Improving mobile core network security with honeynets
This presentation is the property of its rightful owner.
Sponsored Links
1 / 45

Improving Mobile Core Network Security with Honeynets PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Improving Mobile Core Network Security with Honeynets. Dimitriadis, C.K.; University of Piraeus. IEEE Security & Privacy, July-Aug. 2007, Issue 4, Volume 5,Page(s):40 - 47. Advisor: Frank Y. S. Lin Presented by Yu-Shun Wang. Agenda. Introduction Threat model Feasibility study

Download Presentation

Improving Mobile Core Network Security with Honeynets

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Improving mobile core network security with honeynets

Improving Mobile Core Network Security with Honeynets

Dimitriadis, C.K.;

University of Piraeus

IEEE Security & Privacy,

July-Aug. 2007, Issue 4, Volume 5,Page(s):40 - 47

Advisor: Frank Y. S. Lin

Presented by Yu-Shun Wang


Agenda

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Agenda1

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Introduction

Introduction

  • Despite improved security, core network vulnerabilities continue to threaten third-generation (3G) mobile systems.

  • To learn what security bottlenecks exist in the 3G network, we first introduce the network architecture.

[email protected], NTU


Introduction1

Introduction

  • The 3G core network consists

    • circuit-switched (CS) domain

    • packet-switched (PS) domain

    • Internet Protocol (IP) multimedia subsystem (IMS)

  • This article focuses on the open security issues in the PS domain.

[email protected], NTU


Introduction2

Introduction

[email protected], NTU


Introduction3

Introduction

[email protected], NTU


Introduction4

Introduction

  • The above figure gives an overview of the systems in a 3G network affected by a compromised SGSN or GGSN.

  • The security assessment described in this article also revealed that legacy systems which don’t provide adequate facilities for logging user actions.

[email protected], NTU


Agenda2

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Threat model

Threat model

  • A threat model describes the threats that attackers can realize by exploiting vulnerabilities.

  • We can depict it graphically by using a combination of attack trees, each of which has a root node, leaf nodes, and child nodes.

[email protected], NTU


Threat model1

Threat model

[email protected], NTU


Threat model2

Threat model

  • In AG1, GTP packets with malformed headers might lead to GSSN or SGSN compromise or disruption (such attacks exploit badly configured or nonexistent GTP firewalls).

  • The compromised GSSN or SGSN can become a springboard on other critical systems.

  • Other attacks also exploit badly configured or nonexistent GTP firewalls, often with the same results.

[email protected], NTU


Threat model3

Threat model

[email protected], NTU


Agenda3

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Feasibility study

Feasibility study

  • To study the benefits of implementing 3GHNET, we used concepts from game theory.

  • We wanted to compare a mobile operator that implements a honeynet with one that doesn’t, and then study different security situations.

[email protected], NTU


Feasibility study1

Feasibility study

  • We defined a game called 3GHNET-G that is non-cooperative—the mobile operators don’t have a common security infrastructure, and the game is static because players can make simultaneous moves.

  • 3GHNET-G is also a non-zero sum game, meaning that the total benefit to all players isn’t zero because there’s no relationship between one player’s gain and another’s loss.

[email protected], NTU


Feasibility study2

Feasibility study

  • For our two players, mobile operator 1 (MO1) implementsa honeynet architecture, and mobile operator 2(MO2) doesn’t.

  • Each player has two possible modesof behavior, dependingon whether a security incident compromises theplayer’s nodes or not:

    • Mode 1 represents compromised node behavior

    • Mode 2 represents normal node behavior

[email protected], NTU


Feasibility study3

Feasibility study

  • By following this logic we study the gain of implementing a honeynet or not in different security-related situations.

  • The payoff gets specific values from a definite set P ={P1, P2, …, Pm}. Let each possible payoff Pi (where i = {1, 2, …, m}) be a sum of gains from Table 1, depending on a specific condition.

[email protected], NTU


Feasibility study4

Feasibility study

These gains correspond to the threats describedin the previous section.

This corresponds to the knowledgeproduced by a security architecture that can studyattacks and evolve in response to attacker tactics.

This is negative, corresponding to the cost of implementingthe honeynet

[email protected], NTU


Feasibility study5

Feasibility study

  • We define the payoff Pi through the following equation:Pi = a1G1+a2G2+a3G3+a4G4+a5G5.

  • The parametersan={0, 1}, where n={1, 2, 3, 4, 5}, take a positivevalue when the player receives the corresponding gain in aspecific condition and zero value in the opposite scenario.

  • A game’s payoff matrix shows what payoff each playerwill receive at the game’s outcome; it depends on thecombined actions of all players.

[email protected], NTU


Feasibility study6

Feasibility study

MO1 receives all the gains.

MO2 only receives gain G2 because it’s protected by MO1’s honeynet.

MO1 doesn’t receive the G2 gain because MO2 isn’t attacking, but it receives the rest of the gains.

MO2 receives gain G2.

MO1 receives gains G2, G4, and G5, whereas

MO2 receives only gain G3

No player receives any positive gain, and MO1 pays for the cost of the honeynet.

[email protected], NTU


Feasibility study7

Feasibility study

  • The payoff matrix reveals two Nash equilibriums, which we find by searching for thebest player response, taking as constant the best response of the other player.

  • If MO2 is in an attack mode (greatest payoff = 10), for example, then MO1’s attack mode is the one with the greatest payoff (equal to 35).

[email protected], NTU


Feasibility study8

Feasibility study

  • Analyzing the game’s results, we conclude the following:

    • In the attack–attack situation, all players have a net benefit due to the honeynet because overall security depends on the security of others. This net benefit could be increased by the proliferation of knowledge gained by MO1.

    • The two Nash equilibriums reveal that the implementation of a honeynet is useful to both players in either situation.

    • If MO2 is compromised and forced to attack, MO1 clearly benefitsfrom implementing the honeynet.

    • MO1 gets the highest payoffs by implementing the honeynet, except when security incidents don’t arise.

[email protected], NTU


Agenda4

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


3 ghnet s architecture

3GHNET’s architecture

  • The first countermeasure would be to separate the mobile operator’s infrastructure into security zones.

  • each type of affected element goes in a separate zone.

[email protected], NTU


3 ghnet s architecture1

3GHNET’s architecture

[email protected], NTU


3 ghnet s architecture2

3GHNET’s architecture

  • 3GHNET’s honeywalls have the following characteristics:

    • 3GHWALL_1 is a layer-2, non-IP-addressable element that controls and captures data between emulated SGSN and GGSN and the mobile operator and roaming partner’s real ones.

    • 3GHWALL_ 1 block all traffic from inside 3GHNETto the core network (or roaming partner).

    • 3GHWALL_2 is a layer-2, non-IP-addressable element that controls and captures data between emulated SGSN and GGSN and the Internet.

    • This honeywall also control and log traffic between the two interfaces, Snort as an intrusion detection system for attacks from the Internet, and Snort_inline in combination with Netfilter as an IDS for attacks launched from the 3GHNET and targeted at the Internet.

[email protected], NTU


Agenda5

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Security analysis

Security analysis

  • we performed several experiments to emulate various attack scenarios:

[email protected], NTU


Security analysis1

Security analysis

  • According to the threat model, the first security layer is the establishment or improvement of GTP firewalls.

  • As a response, 3GHNET might directly address an attack targeted to it or indirectly contribute to the improvement of the existing GTP firewall configuration through the knowledge gained by its operation.

  • The second security layer involves the emulation of GGSNs or SGSNs: 3GHNET blocks an attack if it directly targets the emulated GGSN and SGSN, or it can notify a roaming partner about a possible compromise of its infrastructure.

[email protected], NTU


Agenda6

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


Conclusion

Conclusion

  • A mobile operator can use our honeynet as:

    • A laboratory for security officers and engineers to customize, build, and enhance a multilayer security architecture.

    • A preventive, detective, and reactive security architecture for the PS domain of a 3G core network.

    • A way to transform a flat architecture into a core network architecture separated into security zones.

[email protected], NTU


Agenda7

Agenda

  • Introduction

  • Threat model

  • Feasibility study

  • 3GHNET’s architecture

  • Security analysis

  • Conclusion

  • My applying model

[email protected], NTU


My applying model

My applying model

  • Assumption

    • The defender has the complete information of network that is attacked by several attackers with different budget, capabilities, and strategy.

    • The attackers are not aware that there are honeypots deployed by the defender in the network, i.e., the attackers have the incomplete information of network.

    • There are two types of defense resources, the honeypot and non-honeypot. Further, honeypots can be subdivided into two categories, one is for wasting attacker’s resource and learning their tactics, and the other is used to play the role of fake core node to distract the attackers.

[email protected], NTU


My applying model1

My applying model

  • Objective

    • Attacker:

      • The attackers want to compromise the core node under budget constraint.

    • Defender:

      • The defenders want to minimize the average compromised probability of the core node.

[email protected], NTU


My applying model2

My applying model

  • Given Parameter

[email protected], NTU


My applying model3

My applying model

  • Decision Variable

  • Objective function

    subject to

[email protected], NTU


My applying model4

My applying model

  • A possible scenario

    • we let includes honeypots (both wasting attack resource and distraction) and other defense resource that raise the attack cost.

    • For concealing honeypots, we will add artificial traffic in the network to make the amount of flows seem balanced between nodes since attackers may use link utilization as a guide to decide next candidate node.

    • To accomplish this goal, we control the link capacity and the routing of fake traffic to adjust the utilization.

[email protected], NTU


My applying model5

My applying model

  • Given Parameter

[email protected], NTU


My applying model6

My applying model

  • Decision variable

[email protected], NTU


My applying model7

My applying model

  • Decision variable

[email protected], NTU


My applying model8

My applying model

  • Constraint

[email protected], NTU


My applying model9

My applying model

[email protected], NTU


My applying model10

My applying model

  • The above scenario is a special one that lead our model clearer.

  • However, this framework can also be applied in other situations for security analysis.

[email protected], NTU


Improving mobile core network security with honeynets

Thanks for your listening

[email protected], NTU


  • Login