On cellular botnets: measuring the impact of malicious devices on a cellular network core

The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of mobile phones in attacks against the core of these networks. Through a combination of measurement, simulation and analysis, we demonstrate the ability of a botnet composed of as few as 11,750 compromised mobile phones to degrade service to area-code sized regions by 93%. As such attacks are accomplished through the execution of network service requests and not a constant stream of phone calls, users are unlikely to be aware of their occurrence. We then investigate a number of significant network bottlenecks, their impact on the density of compromised nodes per base station and how they can be avoided. We conclude by discussing a number of countermeasures that may help to partially mitigate the threats posed by such attacks.

[1]  A. A. Samjani General Packet Radio Service [GPRS] , 2002 .

[2]  Angelos D. Keromytis,et al.  WebSOS: an overlay-based system for protecting web servers from denial of service attacks , 2005, Comput. Networks.

[3]  Peng Liu,et al.  CAT - A Practical Graph & SDL Based Toolkit for Vulnerability Assessment of 3G Networks , 2006, SEC.

[4]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[5]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[6]  Patrick D. McDaniel,et al.  On Attack Causality in Internet-Connected Cellular Networks , 2007, USENIX Security Symposium.

[7]  Aviel D. Rubin,et al.  Defending against an Internet-based attack on the physical world , 2002, TOIT.

[8]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[9]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[10]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[11]  Patrick P. C. Lee,et al.  On the Detection of Signaling DoS Attacks on 3G Wireless Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[12]  John Reece,et al.  General Packet Radio Service (GPRS) , 2002 .

[13]  Helen J. Wang,et al.  Smart-Phone Attacks and Defenses , 2004 .

[14]  Hui Zang,et al.  Impact of paging channel overloads or attacks on a cellular network , 2006, WiSe '06.

[15]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[16]  Giovanni Vigna,et al.  Vulnerability Analysis of MMS User Agents , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[17]  Nawal A. El-Fishway,et al.  An improvement on secure communication in PCS , 2003, Conference Proceedings of the 2003 IEEE International Performance, Computing, and Communications Conference, 2003..

[18]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[19]  Thomas F. La Porta,et al.  Exploiting open functionality in SMS-capable cellular networks , 2005, CCS '05.

[20]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[21]  Xiapu Luo,et al.  Recursive DNS Architectures and Vulnerability Implications , 2009, NDSS.

[22]  Thomas F. La Porta,et al.  Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks , 2006, IEEE/ACM Transactions on Networking.

[23]  Hao Chen,et al.  Exploiting Opportunistic Scheduling in Cellular Data Networks , 2008, NDSS.

[24]  Ari Juels,et al.  $evwu Dfw , 1998 .

[25]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[26]  Patrick D. McDaniel,et al.  Enterprise Security: A Community of Interest Based Approach , 2006, NDSS.

[27]  Kingpin Kingpin,et al.  Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats , 2001, USENIX Security Symposium.

[28]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[29]  Chi-Chun Lo,et al.  Secure communication mechanisms for GSM networks , 1999, IEEE Trans. Consumer Electron..

[30]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.

[31]  Kang G. Shin,et al.  On Mobile Viruses Exploiting Messaging and Bluetooth Services , 2006, 2006 Securecomm and Workshops.

[32]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[33]  M. Walker,et al.  Towards a coherent approach to third generation system security , 2001 .

[34]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[35]  Ju Wang,et al.  Empirical Study of Tolerating Denial-of-Service Attacks with a Proxy Network , 2005, USENIX Security Symposium.

[36]  Angelos D. Keromytis,et al.  MOVE: An End-to-End Solution to Network Denial of Service , 2005, NDSS.