An advanced persistent threat in 3G networks: Attacking the home network from roaming networks

Xenakis, Christos; Ntantogian, Christoforos

doi:10.1016/j.cose.2013.11.006

Cited by 11 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Standalone (U)SimMontor was used to acquire data regarding the usage of 2G or 3G network technology, the frequency of AKA executions and the related change/refresh of keys, and the frequency of TMSI reallocations. (U)SimMomitor combined with simtrace [5] [6] was employed to capture data regarding the frequency of IMSI requests; while QXDM was used to obtain data for the employed cryptographic algorithms and whether padding randomization and inclusion of IMEI in the ciphering mode complete message are enabled. The duration of all experiments was 9 months (September 2013 to May 2014).…”

Section: Methodology Of Experimentsmentioning

confidence: 99%

“…More specifically, an ADR is considered an expensive operation, in the sense that it may cause significant delays in the establishment of a voice/data communication channel, especially when the MSC/VLR (or SGSN) and the HLR/AuC are located at different countries [42]. Additionally, a large number of ADRs may disrupt the normal operation of HLR/AuC, which is considered to be one of the most important mobile network elements [5]. In particular, it is a central repository of user location and profile information in the network and undertakes a series of tasks including generation of authentication vectors, delivery of phone call and text messages, data recording for billing, etc.…”

Section: Performance Analysismentioning

confidence: 99%

See 1 more Smart Citation

(U)SimMonitor: A mobile application for security evaluation of cellular networks

Xenakis

Ntantogian

Panos

2016

Computers & Security

Self Cite

View full text Add to dashboard Cite

The lack of precise directives in 3GPP specifications allows mobile operators to configure and deploy security mechanisms at their sole discretion. This may lead to the adoption of bad security practices and insecure configurations. Based on this observation, this paper presents the design and implementation of a novel mobile application named (U)SimMonitor that captures and analyses the security policy that a cellular operator enforces i.e., the invocation and employment of the specified security measures to protect its users. (U)SimMonitor achieve this by executing AT commands to extract network related parameters including encryption keys, identities, and location of users. Using (U)SimMonitor as our basic analysis tool, we have conducted a set of experiments for three mobile operators in Greece in a time period of 9 months. The obtained results allow us to quantify, compare and evaluate their applied security as well as pinpoint a set of generic critical observations. Numerical results and security measurements show that mobile networks have poor security configurations and practices, exposing subscribers to several attacks.

show abstract

Section: Methodology Of Experimentsmentioning

confidence: 99%

Section: Performance Analysismentioning

confidence: 99%

(U)SimMonitor: A mobile application for security evaluation of cellular networks

Xenakis

Ntantogian

Panos

2016

Computers & Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…In our previous work [8], we have presented an advanced persistent threat (APT) in 3G networks that exploits a series of zero-day vulnerabilities to flood the HLR/AuC, leading to system saturation. It was proven that the discovered APT can be performed in a trivial manner using commodity hardware and software.…”

Section: B Related Workmentioning

confidence: 99%

Attacking the baseband modem of mobile phones to breach the users' privacy and network security

Xenakis

Ntantogian

2015

2015 7th International Conference on Cyber Conflict: Architectures in Cyberspace

Self Cite

View full text Add to dashboard Cite

As people are using their smartphones more frequently, cyber criminals are focusing their efforts on infecting smartphones rather than computers. This paper presents the design and implementation of a new type of mobile malware, named (U)SimMonitor for Android and iPhone devices, which attacks the baseband modem of mobile phones. In particular, the mobile malware is capable of stealing security credentials and sensitive information of the cellular technology including permanent and temporary identities, encryption keys and location of users. The developed malware operates in the background in a stealthy manner without disrupting the normal operation of the phone. We elaborate on the software architecture of (U)SimMonitor and provide implementation details for the specific AT commands used by the malware. We analyse the security impacts of (U)SimMonitor malware and we show that it can entirely breach the privacy of mobile users and the security of cellular networks. In particular, a mobile user with an infected phone can be identified and all his/her movements can be tracked. Moreover, all his/her encrypted phone calls and data sessions can be disclosed.

show abstract

“…In addition, Figure 2 represents the scenario for detecting APT attack as to 1, 3, 4, 5, 6 among the steps of APT attack mentioned in Section 2.2. Step 1 (Detection Scenario of Step 1,3,4,5,6). See Figure 2.…”

Section: Service Scenariomentioning

confidence: 99%

“…It uses an antivirus detection bypassing module, an information collection module, an administrator authority acquisition module, etc. Herein, a variety of zero-day vulnerabilities are used [6].…”

Section: Attack Casesmentioning

confidence: 99%

MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats

Moon

Lee

et al. 2014

Symmetry

View full text Add to dashboard Cite

Abstract:Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security network of target systems, it conducts an attack after undergoing a pre-reconnaissance phase. An APT attack causes financial loss, information leakage, etc. They can easily bypass the antivirus system of a target system. In this paper, we propose a Multi-Layer Defense System (MLDS) that can defend against APT. This system applies a reinforced defense system by collecting and analyzing log information and various information from devices, by installing the agent on the network appliance, server and end-user. It also discusses how to detect an APT attack when one cannot block the initial intrusion while continuing to conduct other activities. Thus, this system is able to minimize the possibility of initial intrusion and damages of the system by promptly responding through rapid detection of an attack when the target system is attacked.

show abstract

An advanced persistent threat in 3G networks: Attacking the home network from roaming networks

Cited by 11 publications

References 9 publications

(U)SimMonitor: A mobile application for security evaluation of cellular networks

(U)SimMonitor: A mobile application for security evaluation of cellular networks

Attacking the baseband modem of mobile phones to breach the users' privacy and network security

MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats

Contact Info

Product

Resources

About