DeepSec 2018 Talk: New Attack Vectors for the Mobile Core Networks – Dr. Silke Holtmanns / Isha Singh
DeepSec has a long tradition of tackling the security of mobile networks and devices alike. The first DeepSec conference featured a presentation about the A5/1 crack. Later one we offered trainings covering mobile network security and weaknesses. So we are proud to announce Isha Singh’s and Silke Holtmanns’ talk about new attack vectors. Here is a brief summary:
“Roaming or being called from abroad is being something we take for granted.”, says Silke Holtmanns. “Technically it implies that large networks communicate with each other across geographical and political boundaries. Those communication and the network behind is not well known and understood by most cellular users. This network, its background, security and usage will be explained. We will highlight the attack vectors for 2G, 3G and 4G networks and give an outlook on 5G. We describe how attackers get in and what they can do. The industry has defined general and specific measures to counteract and mitigate those attacks, we will give an outlook, what can be done in practice to stop attackers.”
Structure of the talk:
- Introduction & background
- Introduction to interconnection network (What is it, how does it work)
- Why is it important for all of us?
- Where does it come from? (Basics to understand the problems)
- Existing attacks (Focus on 3G/4G)
- Who are the attackers?
- What is done against them? (Focus on EU ENISA, USA FCC and GSMA work)
- How do they get in (Real examples will be shown)
- Attacks & Countermeasures
- Introduction to network set-up (So the demonstration is understandable)
- Presentation of high level attack scenarios for DoS / Fraud / Data Interception using the charging system
- Demonstration of those attacks in testlab
- User impacts (What do these attacks mean on a personal level?)
- Countermeasures and fixes
- Wrapping up
- Outlook for 5G – Main security challenges
Dr Silke Holtmanns is a distinguished member of technical staff and security specialist at Nokia Bell Labs. She researches new attack vectors and mitigation approaches. The creation of new and the investigation of existing security attacks using SS7, Diameter and GTP via the Interconnect lead to new countermeasures for 4G/5G networks. Her focus lies on the evolution and future of security for mobile networks. For 5G she investigates potential risk areas coming from the combination of IT security and signaling threats. As an expert on existing and future attack patterns for interconnection security, she provides advice and input to customers, standard boards, and regional and national regulating governmental bodies e.g. in US FCC and EU ENISA. She has over 18 years of experience in mobile security research and standardization with strong focus on 3GPP security and GSMA. She is rapporteur of ten 3GPP specifications and of the GSMA Interconnection Diameter Signalling Protection document. She is (co)-author of more than 70 security publications.
Isha Singh is the co-autor of the talk that will be presented at DeepSec. Isha is a masters student at Aalto University in Finland and doing her thesis research work at Nokia Bell Labs under the guidance of Dr. Silke Holtmanns. She has a Masters in Wireless Communication and Machine Learning. She has published paper on smart city environmental perception from ambient cellular signals and 5G Ubiquitous sensing. Isha is passionate about IoT devices and their security in the 5G scenario. She has experience working on embedded devices (Arduino, Raspberry Pi) for multiple projects like Analog to Digital converter used in optical communication and face recognition. Presently Isha is exploring Cybersecurity, starting from the mobile communication core network security. Testing loopholes and providing solutions using Machine Learning.