Pay as You Want: Bypassing Charging System in Operational Cellular Networks

Accurate and fair data charging in cellular networks is an important issue because of its large impacts on profits of operators and bills for users. In this study, we analyze the data charging policies and mechanisms for protocols and applications. The analysis shows that all operators in South Korea did not charge the payload of Internet Control Message Protocol (ICMP) echo request/reply messages, as well as the payload attached to Transmission Control Protocol (TCP) SYN and TCP RST packets. In addition, the operators only utilize IP addresses to verify whether the traffic comes from the expected application. By misusing the findings with consideration of Network Address Translator (NAT) in IPv4 cellular networks, we validate with empirical experiments the feasibility of free-riding attack, which enables an adversary to use the cellular data service for free, and propose effective countermeasures.