ISSC641 CTC Telecommunications and Network Security Discussion

Hello,

This is a two part questions. First I will need the discussion question answer which will be below in bold, 250 words APA format. For those response I will need two responses of at least 175 words each.

A) Conduct a web search for the key words “Vulnerabilities in Cellular Data Networks” and look for a paper written by the three authors of our textbook: Traynor, McDaniel, and La Porta with the title of “On Attack Causality in Internet-Connected Cellular Networks“. Then do the following:

1. Get the reference of the site that hosts this article
2. Save the pdf document
3. Within the article the authors state there are “two new denial of service (DoS) vulnerabilities in cellular data services.”
   • What are these two new vulnerabilities? Read from the article and name them.
   • Give a short description in your own words to explain what they are.
   • Give an example of each one of the vulnerabilities becoming exploits under attack

Part two

Student one:

This is certainly an interesting topic for this week. Within their paper, On Attack Causality in Internet-Connected Cellular Networks, Taynor, McDaniel and LaPorta cover two new denial of service vulnerabilities in service data networks. They focus primarily on the interface between cellular phones and the Internet. To review, there are two specific pieces of equipment that help to facilitate this connection, the Gateway GPRS Support Node and the Servicing GPRS Support Node. Both of these pieces of equipment are utilized to facilitate the transfer of data within a cellular data network (Traynor, 2008).

Traynor, McDaniel, and LaPorta examine a few denial of service attacks within the paper. The first denial of service attack mentioned is the exploitation of teardown mechanisms. In order for devices to receive data, Packet Data Channels (PDCHs) are established. Within these Packet Data Channels, Temporary Block flows (TBFs) are established and packets are marked with a Temporary Flow Identifier (TFIs) are appended to each packet in order to ensure that the receiving cellular device knows the appropriate packets to decode. When data transmission is finished, the TBF and TFIs expire. In this case, the teardown mechanism is the expiration of the TBF and associated TFIs, which prompt the mobile phone to return to a standby state, as opposed to being in a ready state (which is utilized to accept data). It is possible for an adversary to exploit the teardown mechanism due to the fact that there is a slight delay (approximately five seconds) between the time that packet transfer finishes and the device returns to a standby state. If an adversary were to inject data during this time, theoretically a denial of service attack could be performed, due to the fact that a device would never return to its standby state (Traynor, n.d.).

The second denial of service attack is the exploitation of setup procedures. This is accomplished along the PRACH (Packet Random Access Channel). It is possible for an adversary to overload this channel with connection establishment requests, thus increasing the need for retransmission due to data collision. In essence, the adversary creates a bottleneck on the reconnection channel, preventing a mobile device from reconnecting to the cellular network (Traynor, n.d.).

References:

Traynor, P., McDaniel, P., & LaPorta, T. (n.d.). On Attack Causality in Internet-Connected Cellular Networks. Patrick Drew McDaniel. https://patrickmcdaniel.org/pubs/usec07.pdf

Traynor, P., McDaniel, P., & Porta, T. L. (2008). Security for Telecommunications Networks. Springer.

Student two:

Telecommunications networks operate, theoretically, in a very similar manner to the type of network you may find on the average home. Logically, however, they accomplish tasks utilizing a multitude of equipment not seen in a standard home data network. With that said, similar attack vectors can be leveraged within the two networks, one of which is the infamous Denial of Service attack, which the authors of this paper discuss as it pertains to internet-connected cellular networks.

The first of the two vulnerabilities mentioned in Traynor, McDaniel and La Porta’s work in “On Attack Causality in Internet-Connected Cellular Networks” is a vulnerability that exists within the way cellular devices transition between IDLE, STANDBY, and READY modes with regard to listening for traffic on the network. A more traditional DoS attack may seek to exhaust resources by exploiting the handshake exchange at the beginning of a conversation. The constant unanswered SYN-ACK’s ultimately result in resource depletion. When a phone is in the READY mode, it receives a message, then after a period of approximately five seconds, it reverts back to the STANDBY state and frees up the Packet Data Chanel (PDCH). It is the five second timer that represents the vulnerability. If an attacker is able to push traffic to a device continually within that five seconds, theoretically, resource exhausting can be achieved, and a denial of service would be the outcome. (Traynor et al, 2007)

The second attack involves exploiting the Packet Random Access Channel (PRACH), and tends to fall in line with the previous example of the unanswered SYN-ACK. Essentially, the attack seeks to undermine the channel by sending a multitude of connection establishment requests. What inevitably occurs is a number of collisions, that would require a re-transmission, thus overloading the channel and exploiting the architectural bottleneck. (Traynor et al, 2007)

Traynor, McDaniel, & La Porta. (2007). On Attack Causality in Internet-Connected Cellular Networks. Retrieved from https://www.usenix.org/legacy/events/sec07/tech/full_papers/traynor/traynor.pdf