Signaling Security in LTE Roaming
Loading...
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Author
Date
2019-05-06
Department
Major/Subject
Communications Engineering
Mcode
ELEC3029
Degree programme
CCIS - Master’s Programme in Computer, Communication and Information Sciences (TS2013)
Language
en
Pages
67 + 3
Series
Abstract
LTE (Long Term Evolution) also known as 4G, is highly in demand for its incomparable levels of experience like high data rates, low latency, good Quality of Services(QoS) and roaming features. LTE uses Diameter protocol, which makes LTE an all IP network, connecting multiple network providers, providing flexibility in adding nodes and flexible mobility management while roaming. Which in turn makes LTE network more vulnerable to malicious actors. Diameter protocol architecture includes many nodes and the communication between the nodes is done through request and answer messages. Diameter manages the control session. Control session includes the signaling traffic which consists of messages to manage the user session. Roaming signaling traffic arises due to subscribers movement out of the geographical range of their home network to any other network. This signaling traffic moves over the roaming interconnection called S9 roaming interface. This thesis project aims to interfere and manipulate traffic from both user-to-network and network-to-network interfaces in order to identify possible security vulnerabilities in LTE roaming. A fake base-station is installed to establish a connection to a subscriber through the air interface. The IMSI (International Mobile Subscription Identity) is captured using this fake station. To explore the network-to-network communication an emulator based LTE testbed is used. The author has investigated how Diameter messages can be manipulated over the S9 interface to perform a fraud or DoS attack using the IMSI number. The consequences of such attacks are discussed and the countermeasures that can be considered by the MNOs (Mobile Network Operators) and Standardization Committees.Description
Supervisor
Kantola, RaimoThesis advisor
Holtmanns, SilkeKeywords
LTE, diameter, EPC, diameter roaming, PCC, IPX