Exploiting open functionality in SMS-capable cellular networks

Journal of Computer Security

Volumn 16, Issue 6, 2008, Pages 713-742

  Traynor, Patrick ^a,b   Enck, William ^a   McDaniel, Patrick ^a   La Porta, Thomas ^a  

^a The Pennsylvania State University   (United States)

^b 344 IST/CSE Building ^*  (United States)

Author keywords

Denial of service; Open functionality; SMS; Telecommunications

Indexed keywords

CELLULAR NEURAL NETWORKS; CELLULAR TELEPHONE SYSTEMS; MODEMS; TELECOMMUNICATION; TELECOMMUNICATION SYSTEMS; TELEPHONE CIRCUITS; TELEPHONE SYSTEMS;

CABLE MODEMS; CELLULAR NETWORKS; CELLULAR PHONE NETWORKS; COUNTER-MEASURES; CRITICAL COMPONENTS; DENIAL-OF-SERVICE; MANHATTANS; NETWORK BEHAVIORS; NEW SERVICES; OPEN-FUNCTIONALITY; SMS; SOCIAL INFRASTRUCTURES; TEXT MESSAGES; UNITED STATES; VOICE SERVICES; WASHINGTON; WIRELESS SUBSCRIBERS;

WIRELESS NETWORKS;

EID: 55849122324     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2007-0308     Document Type: Article

References (57)

1. Denial of service attacks, Technical report, CERT Coordination Center, October 1997, http://www.cert.org/tech_tips/denia_of_service.html.
2. Mobile networks facing overload, December 31, 2003, http://www. gateway2rassia.com/st/art_187902.php.
3. Record calls, text again expected for nye, December 31, 2004, http://www.itnews.com.au/newsstory.aspx?CIaNID=17434.
4. 3rd Generation Partnership Project, Physical layer on the radio path; general description, Technical report 3GPPTS 05.01 v8.9.0.
5. 3rd Generation Partnership Project, Technical realization of the short message service (sms), Technical report 3GPP TS 03.40 v7.5.0.
6. A. Arpaci-Dusseau and R. Arpaci-Dusseau, Information and control in gray-box systems, in: Proceedings of Symposium on Operating Systems Principles (SOSP), 2001, pp. 43-56.
7. T. Aura, P. Nikander and J. Leiwo, Dos-resistant authentication with client puzzles, in: Proceedings of Cambridge Security Protocols Workshop, 2000.
8. S. Bellovin, Security problems in the TCP/IP protocol suite, Computer Communications Review 19(2) (1989), 32-48.
9. S. Berg, A. Taylor and R. Harper, Mobile phones for the next generation: Device designs for teenagers, in: Proceedings ACM SIGCHI Conference on Human Factors in Computing Systems, 2003, pp. 433-440.
10. S. Buckingham, What is GPRS?, 2000, http://www.gsmworld.com/technology/ gprs/intro.shtml#5.
11. J.V.D. Bulck, Text messaging as a cause of sleep interruption in adolescents, evidence from a crosssectional study, Journal of Sleep Research 12(3) (2003), 263.
12. N. Burnett, J. Bent, A. Arpaci-Dusseau and R. Arpaci-Dusseau, Exploiting gray-box knowledge of buffer-cache management, in: Proceedings of USENIX Annual Technical Conference, 2002, pp. 29-44.
13. S. Byers, A. Rubin and D. Kormann, Defending against an internet-based attack on the physical world, ACM Transactions on Internet Technology (TOIT) 4(3) (2004), 239-254.
14. A. Choong, Wireless watch: Jammed, September 7, 2004, http://asia.cnet.com/reviews/handphones/wirelesswatch/0,39020107,39186280,00. htm.
15. Cingular Wireless, Text messaging, https://www.cingular.com/media/ text_messaging_purchase.
16. Cingular Wireless, Cingular Customer Forums: Re: send a text message from the Web, 2006, http://forums.cingular.com/cng/board/message?board.id= messaging&message.id=8997#M8997.
17. Cisco Systems Whitepaper, A study in mobile messaging: The evolution of messaging in mobile networks, and how to efficiently and effectively manage the growing messaging traffic, Technical report, 2004, http://www.cisco.com/warp/ public/cc/so/neso/mbwlso/mbmsg_wp.pdf.
18. Computer Associates, Carko, http://www3.ca.com/securityadvisor/pest/pest. aspx?id=453075555.
19. COSMOTE Whitepaper, COSMOTE and the 'Athens 2004' Olympic sponsorship, Technical report, 2003, http://www.cosmote.gr/content/en/attached_files/ investorrelations/COSMOTE_Annual_Report_2003_77-84.pdf.
20. W. Enck, P. Traynor, P. McDaniel and T.F. La Porta, Exploiting open functionality in SMS-capable cellular networks, in: Proceedings of the ACM Conference on Computer and Communication Security (CCS), November 2005.
21. J. Evers, Is your cell phone due for an antivirus shot?, 2006, http://news.com.com/Is+your+cell+phone+due+for+an+antivirus+shot/ 2100-7349_3-6042745.html.
22. F-Secure Corporation, F-Secure virus descriptions: Cabir.h, December 2004, http://www.f-secure.com/v-descs/cabir_h.shtml.
23. F-Secure Corporation, F-Secure virus descriptions: Skulls.a, January 2005, http://www.f-secure.com/v-descs/skulls.shtml.
24. M. Grenville, Operators: Celebration messages overload sms network, November 2003, http://www.160characters.org/news.php?action=view&nid=819.
25. K. Houle and G. Weaver, Trends in denial of service attack technology, Technical report, CERT Coordination Center, October 2001, http://www.cert.org/ archive/pdf/DoS_trends.pdf.
26. Intel Whitepaper, SMS messaging in SS7 networks: Optimizing revenue with modular components, Technical report, 2003, http://www.intel.com/network/csp/ pdf/8706wp.pdf.
27. J. Ioannidis and S. Bellovin, Implementing pushback: Router-based defense against DDoS attacks, in: Proceedings of Network and Distributed System Security Symposium, February 2002.
28. A. Juels and J.G. Brainard, Client Puzzles: A cryptographic countermeasure against connection depletion attacks, in: Proceedings of Network and Distributed System Security Symposium (NDSS), 1999.
29. S. Kasera, J. Pinheiro, C.L.M. Karaul, A. Hari and T.L. Porta, Fast and robust signaling overload control, in : Proceedings IEEE Conference on Network Protocols (ICNP), November 2001, pp. 323-331.
30. G. Lorenz, T. Moore, G. Manes, J. Hale and S. Shenoi, Securing ss7 telecommunications networks, in: Proceedings of the IEEE Workshop on Information Assurance and Security, 2001.
31. S. Makris, Athens 2004 games: The "extreme makeover" Olympics!, April 2005, Slides presented at CQR 2005 Workshop, St. Petersburg Beach, FL, USA.
32. K. Maney, Surge in text messaging makes cell operators :-), July 27, 2005.
33. S. Marwaha, Will success spoil sms?, March 15, 2001, http:// wirelessreview.com/mag/wireless_success_spoil_sms/.
34. J. Mirkovic and P. Reiher, A taxonomy of DDoS attacks and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review 34(2) (2004), 39-53.
35. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, Inside the slammer worm, IEEE Security and Privacy 1(4) (2003), 33-39.
36. T. Moore, T. Kosloff, J. Keller, G. Manes and S. Shenoi, Signalling system 7 network security, in: Proceedings of the IEEE 45th Midwest Symposium on Circuits and Systems, August 4-7, 2002.
37. G. Mori and J. Malik, Recognizing objects in adversarial clutter: Breaking a visual captcha, in: Proc. of Computer Vision and Pattern Recognition, 2003.
38. M. Naor, Verification of human in the loop or identification via the turing test, 1996, http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human.ps.
39. National Communications System, SMS over SS7, Technical Report Technical Information Bulletin 03-2 (NCS TIB 03-2), December 2003, http://www.ncs.gov/ library/tech_bulletins/2003/tib_03-2.pdf.
40. Nextel, Text messaging, http://www.nextel.com/en/services/messaging/ text_messaging.shtml.
41. J. Pearce, Mobile firms gear up for new years text-fest, December 30, 2003, http://news.zdnet.co.uk/communications/networks/0,39020345,39118812.00. htm.
42. H. Project, The honeynet project, 2005, http://project.honeynet.org.
43. M. Reardon, Text message spam could spell trouble for text-based ads, 2006, http://news.com.com/Text+message+spam+could+spell+trouble+for+text- based+ads/2100-1039-6135609.html?part=dht&tag=nl.e703.
44. P. Roberts, Nokia phones vulnerable to dos attack, February 26, 2003, http://www.infoworld.com/article/03/02/26/HNnokiados_1.html.
45. S. Savage, D. Wetherall, A. Karlin and T. Anderson, Practical network support for IP traceback, in: Proceedings of ACM SIGCOMM, October 2000, pp. 295-306.
46. C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram and D. Zamboni, Analysis of a denial of service attack on TCP, in: Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society, May 1997, pp. 208-223.
47. G. Shannon, Security vulnerabilities in protocols, in: Proceedings of ITU-T Workshop on Security, May 13-14, 2002.
48. S. Staniford, V. Paxson and N. Weaver, How to Own the internet in your spare time, in: Usenix Security Symposium, 2002, pp. 149-167.
49. Telecommunication Industry Association/Electronic Industries Association (TIA/EIA) Standard, Short messaging service for spread spectrum systems, Technical report ANSI/TIA/EIA-637-A-1999.
50. Tom's Hardware, How to: Building a bluesniper rifle, March 2005, http://www.tomsnetworking. com/Sections- article106.php.
51. P. Traynor, W. Enck, P. McDaniel and T. La Porta, Mitigating attacks on open functionality in SMS-capable cellular networks, in: Proceedings of the Twelfth Annual ACM International Conference on Mobile Computing and Networking (MobiCom), September 2006.
52. P. Traynor, P. McDaniel and T. La Porta, On attack causality in internet-connected cellular networks, in: Proceedings of the USENIX Security Symposium, 2007.
53. P. Traynor, V. Rao, T. Jaeger, P. McDaniel and T. La Porta, From mobile phones to responsible devices, Technical report NAS-TR-0059-2006, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, 2007.
54. United States Census Bureau, United States Census 2000, 2000, http://www.census.gov/main/www/cen2000.html.
55. S. van Zanen, Sms: Can networks handle the explosive growth?, 2000, http://www.wirelessdevnet.com/channels/sms/features/smsnetworks.html.
56. Verizon Wireless, About the service, http://www.vtext.com/customer_site/ jsp/aboutservice.jsp.
57. L. von Ahn, M. Blum, N. Hopper and J. Langford, CAPTCHA: Using hard AI problems for security, in: Proceedings of Eurocrypt, 2003, pp. 294-311.