access the cellular services. Distributed Denial of Service attack occurs when several users attack the wireless cellular infrastructure simultaneously. DDoS is one of the most potent attacks that can bring down the entire network infrastructure. The main objective of the work is to study of about denial of service attack and suggested tracking approach against it.
Securing Mobile Devices from DoS Attacks
Today mobile devices are increasingly being used to access data services in addition to the voice communications. However such devices have limited resources to enforce strong security measures and hence they are easily vulnerable to attacks. In this paper we propose techniques for securing mobile devices from denial of service attacks. We will make use of the IPSec protocol for secure traceback and preventing the attack upstream. Finally we present the implementation and performance analysis of our model.
Identifying and Removing DDoS Attacking UMTS Network for Simless Nodes
In this paper we consider security of internet access over the Third Generation (3G) telecommunication systems. We Consider Universal Mobile Telecommunications System (UMTS) is selected as the most popular system among 3G systems. Here we detecting and removing DDos attack in UMTS network. The study then focuses on network access security mechanism of UMTS denial of service, identity catching, and redirection as the most significant attacks against authentication mechanism. Furthermore, we provide some solutions and methods to improve and prevent these attacks in UMTS system. The Universal Mobile Telecommunication System, more commonly known as UMTS, is now the world's leading mobile telecommunication system serving over 4 billion subscribers worldwide. UMTS has got much popularity as the earlier GSM system failed to cope up with higher data rate demands and faced some major security flaws. Although the UMTS system is able to mitigate most of those security flaws, yet it is not invincible to the new threats emerging with new and more sophisticated technologies. Many different kinds of security breaches are possible against UMTS networks. In this short technical essay, we will focus only on the Denial of Service (DoS) attacks on the UMTS access network, we replace GSM network with UMTS network because of security flaws. Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. In this paper, different types and techniques of DDoS attacks and their countermeasures are reviewed. We also discuss some traditional methods of defence such as trace back and packet filtering techniques so that readers can identify major differences between traditional and current techniques of defence against DDoS attacks. Before the discussion on countermeasures, we mention different attack types under DDoS with traditional and advanced schemes while some information on DDoS trends in the year 2012 Quarter-1 is also provided. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic making it quite difficult to identify and distinguish from legitimate requests. The need of improved defence against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defence in current times against DDoS attacks and contribute with more research on the topic in the light of future challenges identified in this paper.
CATCH: A protocol framework for cross-layer attacker traceback in mobile multi-hop networks
2010
Flooding-type Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in mobile multi-hop networks due to its limited network/host resources. Attacker traceback is a promising solution to take a proper countermeasure near attack origins, for forensics and to discourage attackers from launching the attacks. However, attacker traceback in mobile multi-hop networks is a challenging problem.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.