SMART: Today's talk by Thomas F. La Porta [Security and IP-Based 3G Wireless Networks]
Giorgio Zanin
Title : Security and IP-Based 3G Wireless Networks
Speaker : Thomas F. La Porta (The Pennsylvania State University)
Date : Monday, May 29, 2006
Venue & Time : Aula Alfa, 113 Via Salaria. 3:00 PM
Abstract : Telecommunication networks are evolving from closed systems with
limited, standardized services, to open systems which will allow great
creativity in building and deploying new services. These systems will
heavily leverage Internet technology in an effort to create this open
environment. This evolution is being aggressively pursued by Wireless
Service Providers (WSPs). Along with the benefits of these networks
come increasingly high risks of a variety of attacks that may compromise
security.
Current, so called second generation (2G) wireless telecommunication
networks are implemented using standardized control protocols
for user and device authentication, mobility management, session
control and services control. These networks are closed in the sense that
control messages are exchanged on a private packet-switched network
based on the Signaling System No. 7 standards. Because of their closed
nature, there are few successful attacks on these networks. The next,
so called third generation (3G) wireless telecommunication networks are
migrating towards IP technology, with the ultimate goal being an all-IP
network. Standards for these systems, called the IP Multimedia
Subsystem (IMS) are being defined by the Third Generation Partnership
Projects (3GPP and 3GPP2). These networks will use IP for
transport of information, and Internet protocols such as the Session
Initiation Protocol (SIP) and Mobile IP, for session control and mobility
management. These networks open the possibility for IP-based
services and must interwork with 2G networks.
Because new services will be introduced in the IP-domain of these networks,
new attacks on 3G networks are possible. Because IP networks are more
accessible than SS7 networks, the control portion of the 3G networks is now
more vulnerable to attack. These attacks may be remote denial of service
attacks, or attacks that target the integrity of specific services.
The means of the attack may vary depending on the interworking model used and the service being offered. In this talk we discuss the different security risks in IP-based 3G networks, different attack types, and the trade-offs of high performance, open network architectures versus secure network infrastructure.
http://www.dsi.uniroma1.it/smart/
Please feel free to extend this invitation to other interested people.