Conventional IP networks are well understood in terms of security vulnerability, and how to protect against attacks. Even so, specific attacks (Stuxnet, etc) have shown that well engineered attacks are still viable. With the increasing rise of cellular networks as a critical communications network for voice and data our attention must turn to how to protect these networks. One problem is that cellular networks have been designed by companies well versed in RF design, and not security, and security professionals are not well versed in RF systems. Our premise is that these systems are open to attacks against the infrastructure. The narrow spectrum bandwidths available in cellular systems require complicated signaling protocols in order to maximize utilization of that critical spectrum. Complicated protocols lend themselves to DoS attacks, and our premise is that this is very much the case in cellular systems with attacks against Handsets, Base-station, HLRs, as well as central equipment being entirely possible. In this presentation we will look at some possible attack vectors, complications of looking for vectors and the problems in attributing exploits to handsets and users in a system where IP address attribution is pointless. We will also discuss the implementation and testing of a research system design to apply traditional security tools to the Core Network of production 3G UMTS systems.
Jason MacLulich joined Endace in May of 2005 and is currently a Senior Software Architect with Endace Technologies overseeing software architecture across the company’s product line; this includes not only security but data storage, latency, network analytics and virtualization. Jason helped design and implement the mobile security system that was deployed in a pilot study last year based around Endace’s other security offerings; this security system is able to record and track IP based vulnerabilities to users handsets. Jason’s security experience also includes work on the design and development of Suricata, a project run by the Open Information Security Foundation (OISF) and funded by the US DHS.