Wednesday, 23 July 2014

A Denial of Service Attack to UMTS Networks Using SIM-Less Devices

One of the fundamental security elements in cellular networks is the authentication procedure performed by means of the Subscriber Identity Module that is required to grant access to network services and hence protect the network from unauthorized usage. Nonetheless, in this work we present a new kind of denial of service attack based on properly crafted SIM less devices that, without any kind of authentication and by exploiting some specific features and performance bottlenecks of the UMTS network attachment process, are potentially capable of introducing significant service degradation up to disrupting large sections of the cellular network coverage. The knowledge of this attack can be exploited by several applications both in security and in network equipment manufacturing sectors.

The complexity of the mobile network structure may hide both unknown and known vulnerabilities that proper analysis tools and formal techniques can unveil. Beyond protocol-specific vulnerabilities, the same network complexity may also hide potential performance bottlenecks in signaling protocols or control applications/ components that can be exploited by several kinds of Denial of Service (DoS) attacks in order to tear down critical service subsystems or overwhelm them with large number of requests, exhausting the resources needed to ensure network operations. The effects, in terms of coverage, of DoS attacks progressively increase when moving from physical (i.e., using a radio jammer) towards the upper layers (i.e., affecting application-level subsystems serving large portion of the cellular network). Luckily, most of the known attacks are not easy to implement since they require a very large number of mobile cooperating devices (usually several thousands) or access to
internal MNO facilities to be really effective. Nonetheless, the potential impact of these attacks on mobile phone networks has not been sufficiently assessed and needs further study.
·       DoS attacks progressively increase when moving from physical (i.e., using a radio jammer) towards the upper layers.
This work, by focusing on the node attachment procedure in Universal Mobile Telecommunications System (UMTS) infrastructures, shows that it is possible to mount a full-fledged DoS attack potentially capable of shutting down large sections of the network coverage without the need of hijacking or controlling actual users’ terminals, as well as that the number of devices necessary to make such an attack effective is limited to a few hundred ones. This attack exclusively operates at the user-level by relying on unavoidable protocol-level signaling features so that no hacking on intra-operator facilities is needed. It is
indirectly targeted at the Home Location Register (HLR) that is the database containing information on mobile subscribers as well as call blocking and forwarding rules, that can be overwhelmed by service requests. Since this database is a critical component, often revealing to be a major bottleneck within the overall infrastructure, an outage of its functionality may cause an interruption of other mobile services too, finally resulting in a mobile network DoS potentially leaving thousands of devices without their lifelines to the network core. Furthermore, the presented attack does not require the use of real mobile handsets equipped with valid Subscriber Identity Module (SIM) modules and needs only a limited number (a few hundreds) of UMTS radio interfaces, eventually located on a single ad-hoc device, in order to inject the signaling traffic necessary to reach a critical level of disruption on the target cellular infrastructure.

v It give rise to several applications, ranging from cyber-warfare devices, that can be used in both intelligence and military scenarios to temporarily defeat UMTS communications within specific areas, to assessment/benchmarking tools that can be extremely useful in dimensioning, through “torture test” practices, new distributed HLR solutions.



Processor             -       Pentium –IV

Speed                  -       1.1 Ghz
RAM                   -       512 MB(min)
Hard Disk            -       40 GB
Key Board           -       Standard Windows Keyboard
Mouse                 -       Two or Three Button Mouse
Monitor               -       LCD/LED
Operating system        :       Windows XP.
Coding Language       :       JAVA
Data Base                    :       MySQL
Tool                            :       Netbeans.

Alessio Merlo, Mauro Migliardi, Nicola Gobbo, Francesco Palmieri, and Aniello Castiglione, “A Denial of Service Attack to UMTS Networks Using SIM-Less Devices” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 3, MAY-JUNE 2014.

No comments:

Post a Comment