Implementation of a Malicious Traffic Filter Using Snort and Wireshark as a Proof of Concept to Enhance Mobile Network Security

• Autorzy: Afzal Rafia , Murugesan Raja Kumar

Identyfikatory

DOI

10.26636/jtit.2022.155821

• Języki publikacji: EN

Abstrakty

EN

In the 1970s, roaming interconnections for cellular networks were designed for a few trusted parties. Hence, security was not a major concern. Today, the SS7 (Signaling System no. 7) solution that is several decades old is still used for many roaming interconnections. SS7 has been proven vulnerable to serious threats due to deregulation, expansion, and convergence with IP-based Long Term Evolution (LTE) networks. The limitations of the SS7 network that it is unable to check the subscriber’s authentic location, verify their identity and filter illegitimate messages, makes the system vulnerable to attacks. Adversaries taking advantage of these shortcomings can inflict threats such as interception of calls and text messages, subscriber tracking and denial of service attacks. Although LTE and Diameter signaling protocols promise enhanced security keeping up with the latest attack vectors, their inherent flaws related to roaming interconnections are still there and continue to make the networks vulnerable. Hence, a highly secure signaling network is required to protect the operators and the subscribers from a diverse range of security attacks. SS7 network protocol layers, such as signaling connection control part (SCCP), transaction capabilities application part (TCAP), and global system for mobile Communications – mobile application part (GSM MAP), manage connectivity between networks and subscribers. An analysis of the parameters of these layers may provide a clear insight into any anomalies present. Unfortunately, these parameters are not validated and verified at the network’s edge. The major contribution of this research is a methodology for detecting anomalies by checking malformed parameters and intra-layer parameter discrepancies at the abovementioned protocol layers. This paper provides an insight into the severity of SS7 network security vulnerabilities. Furthermore, it provides a proof of concept for the analysis of SS7 network traffic using the Wireshark packet capture tool and the Snort intrusion detection system (IDS) capable of detecting malicious traffic patterns.

Słowa kluczowe

EN

mobile network; signaling network security; SS7

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2022
• Tom: nr 1
• Strony: 64--71
• Opis fizyczny: Bibliogr. 18 poz., rys., tab.

Twórcy

autor

Afzal Rafia

• School of Computer Science and Engineering, Taylor's University, 47500 Subang Jaya, Selangor, Malaysia

• https://orcid.org/0000-0002-5299-1366

autor

Murugesan Raja Kumar

• School of Computer Science and Engineering, Taylor's University, 47500 Subang Jaya, Selangor, Malaysia

• https://orcid.org/0000-0001-9500-1361

Bibliografia

• [1] „5G-ready next-generation signaling firewall", Positive Technologies, 2019 [Online]. Available: https://positive-tech.com/storage/Signaling-NgFW.pdf
• [2] S. P. Rao, S. Holtmanns, and T. Aura, „Threat modeling framework for mobile communication systems", arXiv:2005.05110, 2020.
• [3] B. Welch, „Exploiting the weaknesses of SS7", Network Secur., vol. 2017, no. 1, pp. 17-19 (DOI: 10.1016/S1353-4858(17)30008-9).
• [4] K. Ullah et al., „SS7 vulnerabilities - a survey and implementation of machine learning vs rule based filtering for detection of SS7 network attacks", IEEE Commun. Surv. and Tutor., vol. 22, no. 2, pp. 1337-1371, 2020 (DOI: 10.1109/COMST.2020.2971757).
• [5] I. Ahmad et al., „Security for 5G and beyond", IEEE Commun. Surv. and Tutor., vol. 21, no. 4, pp. 3682-3722, 2019 (DOI: 10.1109/COMST.2019.2916180).
• [6] H. Zhang and L. Dai, „Mobility prediction: A survey on state-of-the-art schemes and future applications", IEEE Access, vol. 7, pp. 802-822, 2019 (DOI: 10.1109/ACCESS.2018.2885821).
• [7] S. Puzankov, „Stealthy SS7 attacks", J. of ICT Standard., vol. 5, no. 1, pp. 39-52, 2017 (DOI: 10.13052/jicts2245-800X.512).
• [8] M. B. Savadatti and D. Sharma, „SS7 network and its vulnerabilities: An elementary review", Imperial J. of Interdiscip. Res. (IJIR), vol. 3, no. 3, pp. 911-916, 2017 [Online]. Available: http://www.onlinejournal.in/IJIRV3I3/153.pdf
• [9] S. Holtmanns, I. Oliver, and Y. Miche, „Mobile subscriber profile data privacy breach via 4G diameter interconnection", J. of ICT Standard., vol. 6, no. 3, pp. 245-262, 2018 (DOI: 10.13052/jicts2245-800X.634).
• [10] K. Jensen, H. T. Nguyen, T. V. Do, and A. Arnes, „A big data analytics approach to combat telecommunication vulnerabilities", Cluster Comput., vol. 20, no. 3, pp. 2363-2374, 2017 (DOI: 10.1007/s10586-017-0811-x).
• [11] S. P. Rao, B. T. Kotte, and S. Holtmanns, „Privacy in LTE networks", in Proc. 2nd Int. Worksh. on 5G Secur. - 9th EAI Int. Conf. On Mob. Multimed. Commun. MOBIMEDIA 2016, Xi'an, China, 2016, pp. 176-183 (DOI: 10.4108/eai.18-6-2016.2264393).
• [12] S. P. Rao, I. Oliver, S. Holtmanns, and T. Aura, „We know where you are!", in Proc. I8th Int. Conf. on Cyber Conict CyCon 2016, Tallinn, Estonia, 2016, pp. 277-293 (DOI: 10.1109/CYCON.2016.7529440).
• [13] T. Engel, „SS7: Locate. Track. Manipulate", in Proc. 31th Chaos Commun. Congr. 31C3 2014, Hamburg, Germany [Online]. Available: https://berlin.ccc.de/~tobias/31c3-ss7-locate-trackmanipulate.pdf
• [14] S. R. Hussain, M. Echeverria, A. Singla, O. Chowdhury, and E. Bertino, „Insecure connection bootstrapping in cellular networks: the root of all evil", in Proc. of the 12th Conf. on Secur. and Priv. in Wirel. and Mob. Netw. WiSec 2019, Miami Florida, USA, 2019, pp. 1-11 (DOI: 10.1145/3317549.3323402).
• [15] A. D. Oliveira and C. D. Nguyen, „Tids: A framework for detecting threats in telecom networks", Hack.lu 2017, 2017 [Online]. Available: http://archive.hack.lu/2017/HackluPOST TIDS framework.pdf
• [16] R. Panigrahi, S. Borah, A. K. Bhoi, and P. K. Mallick, „Intrusion detection systems (IDS) - an overview with a generalized framework", in Cognitive Informatics and Soft Computing, P. Mallick, V. Balas, A. Bhoi, and G. S. Chae, Eds. AISC, vol. 1040, pp. 107-117. Springer, 2020 (DOI: 10.1007/978-981-15-1451-7 11).
• [17] M. Pawlicki, M. Chora±, and R. Kozik, „Defending network intrusion detection systems against adversarial evasion attacks", Future Gener. Com. Syst., vol. 110, pp. 148-154, 2020 (DOI: 10.1016/j.future.2020.04.013).
• [18] H. Hindy et al., „A taxonomy of network threats and the effect of current datasets on intrusion detection systems", IEEE Access, vol. 8, pp. 104650-104675, 2020 (DOI: 10.1109/ACCESS.2020.3000179).