In GSM, paging request messages are broadcast, implying that a passive eavesdrop

Question

In GSM, paging request messages are broadcast, implying that a passive eavesdropper can observe these messages. Further, the paging request/response is performed before any authentication or cipher setup takes place. In this respect, paging messages are similar to WiFi beacon and probe messages. As with beacons and probes, an adversary may spoof messages that are indistinguishable from real messages.

(d) Describe a denial of service attack using only the aforementioned features of the paging request/response messages. Detail your scheme and sketch why it prevents access to one (or more) MS.

Explanation / Answer

Two specific properties of GSM networks and its protocols.

Network State: GSM networks involve complicated state machines and face high amounts of traffic whereas operational on tight radio resource constraints. Consequently, it's fascinating to stay states as short as potential.

Broadcast Information: the paging procedure is initiated on a broadcasting, specifically the PCH portion of the CCCH, and additional significantly is performed before any authentication or cipher setup takes place. this suggests that any subscriber, as well as associate degree somebody phone, is ready to watch paging requests for different subscribers, and the inherent inability of the network to differentiate between a faux paging response and a real one.As a web result, it's potential to use these aspects to send paging response messages on behalf of a victim being paged. The network stack will beneath no circumstances confirm that of the replies is that the legitimate paging response by the supposed subscriber.

The GSM documents don't specify the network behavior in such a scenario. Therefore, the behavior of such a race condition is implementation dependent and will be exploitable. However, the state machine nature of GSM protocols counsel that if associate degree offender is ready to answer a paging request quicker than the supposed subscriber, can|it'll} now not be during a state during which it expects a paging response and therefore will ignore the message of a victim. Consequently, the victim can receive a channel unleash message from the network. Next, the service setup won't succeed if the offender doesn't offer the proper cryptanalytic keys needed to finish authentication and cipher setup. consequently, the service setup cannot proceed and as an example, a decision are born. The result's a completely unique and powerful denial of service attack against MT services that one. doesn't admit frequency jamming; two. doesn't admit resource exhaustion; and three. is extremely arduous to observe. we tend to verified that it's so potential to win the race for the quickest paging latency, as we are going to demonstrate.

Keep an audit trail that describes what was changed and why

Locked in a file cabinet somewhere may be a document explaining the original purpose of your network design and its interdependencies. For any change to the network to be made, the document should be consulted and updated.

The lesson to learn here is to revisit your auditing trail and ensure that it encompasses both the details of your current changes and the reasoning behind your current infrastructure. With this method, both the common and uncommon configurations of your network are protected from the occasional error.

Keep people aware of old configurations and their purpose:To develop and maintain an awareness of older, and often trusted, network configurations you need to pay special attention to your personnel changes during the development of your business and the expansion of your network infrastructure. Because it is unlikely that you will redesign your entire network infrastructure annually, configurations performed one year may stay around in your network until someone stumbles upon them. To prevent configuration settings being missed, you need to make new personnel aware of these configurations during orientation or as part of annual auditing.

Without this type of training, you may do a disservice to your personnel by putting them in a position where they could damage their network and possibly their reputation unknowingly. Keep this potential cause of emergencies on the minds of your new administrators and you will go a long way to encouraging that they investigate configurations before changing them.

When something is different, ask why:In any company, the work performed by one employee is as important as the work performed by any other employee. For this reason, an administrator auditing the configuration of a network needs to appreciate that each of the network's configurations, and the settings of the programs that use that network, are the work of a colleague and deserve the same respect that the administrator himself would like for his work. Consequently, when discovering a design that is unusual it is important for that administrator to investigate this peculiarity instead of taking it upon himself to force the design into conformity with some new initiative or standard.

The practice to develop is to go further in developing an inquisitive culture amongst your administrators and, in contrast, to discourage the rote or mechanical routine of processing network changes. You may appear to lose efficiency by having changes take longer with this attitude, but the savings are considerable when compared to the loss of service you can experience when administrators make changes without a solid understanding of the network's settings.

Know the trade-offs between simplicity, cost, and survivability:There is a tendency to praise simplicity above complexity for the benefit of administrative costs. While there is truth behind this approach, you must also consider the affect that simplicity can have on being able to support unforeseen problems. In designing your network in a simplified manner, you leave yourself open to the repercussions of a simple mistake.

The benefit of a complex network design is greater than the stability obtained through fault tolerance and redundancy. A complex design can benefit the complex business needs you are trying to support. When we simplify the way business information travels across our network, we need to consider whether or not we are serving our administrative needs second and our customers and users business first.

Protect yourself against hackers:Can you predict where a hacker will attack your network? Developing this anticipation comes from facing the reality of being hacked. While we do not want to say anything which could infer that hackers do anyone a service, to develop this intuitive awareness you need to "hack" your network yourself by imagining what a hacker would do to attack it. This will develop a sensitivity to where your network is exposed to hackers and help you in auditing your network's weak points.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.