Abstract
Understanding attack patterns and attacker behavior has always been a prominent security research topic to provide insights into adversarial trends and defense strategies. In this paper, we demonstrate the process of analyzing adversarial trends in mobile communication systems using a conceptual threat modeling framework combined with graph analysis methodologies. We model 60 attacks using the Bhadra framework [30] and conduct graph-theory-based analysis to deduce insights. We observed the attack patterns, the diversity of attack paths given an attacker’s ability or target impact, and the importance of each technique from a network graph viewpoint and discussed potential defense strategies that mobile operators can deploy accordingly. Our main contribution is demonstrating the potential of Bhadra for analyzing the security posture of an operator’s network and simplifying the complexity of the mobile networks to communicate the security analysis results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, R., Spring, J.M., Christou, E.: Learning the associations of MITRE ATT&CK adversarial techniques. In: 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (2020)
Beineke, L.W., Oellermann, O.R., Pippert, R.E.: The average connectivity of a graph. Discret. Math. 252(1–3), 31–45 (2002)
Borgaonkar, R., Shaik, A., Asokan, N., Niemi, V., Seifert, J.-P.: LTE and IMSI catcher myths. BlackHat Europe (2015)
Chen, H.-Y.: Domain-specific threat modeling for mobile communication systems. Master’s thesis, Department of Computer Science and Engineering, Aalto University School of Science and Technology, Espoo, Finland (2021)
Chlosta, M., Rupprecht, D., Holz, T., Pöpper, C.: LTE security disabled: misconfiguration in commercial networks. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pp. 261–266. ACM (2019)
The MITRE Corporation. The MITRE ATT&CK. https://attack.mitre.org/
Duque-Anton, M., Bruyaux, F., Semal, P.: Measuring the survivability of a network: connectivity and rest-connectivity. Eur. Trans. Telecommun. 11(2), 149–159 (2000)
Ehlert, S., Geneiatakis, D., Magedanz, T.: Survey of network security systems to counter SIP-based denial-of-service attacks. Comput. Secur. 29(2), 225–243 (2010)
Forsberg, D., Horn, G., Moeller, W.-D., Niemi, V.: LTE Security. Wiley, Chichester (2012)
Franceschi-Bicchierai, L.: How criminals recruit telecom employees to help them hijack SIM cards (2018). https://www.vice.com/en/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam. Accessed 25 Apr 2021
Go, Y., Jeong, E., Won, J., Kim, Y., Kune, D.F., Park, K.: Gaining control of cellular traffic accounting by spurious TCP retransmission. In: NDSS. Internet Society (2014)
Hagberg, A., Swart, P., Chult, D.S.: Exploring network structure, dynamics, and function using NetworkX. Technical report, Los Alamos National Lab. (LANL), Los Alamos, NM (United States) (2008)
Holtmanns, S., Miche, Y., Oliver, I.: Subscriber profile extraction and modification via diameter interconnection. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 585–594. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64701-2_45
Holtmanns, S., Oliver, I.: SMS and one-time-password interception in LTE networks. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2017)
Holtmanns, S., Rao, S.P., Oliver, I.: User location tracking attacks for LTE networks using the interworking functionality. In: 2016 IFIP Networking Conference (IFIP Networking) and Workshops, pp. 315–322. IEEE (2016)
Hong, B., Bae, S., Kim, Y.: GUTI reallocation demystified: cellular location tracking with changing temporary identifier. In: NDSS. Internet Society (2018)
Hussain, S., Chowdhury, O., Mehnaz, S., Bertino, E.: LTEInspector: a systematic approach for adversarial testing of 4G LTE. In: NDSS. Internet Society (2018)
Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2010)
The Intercept: Massive hack of 70 million prisoner phone calls indicates violations of attorney-client privilege (2015). https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/. Accessed 25 Apr 2021
Kim, H., et al.: Breaking and fixing VoLTE: exploiting hidden data channels and mis-implementations. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 328–339 (2015)
Kim, H., Lee, J., Lee, E., Kim, Y.: Touching the untouchables: dynamic security analysis of the LTE control plane. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1153–1168. IEEE (2019)
Security Research Labs: SIM cards are prone to remote hacking. https://srlabs.de/bites/rooting-sim-cards/. Accessed 17 June 2021
Leong, W.K., Kulkarni, A., Xu, Y., Leong, B.: Unveiling the hidden dangers of public IP addresses in 4G/LTE cellular data networks. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, pp. 1–6 (2014)
Mashukov, S.: Diameter security: an auditor’s viewpoint. J. ICT Stand. 5(1), 53–68 (2017)
Nasser, Y.: Gotta Catch \(^{\prime }\)Em All: Understanding How IMSI-Catchers Exploit Cell Networks. White paper, Electronic Frontier Foundation (2019). https://www.eff.org/files/2019/07/09/whitepaper_imsicatchers_eff_0.pdf
NetworkX: Network Analysis in Python. A generator that produces lists of simple paths (2019). https://networkx.org/documentation/stable/reference/algorithms/generated/networkx.algorithms.simple_paths.all_simple_edge_paths.html. Accessed 25 Sept 2021
Peng, C., Li, C., Tu, G., Lu, So., Zhang, L.: Mobile data charging: new attacks and countermeasures. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 195–204 (2012)
Puzankov, K.: Hidden agendas: bypassing GSMA recommendations on SS7 networks. In: Hack in the Box Conference (2019)
Rao, S.P.: Analysis and mitigation of recent attacks on mobile communication backend. Master’s thesis, Department of Computer Science and Engineering, Aalto University School of Science and Technology, Espoo, Finland (2015)
Rao, S.P., Holtmanns, S., Aura, T.: Threat modeling framework for mobile communication systems. arXiv preprint arXiv:2005.05110 (2020)
Rao, S.P., Holtmanns, S., Oliver, I., Aura, T.: Unblocking stolen mobile devices using SS7-MAP vulnerabilities: exploiting the relationship between IMEI and IMSI for EIR access. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 1171–1176. IEEE (2015)
Rao, S.P., Kotte, B.T., Holtmanns, S.: Privacy in LTE networks. In: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, pp. 176–183 (2016)
Leong, D.P.R., Dean, T.: MESSAGETAP: Who’s Reading Your Text Messages? (2019). https://www.fireeye.com/blog/threat-research/ 2019/10/messagetap-who-is-reading-your-text-messages.html. Accessed 25 Apr 2021
Corelan Cybersecurity Research: On Her Majesty’s Secret Service: GRX & A Spy Agency. https://www.corelan.be/index.php/2014/05/30/hitb2014ams-day-2-on-her-majestys-secret-service-grx-a-spy-agency/. Accessed 25 Apr 2021
Rupprecht, D., Kohls, K., Holz, T., Pöpper, C.: Breaking LTE on layer two. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1121–1136. IEEE (2019)
Rupprecht, D., Kohls, K., Holz, T., Pöpper, C.: IMP4GT: impersonation attacks in 4G networks. In: Symposium on Network and Distributed System Security (NDSS). ISOC (2020)
AdaptiveMobile Security: New Simjacker vulnerability exploited by surveillance companies for espionage operation (2019). https://simjacker.com/. https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile. Accessed 25 Apr 2021
Sedgewick, R.: Algorithms in C, Part 5: Graph Algorithms. Pearson Education, Boston (2001)
Shostack, A.: Experiences threat modeling at microsoft. MODSEC@ MoDELS (2008)
Positive Technologies: Threats to Packet Core Security of 4G Network. White paper, GSMA (2017)
Positive Technologies: Threat vector: GTP (2020). https://positive-tech.com/storage/articles/gtp-2020/gtp-2020-eng.pdf. Accessed 24 May 2021
Tu, G.-H., Li, C.-Y., Peng, C., Li, Y., Lu, S.: New security threats caused by IMS-based SMS service in 4G LTE networks. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1118–1130 (2016)
Welch, B.: Exploiting the weaknesses of SS7. Netw. Secur. 2017(1), 17–19 (2017)
Xiong, W., Legrand, E., Åberg, O., Lagerström, R.: Cyber security threat modeling based on the Mitre enterprise ATT&ACK matrix. Softw. Syst. Model., 1–21 (2021)
Yu, C., Chen, S., Cai, Z.: LTE phone number catcher: a practical attack against mobile privacy. Secur. Commun. Netw. 2019 (2019)
Zeng, J., Shuang, W., Chen, Y., Zeng, R., Chengrong, W.: Survey of attack graph analysis methods from the perspective of data and knowledge processing. Secur. Commun. Netw. 2019 (2019)
Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing attacks on SIP-based VoIP systems. WOOT 7, 1–8 (2007)
Acknowledgement
The authors would like to thank Professor Tuomas Aura for providing constructive feedback and Nokia Bell Labs for funding the research work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, H.Y., Rao, S.P. (2021). Adversarial Trends in Mobile Communication Systems: From Attack Patterns to Potential Defenses Strategies. In: Tuveri, N., Michalas, A., Brumley, B.B. (eds) Secure IT Systems. NordSec 2021. Lecture Notes in Computer Science(), vol 13115. Springer, Cham. https://doi.org/10.1007/978-3-030-91625-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-91625-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91624-4
Online ISBN: 978-3-030-91625-1
eBook Packages: Computer ScienceComputer Science (R0)