Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay - PowerPoint PPT Presentation

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin Xu, Ben Leong

Mobile Internet is Hot ot 2

Public IP – What’s the deal? Subscribers want Public IP 3

M2M M2M – Machine to Machine Delivery Vans Security Cameras Sensor Nodes Traffic Control 4

Our Local Situation Public IP by default †  ISP A  ISP B Change APN Change APN  ISP C Free Public IP for LTE networks † Does not work for certain devices 5

The Dangers of Public IP Susceptible to simple IP attacks 1. DoS Flooding 2. Quota Drain 3. Battery Drain 10. 42. 0. 1 No r out e NAT Private IP Public IP t o hos t Attacker 10. 42. 0. 1 215. 12. 5. 1 6

Attack 1: DoS Flooding  Overwhelm the link/resources  Conventionally  Higher bandwidth (30 Mb/s)  Requires more data Malicious Packets Malicious Packets Normal traffic 7

Buffer Sizing Matters ISP Buffer ISP A 2,000 pkts ISP B 600 pkts ISP C 800 ms Xu et al. PAM 2014  ISP C uses AQM Low traffic is sufficient to DoS  Drop packets older than 800 ms  Sized in packets  1,500- byte packet ≡ 1 -byte packet 8

Experiment Set-up Send rate (Mb/s) Packet Size (bytes) UDP DoS Measure TCP throughput (kb/s) 9

Results 10

ISP C – AQM  No packet drops  Long UDP processing time  Delays TCP SYN/ACK 11

Attack 2: Quota Drain  Data cost $$$  Limited free quota. Billed for dropped packets (Peng et al.) 1. Billed for unwanted packets 2. Gateway Node-B 12

High Speed LTE 13

Time to Drain Quota 20 1 MB every 15 min over 1 month 14

Attack 3: Battery Drain  Network communication consumes power  LTE protocol states Incoming RRC CONNECTED data Active RRC IDLE Low power Long Short Timeout DRX DRX High power 15

Power Monitor  Different ISPs  Different patterns  Same device  Packet size does not matter  More details in the paper 16

Battery Consumption 24 times faster drain 17

Defense Against Attacks  Avoid Public IP  Use Network Address Translation (NAT)  NAT traversal  can be slow  not 100% successful  requires NAT servers  Firewalls? 18

Firewall on device Harm is already done ISP Subscriber Attacker 19

Firewall on ISP  Hard to differentiate legitimate traffic  Complex firewall hard to deploy ISP Subscriber Legitimate User Attacker 20

Proxy + Firewall  ISP firewall allows solicited access Proxy Server  Attacker can spoof as proxy ISP Subscriber IP: y.y.y.y Allows y.y.y.y IP: x.x.x.x src: y.y.y.y Attacker 21

Double IP address  Give proxy a secret IP address Proxy Server IP: z.z.z.z ISP Subscriber IP: y.y.y.y Allows z.z.z.z IP: x.x.x.x src: y.y.y.y Attacker 22

In Summary  Firewall prevents unsolicited access Proxy Server  Secret IP prevents spoofing IP: z.z.z.z  Proxy Firewall filters legitimate users ISP Subscriber IP: y.y.y.y Allows z.z.z.z Legitimate IP: x.x.x.x User src: y.y.y.y Attacker 23

Conclusion  Public IP: Desirable, but Dangerous  Best to avoid public IP  Sometimes enabled by default!  Attacks are  Simple  Requires little resources  Can be hard to detect/differentiate  Proxy Solution  How effective or reliable? 24

Moving Forward…  Mobile networks will be faster  More users  Personal  Commercial  Security is a concern  P2P or M2M 25

Thank You Questions and Comments