Abstract
Mobile Network Operators (MNOs) keep a strict control over users accessing the networks by means of the Subscriber Identity Module (SIM). This module grants the user access to the network, by performing the registration and authentication of the user’s device. Without a valid Subscribe IdentityModule (SIM) module and a successful authentication, mobile devices are not granted access and, hence, they are not allowed to inject any traffic in the mobile infrastructure. Nevertheless, in this paper we describe an attack to the security of a mobile network allowing an unauthenticated malicious mobile device to inject traffic in the mobile operator’s infrastructure. We show that even with devices without any SIM module it is possible to inject high levels of signaling traffic in the mobile infrastructure, causing significant service degradation up to a full-fledged Denial of Service (DoS) attack.
Chapter PDF
References
3GPP: TS 23.401 — General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access, http://www.3gpp.org/ftp/Specs/html-info/23401.htm
3GPP: TS 25.214 — Physical layer procedures (FDD), http://www.3gpp.org/ftp/Specs/html-info/25214.htm
3GPP: TS 27.007 — AT command set for User Equipment (UE), http://www.3gpp.org/ftp/Specs/html-info/27007.htm
3GPP: TS 44.006 — Mobile Station - Base Stations System (MS - BSS) interface Data Link (DL) layer specification, http://www.3gpp.org/ftp/Specs/html-info/44006.htm
Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A Denial of Service attack on Android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012)
Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Breaking and fixing the Android Launching Flow. Computers & Security (2013), http://www.sciencedirect.com/science/article/pii/S0167404813000540
Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Faruolo, P., Petagna, F., Ferraro Petrillo, U.: Engineering a secure mobile messaging framework. Computers & Security 31(6), 771–781 (2012)
Castiglione, A., Cattaneo, G., De Maio, G., Petagna, F.: SECR3T: Secure End-to-End Communication over 3G Telecommunication Networks. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 520–526 (2011)
Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U.: SPEECH: Secure Personal End-to-End Communication with Handheld. In: ISSE 2006, Securing Electronic Busines Processes, pp. 287–297. Vieweg (2006), http://dx.doi.org/10.1007/978-3-8348-9195-2_31
Castiglione, A., De Prisco, R., De Santis, A.: Do You Trust Your Phone? In: Di Noia, T., Buccafurri, F. (eds.) EC-Web 2009. LNCS, vol. 5692, pp. 50–61. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-03964-5_6
Castiglione, A., De Prisco, R., De Santis, A., Fiore, U., Palmieri, F.: A botnet-based command and control approach relying on swarm intelligence. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.05.002
De Santis, A., Castiglione, A., Cattaneo, G., Cembalo, M., Petagna, F., Ferraro Petrillo, U.: An Extensible Framework for Efficient Secure SMS. In: 2010 International Conference on Complex, Intelligent and Software Intensive Systems, pp. 843–850 (2010)
Derr, K.: Nightmares with mobile devices are just around the corner? In: IEEE International Conference on Portable Information Devices, PORTABLE 2007, pp. 1–5 (2007)
Doukas, C., Pliakas, T., Maglogiannis, I.: Mobile healthcare information management utilizing cloud computing and android os. In: 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), pp. 1037–1040. IEEE (2010)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)
Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G.M., Mehes, A.: Can you infect me now?: malware propagation in mobile phone networks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 61–68. ACM (2007)
Gobbo, N., Merlo, A., Migliardi, M.: Attacking the attach procedure in cellular networks. Journal of Ambient Intelligence and Humanized Computing (2014)
Guo, C., Wang, H.J., Zhu, W.: Smart-phone attacks and defenses. In: HotNets III (2004)
Heine, G., Horrer, M.: GSM networks: protocols, terminology, and implementation. Artech House, Inc. (1999)
Kambourakis, G., Kolias, C., Gritzalis, S., Hyuk-Park, J.: Signaling-oriented DoS attacks in UMTS networks. In: Park, J.H., Chen, H.-H., Atiquzzaman, M., Lee, C., Kim, T.-H., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 280–289. Springer, Heidelberg (2009)
Khan, M., Ahmed, A., Cheema, A.R.: Vulnerabilities of umts access domain security architecture. In: Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, SNPD 2008, pp. 350–355. IEEE (2008)
Kuntagod, N., Mukherjee, C.: Mobile decision support system for outreach health worker. In: 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), pp. 56–59. IEEE (2011)
Migliardi, M., Gaudina, M.: Memory Support through Pervasive and Mobile Systems. In: Inter-Cooperative Collective Intelligence: Techniques and Applications. SCI. Springer (2013)
Mulliner, C., Seifert, J.P.: Rise of the iBots: Owning a telco network. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 71–80. IEEE (2010)
Tacconi, C., Mellone, S., Chiari, L.: Smartphone-based applications for investigating falls and mobility. In: 2011 5th International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth), pp. 258–261. IEEE (2011)
Traynor, P., Enck, W., McDaniel, P., La Porta, T.: Mitigating attacks on open functionality in sms-capable cellular networks. In: Proceedings of the 12th Annual International Conference on Mobile Computing and Networking, pp. 182–193. ACM (2006)
Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 223–234. ACM (2009)
Traynor, P., McDaniel, P., La Porta, T., et al.: On attack causality in internet-connected cellular networks. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–16. USENIX Association (2007)
U.S. Department of Defense: Security Technical implementation Guide, http://iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html
Wang, M.Y., Zao, J.K., Tsai, P., Liu, J.: Wedjat: a mobile phone based medicine in-take reminder and monitor. In: Ninth IEEE International Conference on Bioinformatics and BioEngineering, BIBE 2009, pp. 423–430. IEEE (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gobbo, N., Merlo, A., Migliardi, M. (2013). A Denial of Service Attack to GSM Networks via Attach Procedure. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds) Security Engineering and Intelligence Informatics. CD-ARES 2013. Lecture Notes in Computer Science, vol 8128. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40588-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-40588-4_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40587-7
Online ISBN: 978-3-642-40588-4
eBook Packages: Computer ScienceComputer Science (R0)