论文信息 - Security Testing of GSM Implementations

Security Testing of GSM Implementations

Right after its introduction, GSM security was reviewed in a mostly theoretical way, uncovering some major security issues. However, the costs and complexity of the required hardware prohibited most people from exploiting these weaknesses in practice and GSM became one of the most successful technologies ever introduced. Now there is an enormous amount of mobile enabled equipment out there in the wild, which not only have exploitable weaknesses following from the GSM specifications, but also run implementations which were never security tested. Due to the introduction of cheap hardware and available open-source software, GSM found itself under renewed scrutiny in recent years. Practical security research such as fuzzing is now a possibility. This paper gives an overview on the current state of fuzzing research and discusses our efforts and results in fuzzing parts of the extensive GSM protocol. The protocol is described in hundreds of large PDF documents and contains many layers and many, often archaic, options. It is, in short, a prime target for fuzzing. We focus on two parts of GSM: SMS messages and CBS broadcast messages.

[1] Ronny Wichers Schreur,et al. Femtocell Security in Theory and Practice , 2013, NordSec.

[2] Ralf-Philipp Weinmann,et al. Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks , 2012, WOOT.

[3] A Arturo Cedillo Torres. GSM Cell Broadcast Service security analysis , 2013 .

[4] Aboul Ella Hassanien,et al. Progress in Cryptology – AFRICACRYPT 2013 , 2013, Lecture Notes in Computer Science.

[5] Michael Ganley,et al. Encryption algorithms , 1992 .

[6] Transcoding Functions,et al. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; , 2009 .

[7] Charlie Miller,et al. Injecting SMS messages into smart phones for security analysis , 2009 .

[8] Karsten Nohl. Attacking phone privacy , 2010 .

[9] Jean-Pierre Seifert,et al. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale , 2011, USENIX Security Symposium.

[10] Giovanni Vigna,et al. Vulnerability Analysis of MMS User Agents , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[11] Glenford J. Myers,et al. Art of Software Testing , 1979 .

[12] Erik Poll,et al. A Comparison of Time-Memory Trade-Off Attacks on Stream Ciphers , 2013, AFRICACRYPT.