Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Threat analysis of a Cellular Botnet regarding DoS attacks (Bedrohungsanalyse von Mobilfunk-Botnetzen im Hinblick auf DoS-Angriffe) Supervisor: Marc Fouquet, Alexander Klein Lucas Louca November 17, 2010 Wednesday, November 17, 2010
Outline Introduction/Motivation Related Work Analysis Evaluation Summary Threat analysis of a Cellular Botnet regarding DoS attacks 2 Wednesday, November 17, 2010
Introduction and Motivation More powerful and intelligent cell phones Number of smartphone users increases Cell phones have a constantly assigned IP Address Cell phones allow short range communication with the use of Bluetooth Cell Cell Increased risk of malware distribution through unauthorized drive by downloads DoS attacks on cellular networks become possible through cellular botnets Botmaster Threat analysis of a Cellular Botnet regarding DoS attacks 3 Wednesday, November 17, 2010
Introduction and Motivation What motivates a potential adversary? Make services unavailable by saturating bandwidth just for fun The adversary may be an unsatisfied employee Financial reasons Political reasons Threat analysis of a Cellular Botnet regarding DoS attacks 4 Wednesday, November 17, 2010
Introduction and Motivation Some considerations about the scenarios Infected mobile devices should not produce constant control traffic in order to stay undetectable and save battery life Attacks on the cells are launched through voice calls and only when a cell exhaustion is guaranteed in order to avoid unnecessary traffic Create scenarios where nodes act totally autonomously Decisions are made within ad-hoc like networks Create scenarios where the botnet is controlled by a botmaster Partially controlled by the botmaster Fully controlled by the botmaster Threat analysis of a Cellular Botnet regarding DoS attacks 5 Wednesday, November 17, 2010
Introduction and Motivation Objective: Study the possibilities of potential attacks Build up possible botnet control scenarios Simulate a cellular botnet using the different control scenarios Examine the test results Determine the danger degree of possible attacks Project the results of the simulations on a larger area 50 Random Walk Random Waypoint 45 Random Waypoint Hotspots 40 35 Number of Cell downs 30 25 20 15 10 5 2 4 6 8 10 12 14 Mean speed (m/s) Threat analysis of a Cellular Botnet regarding DoS attacks 6 Wednesday, November 17, 2010
Related Work The Threat of Mobile Worms [Marc Fouquet, Elnaz Eghbali Afshar, and Georg Carle.] Bluetooth Worm Propagation: Mobility Pattern Matters! [Yan, Guanhua and Flores, Hector D. and Cuellar, Leticia and Hengartner, Nicolas and Eidenbenz, Stephan and Vu, Vincent .] On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core [Patrick Traynor] An Empirical Study on 3G Network Capacity and Performance [Wee Lum Tan, Fung Lam and Wing Cheong Lau.] Mobility Models for Ad hoc Network Simulation [Guevara Noubir Guolong Lin und Rajmohan Rajaraman] Threat analysis of a Cellular Botnet regarding DoS attacks 7 Wednesday, November 17, 2010
Analysis - Scenarios Coordinated attack through a Master Server (Central Controlled) Produces a great amount of control traffic Botmaster has a more granular view over his botnet Cell exhaustion is guaranteed as long as the needed amount of nodes exist within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 8 Wednesday, November 17, 2010
Analysis - Scenarios Ad-Hoc networks acting independent (Autonomous) Produces no control traffic Botmaster has no control over his botnet Nodes must have a large density for an attack to be launched Possible attack situations may get overlooked even if there are enough infected devices within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 9 Wednesday, November 17, 2010
Analysis - Scenarios Coordinated attack through a Master Server (Hybrid) Produces control traffic Botmaster has partial control over his botnet Cell exhaustion is guaranteed as long as the need amount of ad-hoc networks exist within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 10 Wednesday, November 17, 2010
Analysis - Node movement (Mobility Models) Random Waypoint Random speed Random destinations Random Waypoint with predefined hotspots Random speed Random destinations out of a pool of visit probability weighted locations Random Walk Random speed Constant travel time Random travel direction Threat analysis of a Cellular Botnet regarding DoS attacks 11 Wednesday, November 17, 2010
Evaluation Testing the attack rate based on: Node’s threshold regarding Ad-Hoc size ( Autonomous & Hybrid) Changing node speeds (All scenarios) Botmaster’s threshold regarding nodes within a cell (Central Controlled & Hybrid) Test parameter configuration 100 - 400 nodes 1000m × 1000m surface (4 cells) 500m cell range maximum 52 simultaneous voice calls within a cell Initial node speed 1 - 2 m/s Threat analysis of a Cellular Botnet regarding DoS attacks 12 Wednesday, November 17, 2010
Evaluation - Test: Node’s speed Scenario 1: Central Controlled Random Walk prevails with 300 or more nodes More than 400 nodes within the surface results in constant attack rates with all three mobility models 50 Random Walk Random Waypoint Random Waypoint Hotspots 45 40 35 Number of Cell downs 30 25 20 15 10 5 5 10 15 20 25 Mean speed (m/s) Threat analysis of a Cellular Botnet regarding DoS attacks 13 Wednesday, November 17, 2010
Evaluation - Test: Node’s speed Scenario 2 & 3: Autonomous & Hybrid Random Walk hardly produces any attacks Attack rate drops as mean speed increases 30 50 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 45 25 40 35 20 Number of Cell downs Number of Cell downs 30 25 15 20 10 15 10 5 5 2 4 6 8 10 12 14 2 4 6 8 10 12 14 Mean speed (m/s) Mean speed (m/s) Autonomous Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 14 Wednesday, November 17, 2010
Evaluation - Test: Node’s threshold Scenario 2 & 3: Autonomous & Hybrid Random Walk hardly produces any attacks Attack rate drops radically as threshold increases Random Waypoint using hotspots prevails in “Autonomous” Attack rate using the “Autonomous” scenario is higher than with the “Hybrid” 60 30 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 50 25 40 20 Number of Cell downs Number of Cell downs 30 15 20 10 10 5 0 0 50 100 150 200 250 300 350 400 50 100 150 200 250 300 350 400 Threshold(Nodes) Threshold(Nodes) Autonomous Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 15 Wednesday, November 17, 2010
Evaluation - Test: Botmaster’s threshold Scenario 1 & 3” Central Controlled & Hybrid Random Walk hardly produces any attacks in “Hybrid” Attack rate drops as threshold increases Attack rate using “Central Controlled” is higher than in “Hybrid” Attack rate in “Central Controlled” is about the same with all three mobility models 80 18 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 16 70 14 60 12 Number of Cell downs Number of Cell downs 50 10 40 8 30 6 20 4 10 2 0 0 100 150 200 250 300 350 400 100 150 200 250 300 350 400 Threshold(Nodes) Threshold(Nodes) Central Controlled Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 16 Wednesday, November 17, 2010
Evaluation - What about a larger area? How many cells can be taken down within a city with 1000 - 50 000 infected mobile devices? Larger area representing Munich Calculate a node distribution with Random Walk combined based on the user placement according to population density maps Distribute cells within the city area based on real life data (Deutsche Telekom) Set an hypothetical cell capacity for our cells based on the number of sectors Place users within the city using the pre-calculated node distribution Cell capacity in the center is larger than on the edges Threat analysis of a Cellular Botnet regarding DoS attacks 17 Wednesday, November 17, 2010
Results Nodes converge towards the center of the city Number of cells taken down monotonically increases as amount of infected devices grows, especially in the center Although people do not move according to Random Walk, attacks may be possible with “Central Controlled” scenario 300 250 200 Number of Cell downs 150 100 50 0 10000 15000 20000 25000 30000 35000 40000 45000 50000 Nodes Threat analysis of a Cellular Botnet regarding DoS attacks 18 Wednesday, November 17, 2010
Recommend
More recommend