long term evolution and femtocells mini-project security and cooperation in wireless networks | epfl...
Post on 15-Jan-2016
216 views
TRANSCRIPT
Long Term Evolution and Femtocells
Mini-ProjectSecurity and Cooperation in Wireless Networks | EPFLJanuary 19, 2010
By Igor Bilogrevic, LCA1Supervisor: Jean-Pierre Hubaux
Why Next Generation Networks ?
19/01/2010Security and Privacy in Next Generation Mobile Networks 2
Higher data-rate demands Smartphones, laptops with 3G modems,
multimedia apps
Origin of mobile network traffic*
Weak indoor coverage* Presentations by ABI Research, Picochip, Airvana, IP.access, Gartner, Telefonica Espana, 2nd Int’l. Conf. Home Access Points and Femtocells;http://www.avrenevents.com/dallasfemto2007/purchase_presentations.htm
Femtocells
19/01/2010Security and Privacy in Next Generation Mobile Networks 3
Home base stations for mobile networks Licensed spectrum Low-power, low-range At user’s premises Operated by cell. provider Cellular access through
fixed broadband connection (ADSL,…)
Why femtocells? Better throughput, coverage, lower prices for
users Unload wide area cellular networks, reduce op.
costs
Problem Statement
New mobile network architecture Long Term Evolution is All-IP (EPS) Untrusted connection: cell site operator User-installed but operator controlled
equipment
Challenges
Contributions19/01/2010Security and Privacy in Next Generation Mobile Networks 4
1. Context-aware, user-triggered temporary ID change
2. DDoS protection offer/demand model between ISPs and mobile operators
Outline
1. Related Work
2. Identity and Location Privacy Context-aware, user-triggered ID change
3. Distributed Denial of Service (DDoS) Protection
Location-aware DDoS defense for femtocell networks
4. Conclusion and Future Work
19/01/2010Security and Privacy in Next Generation Mobile Networks 5
1. Related Work
Privacy in cellular networks Subscriber de-anonymization using GSM
location traces [DeMulderDBP2008] Privacy-preserving 3-way authentication
protocol (PP3WAKA) [KoeinO2006] Mobile device – serving network – home network
Security in the core network Nobody talks about it Economics of DDoS attacks on femtocell
gateways [SeguraL2009] Criminal organizations queried for costs of
bandwidth attacks19/01/2010Security and Privacy in Next Generation Mobile Networks 6
2. Identity and Location Privacy Currently in UMTS/LTE
Each device is assigned a temporary identifier
Operator decides when to renew it (one each 100 cells)
19/01/2010Security and Privacy in Next Generation Mobile Networks
Pseudo A
Pseudo A
Pseudo B
Pseudo A
Pseudo C Pseudo
A
Pseudo D
7
2. Identity and Location Privacy Substantial research in
mobile/vehicular ad hoc networks Temporary identifiers (pseudonyms) Mix zones [FreudigerSH2009]
Idea for cellular networks
19/01/2010Security and Privacy in Next Generation Mobile Networks 8
Context-aware, device-triggered
temporary ID change
but
Challenges Standards Implementation
Intuition Use femtocell location
to enhance protection Only « insiders »
allowed to connect
Model Interaction ISPs – mobile op
ISPs offer protection, can collaborate Mobile operator chooses to be protected or not
Each entity wants to maximize individual benefits
3. DDoS Protection
19/01/2010Security and Privacy in Next Generation Mobile Networks 9
XX
XXXX
Femto GW
Attacker
« Game Theory … what else ? »
19/01/2010Security and Privacy in Next Generation Mobile Networks 10
Game Theory Stackelberg game Complete
information
Players Mob. Op leader, plays first ISPs followers, know
the leader’s strategy, one-shot game
Strategies Mob. Op. {Protected, Vulnerable} = {P, V} ISPs {Alone, Cooperate, Nothing} = {A, C,
N}
3. DDoS Protection
3. DDoS Protection
Payoffs
19/01/2010Security and Privacy in Next Generation Mobile Networks 11
“
,
,
,
,
Symbol Definition
catt Attack induced cost for Mob. Op.
ρ % of attack cost for which Mob. Op. wants to be protected
αj % of Internet traffic share of ISP j
j % of femtocell subscribers connected to Internet through ISP j
P # of cooperating ISPs
,
,
3. DDoS Protection
Results Mobile operator
ISP j
19/01/2010Security and Privacy in Next Generation Mobile Networks 12
3. DDoS Protection
Numerical evaluation 2 games
1 mobile operator, 2 ISPs
19/01/2010Security and Privacy in Next Generation Mobile Networks 13
= 0.5 = 0.9
Nash equilibrium is (Alone, Nothing)
Nash equilibrium is (Alone, Alone) ?
4. Conclusion Security and privacy are still an issue
LTE has shortcomings even before its debut All-IP is more efficient but more exposed to
attacks
Contributions Identified privacy and security challenges in LTE Suggested context-aware, user-triggered
temporary ID change inspired by MANET research
Modeled and numerically evaluated DDoS defense dynamics between ISPs and mobile network operators
19/01/2010Security and Privacy in Next Generation Mobile Networks 14
4. Future Work
Privacy Feasibility study of proposed idea Implementation on mobile devices (N900 ?)
How easy is it to get cell ID on mobile phone? P2P communication? How to trigger core network action?
DDoS Security Improve flaws of current model
Refine payoff functions, system parameters, effectiveness of ISPs if not exclusive provider
19/01/2010Security and Privacy in Next Generation Mobile Networks 15
References [DeMulderDBP2008] Y. De Mulder, G. Danezis, L. Batina, and
B. Preneel, “Identification via location-profiling in GSM networks,” in Proceedings of the 7th ACM workshop on Privacy in the electronic society. ACM New York, NY, USA, 2008, pp. 23–32.
[FreudigerSH2009] J. Freudiger, R. Shokri, and J.-P. Hubaux, “On the optimal placement of mix zones,” in The 9th Privacy Enhancing Technologies Symposium. Springer, 2009.
[KoeinO2006] G. Koien and V. Oleshchuk, “Location Privacy for Cellular Systems; Analysis and Solution,” Lecture Notes in Computer Science, vol. 3856, p. 40, 2006.
[SeguraL2009] V. Segura and J. Lahuerta, “Modeling the economic incentives of DDoS Attacks: femtocell case study,” The Eighth Workshop on the Economics of Information Security (WEIS 2009), 2009.
19/01/2010Security and Privacy in Next Generation Mobile Networks 16
19/01/2010Security and Privacy in Next Generation Mobile Networks 17
Backup Slides
Network Architectures
3G: UMTS vs LTE
19/01/2010Security and Privacy in Next Generation Mobile Networks 18
Security and Privacy Challenges
New threats Attacks on femtocells Attacks on backhaul and core network (IPsec
tunnel)Security and Privacy in Next Generation Cellular Networks
Source: www.SafeNet-Inc.com
21/04/23 19
Location and Identity Privacy UMTS and LTE identity
management Temporary identifiers (“pseudonyms”)
Security and Privacy in Next Generation Cellular Networks
LA 0LA 1
LA 2
LA 3
Pseudo A
Pseudo B
Pseudo C
Pseudo D
21/04/23 20