Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) - has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities.
Many mobile network operators rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. With relatively more security and privacy features, Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks are believed to guarantee more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking in LTE by abusing the Diameter-based interconnection.
In this talk, we dig deeper into the Diameter interconnection to uncover the Denial of Service (DoS) attacks to detach targeted mobile phone users from the network and disrupt the network nodes. We first discuss the current status of interconnection or mobile telephony core network security, followed by outlining several DoS attacks against targeted users and the LTE network itself. We discuss the practicalities of such attacks with the help of live/recorded demo, network logs and wireshark traces during this talk. Our proposed solution includes improvised measures in the interconnection edge nodes, proper security configurations in LTE networks and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses.