Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The security is always a big concern for networks. 3G network depends on GPRS Tu

ID: 3856027 • Letter: T

Question

The security is always a big concern for networks. 3G network depends on GPRS Tunnel Protocol(GTP), key protocols in the 3G the core network. In the flat, full IP environment, the GTP is known to vulnerable to attacks . Peng et al. discussed different type of attacks (Protocol abnormal attack, Infrastructure attack (GTP Deception), Resource consumption attack) targeting GTP. Also they suggested that solution based on GTP traffic analysis and filter.

For 4G network, do you think the same attacks are still possible or there are others ones? Why?

Explanation / Answer

Answer:

The changes specific to 4G permit unique variations on older attacks. By understanding the nature of these threats and vulnerabilities, carriers and service providers can act to mitigate them. Threat

1: Wireless APN flooding:

The expanding bandwidth of 4G provides a larger attack surface for cybercriminals. The dribble of data through a 24 kb– 256 kb 2G and 3G wireless network becomes a flood of data with 3-150 Mbit 4G networks. In the absence of aggressive countermeasures, criminal activities will consume so much of this new bandwidth that users who have paid to upgrade to 4G service will get 2G speeds, as was illustrated in our earlier example, the attackers’ automated probing and scanning software and the traffic from “enslaved” devices that can quickly monopolize core bandwidth. These actions can flood the wireless architecturally private network (APN) that connects the mobile devices of the 4G network to the Internet. The attacks can consume the “last mile” of scarce, wireless capacity (radio frequencies are physically limited assets—you cannot add more to get more capacity as with fiber or copper wire) and degrade service levels.

2: Mobile to mobile attacks:

Unlike 3G traffic that tunnels directly into the core IP network from the mobile device, 4G traffic is all IP-based and can travel directly from mobile device to mobile device inside the wireless APN. This “peer to peer” (P2P) communication reduces backhaul traffic. However, it also permits mobile-to-mobile (Mob2Mob) attacks.

3: eNodeB/Femtocell/Microcell compromise:

As part of a cost containment strategy, many carriers are adopting virtualization technology at the radio edge, in the mobility management infrastructure, and even in the networks.6 These commodity hardware platforms and commercial, off-the-shelf software components have the ability to increase equipment utilization and drive down capital and operating costs. However, virtualization in mobile networks may also introduce vulnerabilities that attackers can exploit. For example, a common eNodeB (4G basestation) may use a virtualized Linux operating system instead of a custom OS that has been explicitly hardened—made secure—during development. If a virtualized eNodeB in the 4G network is successfully attacked through a security flaw in the commercial hypervisor or operating system of application (radio) software, it may fail. Or, worse, it may become a launching pad for attacks against the overall network management infrastructure behind it. Each lost Femtocell hurts service availability for multiple users. With its position in the IP core, loss or compromise of the management infrastructure takes down a much higher number of users. It is the critical control point for the 4G network, accessible from Femtocells, Microcells, and eNodeB as a matter of design.

4: Machine to machine fragility :

The Internet of Things (IOT) includes not only devices managed by people, such as desktops and smartphones, but semiautomated and fully automated devices that control physical outcomes, such as traffic lights, pipeline pressure sensors, electrical grids, and water utilities. These devices are sometimes referred to as engaging in “machine-to-machine” (M2M) networking. Traditionally, these fixed-function devices were built without much concern for security, since they used limited, dedicated networks that were not connected to a public network.

5: Lawful intercept compliance :

National regulations and licensing rules typically obligate carriers to intercept many different types of traffic when they receive a judicial order. In 4G networks, full interception for a given endpoint requires data collection at up to three different places in the IP network.

Edge cache traffic—Create a system for managing copies of frequently requested content that is stored at the edge of the network, so one copy can serve many endpoints without multiple downloads through the backhaul network. • Voice calls—Track and intercept voice over IP and voice over LTE traffic. • Internet traffic—Intercept “long haul” email and web interactions headed to and from the Internet directly (versus the edge cache).

6: VOLTE service assurance:

So far, we have looked at the weaknesses of different devices that participate in the “data” side of the 4G network, which leads to the open Internet and the wealth of data and services to be found there. However, there are other services that will reside entirely inside the 4G network. These services represent substantial value to device users: namely, the voice services and media services. VOIP attack tactics that have evolved on the Internet can be used just as effectively against VOLTE, even if the VOLTE infrastructure is not accessible from the Internet. Why? Because VOLTE infrastructure must be accessible from any mobile device subscribing to voice services from the service provider. In this age of pre-paid accounts and phones purchased and topped-up from automated kiosks, restricting only “friendly” and recognized subscribers to the VOLTE infrastructure is difficult.

7: Content and media delivery

Paid-for content and media, such as movies or music-on-demand, are another element of the 4G broadband ecosystem. They present the potentiality of significant additional revenues to service providers, especially since up to 50 percent or more of the data travelling over the Internet is already video, according to Cisco.7 Making video and music available from localized portals connected directly to the wireless APN can offer performance and variety (due to formalized licensing and digital rights management) that cannot be had from “over the top” services accessed via the Internet

Related Questions

The second picture part of the first problem on it as well, it was a little more
Question #2936369
The second picture part of the first problem on it as well, it was a little more
Question #3339964
The second programming project involves writing a program that accepts an arithm
Question #3790745
The second programming project involves writing a program to calculate state inc
Question #3537539
The second project involves completing and extending the C++ program that evalua
Question #3577706
The second project involves completing and extending the C++ program that evalua
Question #3579706
The second project involves completing and extending the C++ program that evalua
Question #3675952
The second project involves completing and extending the C++ program that evalua
Question #3857467
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The security features of RSA are based on the mathematical principle that each i
Next
The security market line (SML) relates risk to return, for a given set of market

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.