iBet uBet web content aggregator. Adding the entire web to your favor.

Link to original content: https://doi.org/10.1145/2660267.2660346

Real Threats to Your Data Bills | Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

research-article

Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging

Authors:

Songwu LuAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 727 - 738

https://doi.org/10.1145/2660267.2660346

Published: 03 November 2014 Publication History

Abstract

Secure mobile data charging (MDC) is critical to cellular network operations. It must charge the right user for the right volume that (s)he authorizes to consume (i.e., requirements of authentication, authorization, and accounting (AAA)). In this work, we conduct security analysis of the MDC system in cellular networks. We find that all three can be breached in both design and practice, and identify three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy. The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementations. We devise three showcase attacks to demonstrate that, even simple attacks can easily penetrate the operational 3G/4G cellular networks. We further propose and evaluate defense solutions.

References

[1]

Millions of cell phones could be vulnerable to this sim card hack.http://gizmodo.com/sim-cards-are-hackable-and-researchers-havefound-the-v-860779912,2013.

[2]

Tor. https://www.torproject.org/.

[3]

3GPP. TS32.240: Charging architecture and principles, 2006.

[4]

3GPP. TS25.413: UTRAN Iu interface RANAP Signaling, 2008.

[5]

3GPP. TS33.210: 3G security; Network Domain Security (NDS); IP network layer security, Dec. 2012.

[6]

3GPP. TS 23.203: Policy and Charging Control Architecture, 2013.

[7]

3GPP. TS33.401: 3GPP SAE; Security architecture, Sep. 2013.

[8]

Allot. Allot mobiletrends charging report, 2011. http://www.allot.com/MobileTrendsChargingReport.html.

[9]

M. Arapinis, L. Mancini, E. Ritter, M. Ryan, N. Golde, K. Redon, and R. Borgaonkar. New Privacy Issues in Mobile Telephony: Fix and Verification. In ACM CCS, 2012.

Digital Library

[10]

AT&T. Data Plans from AT&T.http://www.att.com/media/att/planner/index.html.

[11]

K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. Pscout: analyzing the android permission specification. In ACM CCS, 2012.

Digital Library

[12]

H. Balakrishnan, S. Seshan, and R. H. Katz. Improving reliable transport and handoff performance in cellular wireless networks. Wireless Networks, 1(4):469--481, 1995.

Digital Library

[13]

M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE S&P, 2011.

Digital Library

[14]

S. M. Bellovin. Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Commun. Rev., 19(2):32--48, 1989.

Digital Library

[15]

Cisco. Cisco GGSN Release 10.0 Configuration Guide, 2010.

[16]

Cisco Visual Networking Index. Global Mobile Data Traffic Forecast Update, 2013--2018, 2014. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11--520862.html.

[17]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In USENIX Security, 2011.

Digital Library

[18]

W. Enck, P. Traynor, P. McDaniel, and T. La Porta. Exploiting OpenFunctionality in SMS-Capable Cellular Networks. In CCS, 2005.

Digital Library

[19]

H. Falaki, D. Lymberopoulos, R. Mahajan, S. Kandula, and D. Estrin. A first look at traffic on smartphones. In IMC, 2010.

Digital Library

[20]

FCC. FCC approves AT&T acquisition of Qualcomm Licenses. 2011.

[21]

Y. Go, D. F. Kune, S. Woo, K. Park, and Y. Kim. Towards accurate accounting of cellular data for tcp retransmission. In HotMobile'13.

Digital Library

[22]

Y. Go, J. Won, D. F. Kune, E. Jeong, Y. Kim, and K. Park. Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission. In NDSS, 2014.

[23]

S. Ha, S. Sen, C. Joe-Wong, Y. Im, and M. Chiang. TUBE: Time-dependent Pricing for Mobile Data. In SIGCOMM, 2012.

Digital Library

[24]

C. Lever, M. Antonakakis, B. Reaves, P. Traynor, and W. Lee. The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers. In NDSS, 2013.

[25]

mobiThinking. Global mobile statistics 2013.

[26]

E. R. M. R. Myrto Arapinis, Loretta Ilaria Mancini. Privacy through pseudonymity in mobile telephony systems. In NDSS, 2014.

[27]

C. Peng, C. Li, G. Tu, S. Lu, and L. Zhang. Mobile Data Charging: New Attacks and Countermeasures. In ACM CCS, 2012.

Digital Library

[28]

C. Peng, G. Tu, C. Li, and S. Lu. Can We Pay for What We Get in 3G Data Access? In MobiCom, 2012.

Digital Library

[29]

Z. Qian and Z. Mao. Off-Path TCP Sequence Number Inference Attack-How Firewall Middleboxes Reduce Security. In S&P, 2012.

Digital Library

[30]

Z. Qian, Z. M. Mao, and Y. Xie. Collaborative TCP Sequence Number Inference Attack: How to Crack Sequence Number under a Second. In ACM CCS, 2012.

Digital Library

[31]

R. Racic, D. Ma, and H. Chen. Exploiting MMS vulnerabilities to stealthily exhaust mobile phone's battery. In SecureComm'06.

[32]

S. Sen, C. Joe-Wong, S. Ha, and M. Chiang. Pricing Data: A Look at Past Proposals, Current Plans, and Future Trends. CoRR, 2012.

[33]

P. Traynor, W. Enck, P. McDaniel, and T. La Porta. Mitigating Attacks on Open Functionality in SMS-capable Cellular Networks. In ACM MobiCom, 2006.

Digital Library

[34]

P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. L. Porta. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In ACM CCS, 2009.

Digital Library

[35]

P. Traynor, P. McDaniel, and T. La Porta. On Attack Causality in Internet-Connected Cellular Networks. In USENIX Security, 2007.

Digital Library

[36]

G.-H. Tu, C. Peng, C.-Y. Li, X. Ma, H. Wang, T. Wang, and S. Lu. Accounting for Roaming Users on Mobile Data Access: Issues and Root Causes. In ACM MobiSys, 2013.

Digital Library

[37]

R. Wang, L. Xing, X. Wang, and S. Chen. Unauthorized origin crossing on mobile platforms: Threats and mitigation. In CCS, 2013.

Digital Library

[38]

Z. Wang, Z. Qian, Q. Xu, Z. Mao, and M. Zhang. An Untold Story of Middleboxes in Cellular Networks. In SIGCOMM, 2011.

Digital Library

[39]

Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In IEEE S&P, 2012.

Digital Library

Cited By

Pacherkar HYan GKim YKim JKoushanfar FRasmussen K(2024)PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance GraphsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656129(254-264)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656129
Chen MHu YTu GLi CWang SShi JXie THsu RXiao LPeng CTan ZLu S(2024)Taming the Insecurity of Cellular Emergency Services (9–1-1): From Vulnerabilities to Secure DesignsIEEE/ACM Transactions on Networking10.1109/TNET.2024.337929232:4(3076-3091)Online publication date: Aug-2024
https://doi.org/10.1109/TNET.2024.3379292
Wang SXie TChen MTu GLi CLei XChou PHsieh FHu YXiao LPeng C(2024)Dissecting Operational Cellular IoT Service Security: Attacks and DefensesIEEE/ACM Transactions on Networking10.1109/TNET.2023.331355732:2(1229-1244)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3313557
Show More Cited By

Index Terms

Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks
2. Security and privacy
  1. Network security

Recommendations

Insecurity of Voice Solution VoLTE in LTE Mobile Networks
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this ...
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Long Term Evolution (LTE) is becoming the dominant cellular networking technology, shifting the cellular network away from its circuit-switched legacy towards a packet-switched network that resembles the Internet. To support voice calls over the LTE ...
Mobile data charging: new attacks and countermeasures
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

3G/4G cellular networks adopt usage-based charging. Mobile users are billed based on the traffic volume when accessing data service. In this work, we assess both this metered accounting architecture and application-specific charging policies by ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Division of Computer and Network Systems

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
740
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pacherkar HYan GKim YKim JKoushanfar FRasmussen K(2024)PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance GraphsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656129(254-264)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656129
Chen MHu YTu GLi CWang SShi JXie THsu RXiao LPeng CTan ZLu S(2024)Taming the Insecurity of Cellular Emergency Services (9–1-1): From Vulnerabilities to Secure DesignsIEEE/ACM Transactions on Networking10.1109/TNET.2024.337929232:4(3076-3091)Online publication date: Aug-2024
https://doi.org/10.1109/TNET.2024.3379292
Wang SXie TChen MTu GLi CLei XChou PHsieh FHu YXiao LPeng C(2024)Dissecting Operational Cellular IoT Service Security: Attacks and DefensesIEEE/ACM Transactions on Networking10.1109/TNET.2023.331355732:2(1229-1244)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3313557
Lee HKarim ILi NBertino ESuga YSakurai KDing XSako K(2022)VWAnalyzerProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3517425(182-195)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3517425
Sharma SSingh B(2022)Performance Analysis of Path Loss Models at 1.8 GHz in an Indoor/Outdoor Environment to Verify Network Capacity and CoverageWireless Personal Communications10.1007/s11277-022-09883-9126:4(3649-3661)Online publication date: 30-Jun-2022
https://doi.org/10.1007/s11277-022-09883-9
Xie TTu GLi CPeng C(2021)How Can IoT Services Pose New Security Threats In Operational Cellular Networks?IEEE Transactions on Mobile Computing10.1109/TMC.2020.298419220:8(2592-2606)Online publication date: 1-Aug-2021
https://doi.org/10.1109/TMC.2020.2984192
Chen YYao YWang XXu DYue CLiu XChen KTang HLiu B(2021)Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00104(1197-1214)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00104
Yu CChen SWang FWei Z(2021)Improving 4G/5G air interface securityComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2021.108532201:COnline publication date: 30-Dec-2021
https://dl.acm.org/doi/10.1016/j.comnet.2021.108532
Li CLin YLai YChien HHuang YHuang PLiu H(2020)Transparent AAA Security Design for Low-Latency MEC-Integrated Cellular NetworksIEEE Transactions on Vehicular Technology10.1109/TVT.2020.296459669:3(3231-3243)Online publication date: Mar-2020
https://doi.org/10.1109/TVT.2020.2964596
Li YKim KVlachou CXie JWu JHall W(2019)Bridging the data charging gap in the cellular edgeProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342074(15-28)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342074
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents