Domain-specific Threat Modeling for Mobile Communication Systems

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Advanced Materials for Innovation and Sustainability
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
As the attack surface and the number of incidents in mobile communication net- works increase, threat intelligence gathering and sharing among different parties becomes essential. There are many generic threat modeling frameworks for soft- ware and information system, but none of them is targeted for the telecommunication industry. A common conceptual framework and threat taxonomy is needed for communicating the threats between industry players or to form a high-level view of the state of security of a mobile network. Therefore, Nokia Bell Labs has developed the Bhadra framework, a conceptual framework for threat modeling in mobile communication systems. The goal of this thesis is to improve the Bhadra framework and explore its use cases. First, we developed a web tool to support the threat and attack modeling process with the framework. We modeled 60 attacks from literature with the tool. To improve the framework, we performed two iterations of framework refinement. First, we added some missing techniques found during the attack modeling process. Second, we conducted peer modeling and sought input from security experts. Based on the results, we added the Reconnaissance tactic to cover adversarial behavior before gaining an initial foothold, modified and reorganized the attacks techniques, and edited technique descriptions to provide clearer definitions and concrete examples. Additionally, we performed a graph-theoretic analysis of the 60 attack models to gain insights on the relative importance of the attack techniques, the diversity of the attack paths from initial access to impact, and common attack patterns. Moreover, we evaluated the usability of the tool and the reliability and usefulness of the refined framework. The study participants generally gave positive feedback about the usability of the tool and the framework. Furthermore, the participants are interested in integrating the framework or the tool into their work processes, including threat modeling, mitigation and prevention, anomaly detection and investigation, threat intelligence sharing, and security management.
Aura, Tuomas
Thesis advisor
Rao, Siddharth
threat modeling, security framework, mobile communication, telecommunication, graph analysis, usability study
Other note