Advertisement

Roaming Interface Signaling Security for LTE Networks

  • Isha SinghEmail author
  • Silke HoltmannsEmail author
  • Raimo Kantola
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)

Abstract

A consistent effort has been made to provide fast, secure and uninterrupted mobile connectivity around the world. Mobile network operators use the private Interconnection network (IPX) to communicate with each other and with other service providers for international roaming and a large range of services. In LTE/4G, many core network nodes are involved in the communication and connection set-up for the subscriber in roaming scenarios. Currently, Diameter based protocols and the S9 interface are rolled out on the IPX network. We analyze the roaming interface (S9) in the LTE networks which is used for communicating charging, service control and QoS control signaling messages. This research explores Diameter Protocol features for the charging mechanisms and describes how manipulation in policy control and charging rules can influence the subscriber plan and services. The concept has been implemented and tested using a specification conformant LTE emulator. To mitigate the attack we will describe approaches and protection strategies that can be deployed.

Keywords

LTE Diameter Interoperability IPX S9 CCR CCA RAR RAA 

Notes

Acknowledgements

We thank to the European Union’s Horizon 2020 research and innovation programme for funding this project under grant agreement No. 737422 of the SCOTT project and Nokia Bell Labs for providing this platform.

References

  1. 1.
  2. 2.
  3. 3.
    3GGP: Numbering, addressing and identification. http://www.qtc.jp/3GPP/Specs/23003-3e0.pdf
  4. 4.
    3GGP: Policy and Charging Control 3GPP TS 29.212 version 12.6.0 release 12. https://www.etsi.org/deliver/etsi_ts/129200_129299/129212/12.06.00_60/ts_129212v120600p.pdf
  5. 5.
    Cichonski, J., Franklin, J.M., Bartock, M.: Guide to LTE security. Technical report, NIST SP 800–187, National Institute of Standards and Technology, Gaithersburg, MD, December 2017.  https://doi.org/10.6028/NIST.SP.800-187. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf, 00002
  6. 6.
    Ferrus, R., Sallent, O., Baldini, G., Goratti, L.: LTE: the technology driver for future public safety communications. IEEE Commun. Mag. 51(10), 154–161 (2013).  https://doi.org/10.1109/MCOM.2013.6619579CrossRefGoogle Scholar
  7. 7.
    Forsberg, D., Horn, G., Moeller, W.D., Niemi, V.: LTE Security. Wiley, Hoboken (2012). Google-Books-ID: 9wTs815ii70C, 00097CrossRefGoogle Scholar
  8. 8.
  9. 9.
  10. 10.
  11. 11.
    GSMA: IR.88 - LTE and EPC Roaming Guidelines. https://www.gsma.com/newsroom/wp-content/uploads//IR.88v18.0.pdf
  12. 12.
  13. 13.
    Holtmanns, S.: Mobile Data Interception from the Interconnection Link. https://media.ccc.de/v/34c3-8879-mobile_data_interception_from_the_interconnection_link
  14. 14.
    Holtmanns, S.: Interconnection Security-SS7 and Diameter, December 2017. https://www.youtube.com/watch?v=GczSCWRWyCk
  15. 15.
    Holtmanns, S., Nokia Bell Labs, Karakaari 13, 01620 Espoo, Finland: interconnection security standards - we are all connected. J. ICT Stand. 4(1), 1–18 (2016).  https://doi.org/10.13052/jicts2245-800X.411. http://www.riverpublishers.com/journal_read_html_article.php?j=JICTS/4/1/1, 0000CrossRefGoogle Scholar
  16. 16.
    Holtmanns, S., Oliver, I.: SMS and one-time-password interception in LTE networks (2017). https://www.semanticscholar.org/paper/SMS-and-one-time-password-interception-in-LTE-Holtmanns-Oliver/d53b731b979697cab9bd99639563be0a10f3530a, 00003
  17. 17.
  18. 18.
    IETF: Diameter Base Protocol. https://tools.ietf.org/html/rfc3588
  19. 19.
    Ivan, I., Milodin, D., Zamfiroiu, A.: Security of M-Commerce transactions. http://store.ectap.ro/articole/880.pdf
  20. 20.
    Kantola, R., Kabir, H., Loiseau, P.: Cooperation and end-to-end in the internet. Int. J. Commun. Syst. 30(12), e3268 (2017).  https://doi.org/10.1002/dac.3268. https://onlinelibrary.wiley.com/doi/abs/10.1002/dac.3268, e3268 IJCS-15-0043.R4CrossRefGoogle Scholar
  21. 21.
    Kumar, K.R.R.: International mobile data roaming: managed or unmanaged? In: 2010 9th Conference of Telecommunication, Media and Internet, pp. 1–9, June 2010.  https://doi.org/10.1109/CTTE.2010.5557699, 00004
  22. 22.
    Mashukov, S.: Diameter security: an auditor’s viewpoint. J. ICT Stand. 5(1), 53–68 (2017).  https://doi.org/10.13052/jicts2245-800X.513. https://riverpublishers.com/journalreadhtmlarticle.php?j=JICTS/5/1/3, 00000CrossRefGoogle Scholar
  23. 23.
    Rupprecht, D., Dabrowski, A., Holz, T., Weippl, E., Pöpper, C.: On security research towards future mobile network generations. arXiv:1710.08932 [cs], October 2017, 00006
  24. 24.
    Sanyal, R.: Challenges in interoperability and roaming between LTE - legacy core for mobility management, routing, real time charging. In: 2011 Technical Symposium at ITU Telecom World (ITU WT), pp. 116–122, October 2011Google Scholar
  25. 25.
    Holtmanns, S., Kotte, B., Rao, S.: Detach Me Not - DoS Attacks Against 4G Cellular Users Worldwide from your Desk. https://www.blackhat.com/eu-16/speakers/Dr-Silke-Holtmanns.html
  26. 26.
  27. 27.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Nokia Bell LabsEspooFinland
  2. 2.Aalto UniversityHelsinkiFinland

Personalised recommendations