A proactive defense mechanism for mobile communication user data
暂无分享,去创建一个
Dear editor, Several studies have recently reported on major vulnerabilities in the Signaling System No.7 (SS7) used in mobile networks [1, 2]. The reported vulnerabilities and security issues would lead to the illegal acquisition and tampering of mobile communication user data, known as cellphone user data. The cellphone user data contain important information such as identity identification, location identification, security parameter-set. Due to these vulnerabilities, an increasing number of solutions have been presented to address the security issues [2–4]. Currently, almost all solutions deploy signaling firewalls or signaling monitors at the operators’ network boundaries to filter or monitor the abnormal signaling from exterior networks. These solutions are passive protection mechanisms and can effectively prevent abnormal-signaling from external networks but cannot prevent abusive access using normal signaling. This study proposes a proactive defense mechanism known as DVM to address this issue. The DVM mechanism establishes a dynamic and virtual mapping between the cellphone user’s identity identification and other data to conceal the real mapping relations. Thus attackers fail to access real user data. The DVM mechanism uses dynamic technique to manipulate user data. Contributions. The main contributions of this study are summarized as follows. (1) An attack model and an attack chain are developed that form the the basis for the entire study. (2) The user’s data mapping relation and their wide distribution could be the main reasons for user data disclosure. Based on this analysis, we eliminate the proactive defense thoughts to break or conceal user data’s mapping relation in insecure SS7 networks. Based on the DVM mechanism, these challenging issues are addressed: (a) manipulating data under the existing mobile communication mechanisms; (b) the conditions that must be met when a data item is manipulated; (c) implementing user data dynamic manipulation; (d) ensuring normal communication after user data are dynamically manipulated. A theoretical analysis model is presented to evaluate the DVM’s security efficiency. In addition, the effects of multiple parameters (e.g., timeinterval, and occurrence probability of user data dynamic manipulation) on security improvement are studied. Attack model and attack chain. In SS7 networks, attackers may attack user data via two abusive access modes: (1) sending normal signaling or normal commands to users’ data storage entities to acquire or tamper with user data; (2) collecting signaling data on signaling pathways to extract user data that are carried in signaling data.