Telecommunications Security
Abstract
Long held in logical and physical isolation from other systems, telecommunications networks and other pieces of our critical infrastructure are rapidly being assimilated into the Internet. Today, systems including electrical grids and traffic systems are now accessible to users, regardless of their location, with a few clicks of a mouse.
As our research has demonstrated, such interconnections are not without consequence. With the bandwidth available to most cable modems, an adversary can launch attacks capable of denying voice service to cellular telecommunications networks in major cities. In times of emergency, when such networks are essential in saving lives, such attacks can be extremely dangerous. Our current research aims at fixing this and a variety of other vulnerabilities we have discovered in cellular networks.
Application to Homeland Security
Our research evaluates the security impact of Internet-originated text messages on cellular voice and Short Messaging Service (SMS) services. The connections between the Internet and phone networks introduce open functionality that detrimentally affects the fidelity of a cellular provider's service. Through the generation and use of large, highly accurate phone hit-lists, we demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. Even with small number of targets, we show that these cyberwarfare attacks are sustainable for tens of minutes. These attacks are especially threatening when compared to traditional signal jamming in that they can be invoked from anywhere in the world, often without physical involvement of the adversary.
There are many dangers of connecting digital and physical domains. For example, a wide array of systems with varying degrees of connectivity to the Internet were indirectly affected by the Slammer worm. The traffic generated by this worm was enough to render systems including Bank of America's ATMs and emergency 911 services in Bellevue, Washington unresponsive.
Technologies
We analyze the Global System for Mobile communication (GSM) so as to quantify the necessary bandwidth to perform such attacks. This particular technology was selected because, with over 1 billion GSM subscribers, these networks are by far the most widespread on the planet. However, our analysis of GSM does not preclude other technologies from similar vulnerabilities.
We encourage readers interested in the specific details of the mechanisms used in this attack to read Section II of the paper.
Publications/Talks
- William Enck, Patrick Traynor, Patrick McDaniel and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks, Proceedings of 12th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, November 2005.
- Patrick Traynor, William Enck, Patrick McDaniel and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks, Proceedings of the Twelfth Annual ACM International Conference on Mobile Computing and Networking (MobiCom), September 2006.
- Patrick Traynor, Patrick McDaniel and Thomas La Porta, On Attack Causality in Internet-Connected Cellular Networks, Proceedings of the 16th USENIX Security Symposium (SECURITY), August 2007.
Contact the Investigators
William Enck, Computer Science and Engineering
Patrick Traynor, Computer Science and Engineering
Patrick McDaniel, Computer Science and Engineering
Thomas La Porta, Computer Science and Engineering