A new approach to deploying private mobile network exploits
详细信息 查看全文
- 作者:Eunyoung Kim ; Jongsub Moon
- 关键词:OpenBSC ; MSC ; BTS/femtocell ; Security ; Exploit
- 刊名:The Journal of Supercomputing
- 出版年:2016
- 出版时间:January 2016
- 年:2016
- 卷:72
- 期:1
- 页码:46-57
- 全文大小:926 KB
- 参考文献:1.3GPP LTE Encyclopedia (2010) An introduction to LTE
2.Motorola (2010) Long term evolution (LTE): a technical overview
3.Mouly M, Pautet MB (1992) The GSM system for mobile communication. Telecom Publishing, Phoenix
4.Ekdahl P, Johansson T (2003) Another attack on A5/1. In: IEEE transactions on information theory, vol 49.1
5.Gendrullis T, Novotny M, Rupp A (2008) A real-world attack breaking A5/1 within hours. In: Cryptographic hardware and embedded systems (CHES). Springer, Berlin
6.Ageev DV (1935) Bases of the theory of linear selection. Code demultiplexing. In: Proceedings of the Leningrad Experimental Institute of Communication, pp 3–35
7.BTS. http://en.wikipedia.org/wiki/Base_transceiver_station . Accessed Oct 2013
8.3GPP TS 33.320 : 3GPP security aspect of home NodeB and home eNodeB, release 9. 10th December 2009
9.Chen J, Wong M (2012) Security implications and considerations for Femtocells. RP Journal
10.Bilogrevic I, Jadliwala M, Hubaux J-P (2010) Security issues in next generation mobile networks: LTE and femtocells. 2nd international femtocell workshop, Luton
11.Rao JR, Rohatgi P, Scherzer H, Tinguely S (2003) Partitioning attacks: or how to rapidly clone some GSM cards. In: Proceedings of the 2002 IEEE symposium on security and privacy
12.Wary J-P (2003) Another countermeasure for the Barkan–Biham–Keller attack on A5/2, 3GPP
13.Kumar S, Pelzl J, Pfeiffer G, Schimmler M, Paar C (2003) Breaking ciphers with COPACOBANA a cost-optimized parallel code breaker. In: Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems. Springer
14.Nohl K, Kribler S (2010) A5/1 cracking project. Black Hat USA
15.Paglieri N, Benjamin O (2011) Implementation and performance analysis of Barkan, Biham and Kellers attack on A5/2
16.Perez D, Pico J (2011) A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications. Black Hat DC
17.Boccuzzi J (2010) Femtocells design & application. McGrawHill, New York
18.Femtocell. http://en.wikipedia.org/wiki/Femtocell . Accessed June 2013
19.Hulton D (2008) Intercepting GSM traffic. Black Hat Europe
20.Borgaonkar RB (2013) Security analysis of femtocell-enabled cellular network architecture. Technical University of Berlin, Berlin
21.Dunkelman O, Keller N, Shamir A (2010) A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony. IACR
22.Handschuh H, Paillier P (2000) Reducing the collision probability of alleged Comp128, smart card research and applications. Lecture notes in computer science, vol 1820. Springer, New York, pp 380–385
23.Weinmann R-P (2012) Attacks baseband: remote exploitation of memory corruptions in cellular. protocol stacks, USENIX
24.Weinmann R-P (2011) The baseband apocalypse. In: 27th CCC
25.SS7 MTP2-user peer-to-peer adaptation layer (2004) SS7 MTP2-user peer-to-peer adaptation layer
26.European Telecommunications Standards Institute (1996) Digital cellular telecommunications system (phase 2\(+\) ). In: Mobile application part (MAP) specification (GSM 09.02)
27.Handover. http://en.wikipedia.org/wiki/Handover/ . Accessed June 2013
28.OpenBSC. http://openbsc.osmocom.org/trac/ . Accessed June 2013
29.osmo-nitb (BSC, MSC, HLR, AuC and EIR). http://openbsc.osmocom.org/trac/wiki/osmo-nitb/ . Accessed Oct 2013
30.OpenSGSN. http://openbsc.osmocom.org/trac/wiki/osmo-sgsn/ . Accessed Oct 2013
31.OpenGGSN. http://sourceforge.net/projects/ggsn/ . Accessed Oct 2013 - 作者单位:Eunyoung Kim (1) (2)
Jongsub Moon (3)
1. Graduate School of Information Security, Korea University, Seoul, 137-713, Korea
2. The Attached of ETRI, P.O. Box 1, Yuseong, Daejeon, 305-600, Korea
3. Department of Electronics and Information Engineering, Korea University, Sejong City, 339-700, Korea - 刊物类别:Computer Science
- 刊物主题:Programming Languages, Compilers and Interpreters
Processor Architectures
Computer Science, general - 出版者:Springer Netherlands
- ISSN:1573-0484
文摘
Private mobile communication systems (MCS) can be established easily with an open project and small MCS base stations are increasingly deployed in experiment environment. They can support not only voice communication, but also short message services (SMS) and data services. If a user has small base station (BS), then establishing a private real-world MCS becomes a clear option. For a private MCS to function properly, the services of private MCSs based on open projects should be configured similarly to those provided by commercial MCSs. In other words, the service should include voice communication, a SMS, and a General Packet Radio Services/Enhanced Data rates for GSM Evolution service. Also, the subscriber station, likewise, should be configured to support such services. In this paper, we consider attack scenarios using experimental MCSs with small BSs. We experimentally show the feasibility of attacks resulting in the leakage of private information, attacks on OpenBSC control, and DNS spoofing at the network level, all without subscriber knowledge. Keywords OpenBSC MSC BTS/femtocell Security Exploit