Skip to main content
Springer Nature Link
Log in

Roaming Interface Signaling Security for LTE Networks

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SECITC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11359))

Abstract

A consistent effort has been made to provide fast, secure and uninterrupted mobile connectivity around the world. Mobile network operators use the private Interconnection network (IPX) to communicate with each other and with other service providers for international roaming and a large range of services. In LTE/4G, many core network nodes are involved in the communication and connection set-up for the subscriber in roaming scenarios. Currently, Diameter based protocols and the S9 interface are rolled out on the IPX network. We analyze the roaming interface (S9) in the LTE networks which is used for communicating charging, service control and QoS control signaling messages. This research explores Diameter Protocol features for the charging mechanisms and describes how manipulation in policy control and charging rules can influence the subscriber plan and services. The concept has been implemented and tested using a specification conformant LTE emulator. To mitigate the attack we will describe approaches and protection strategies that can be deployed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    www.3gpp.org.

  2. 2.

    www.gsma.com.

  3. 3.

    www.ietf.org.

References

  1. 3GGP: 3GPP TS 29.215 version 9.9.0 release 9. https://www.etsi.org/deliver/etsi_ts/129200_129299/129215/09.09.00_60/ts_129215v090900p.pdf

  2. 3GGP: Evolved Packet Core. http://www.3gpp.org/technologies/keywords-acronyms/100-the-evolved-packet-core

  3. 3GGP: Numbering, addressing and identification. http://www.qtc.jp/3GPP/Specs/23003-3e0.pdf

  4. 3GGP: Policy and Charging Control 3GPP TS 29.212 version 12.6.0 release 12. https://www.etsi.org/deliver/etsi_ts/129200_129299/129212/12.06.00_60/ts_129212v120600p.pdf

  5. Cichonski, J., Franklin, J.M., Bartock, M.: Guide to LTE security. Technical report, NIST SP 800–187, National Institute of Standards and Technology, Gaithersburg, MD, December 2017. https://doi.org/10.6028/NIST.SP.800-187. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf, 00002

  6. Ferrus, R., Sallent, O., Baldini, G., Goratti, L.: LTE: the technology driver for future public safety communications. IEEE Commun. Mag. 51(10), 154–161 (2013). https://doi.org/10.1109/MCOM.2013.6619579

    Article  Google Scholar 

  7. Forsberg, D., Horn, G., Moeller, W.D., Niemi, V.: LTE Security. Wiley, Hoboken (2012). Google-Books-ID: 9wTs815ii70C, 00097

    Book  Google Scholar 

  8. GSMA: Guidelines for IPX Provider networks. https://www.gsma.com/newsroom/wp-content/uploads//IR.34-v14.0-3.pdf

  9. GSMA: International roaming explained. https://www.gsma.com/latinamerica/wp-content/uploads/2012/08/GSMA-Mobile-roaming-web-English.pdf

  10. GSMA: IPX White Paper. https://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/ipxwp12.pdf

  11. GSMA: IR.88 - LTE and EPC Roaming Guidelines. https://www.gsma.com/newsroom/wp-content/uploads//IR.88v18.0.pdf

  12. GSMA: NRTRDE. http://www.archclearing.com/html/Service/FraudandRevenueAssurance/NRTRDE/NRTRDE.htm

  13. Holtmanns, S.: Mobile Data Interception from the Interconnection Link. https://media.ccc.de/v/34c3-8879-mobile_data_interception_from_the_interconnection_link

  14. Holtmanns, S.: Interconnection Security-SS7 and Diameter, December 2017. https://www.youtube.com/watch?v=GczSCWRWyCk

  15. Holtmanns, S., Nokia Bell Labs, Karakaari 13, 01620 Espoo, Finland: interconnection security standards - we are all connected. J. ICT Stand. 4(1), 1–18 (2016). https://doi.org/10.13052/jicts2245-800X.411. http://www.riverpublishers.com/journal_read_html_article.php?j=JICTS/4/1/1, 0000

    Article  Google Scholar 

  16. Holtmanns, S., Oliver, I.: SMS and one-time-password interception in LTE networks (2017). https://www.semanticscholar.org/paper/SMS-and-one-time-password-interception-in-LTE-Holtmanns-Oliver/d53b731b979697cab9bd99639563be0a10f3530a, 00003

  17. Huawei: LTE International Roaming Whitepaper. http://carrier.huawei.com/en/technical-topics/core-network/lte-roaming-whitepaper

  18. IETF: Diameter Base Protocol. https://tools.ietf.org/html/rfc3588

  19. Ivan, I., Milodin, D., Zamfiroiu, A.: Security of M-Commerce transactions. http://store.ectap.ro/articole/880.pdf

  20. Kantola, R., Kabir, H., Loiseau, P.: Cooperation and end-to-end in the internet. Int. J. Commun. Syst. 30(12), e3268 (2017). https://doi.org/10.1002/dac.3268. https://onlinelibrary.wiley.com/doi/abs/10.1002/dac.3268, e3268 IJCS-15-0043.R4

    Article  Google Scholar 

  21. Kumar, K.R.R.: International mobile data roaming: managed or unmanaged? In: 2010 9th Conference of Telecommunication, Media and Internet, pp. 1–9, June 2010. https://doi.org/10.1109/CTTE.2010.5557699, 00004

  22. Mashukov, S.: Diameter security: an auditor’s viewpoint. J. ICT Stand. 5(1), 53–68 (2017). https://doi.org/10.13052/jicts2245-800X.513. https://riverpublishers.com/journalreadhtmlarticle.php?j=JICTS/5/1/3, 00000

    Article  Google Scholar 

  23. Rupprecht, D., Dabrowski, A., Holz, T., Weippl, E., Pöpper, C.: On security research towards future mobile network generations. arXiv:1710.08932 [cs], October 2017, 00006

  24. Sanyal, R.: Challenges in interoperability and roaming between LTE - legacy core for mobility management, routing, real time charging. In: 2011 Technical Symposium at ITU Telecom World (ITU WT), pp. 116–122, October 2011

    Google Scholar 

  25. Holtmanns, S., Kotte, B., Rao, S.: Detach Me Not - DoS Attacks Against 4G Cellular Users Worldwide from your Desk. https://www.blackhat.com/eu-16/speakers/Dr-Silke-Holtmanns.html

  26. Syniverse Technologies: Preparing for LTE Roaming. https://pdfs.semanticscholar.org/presentation/7a09/50e6a2679ad03948b259445852797206247e.pdf

  27. Tata Communications: Fighting Fraud on 4G. https://www.tatacommunications.com/sites/default/files/MOB-LTE-Fraud-WP-87299.pdf

Download references

Acknowledgements

We thank to the European Union’s Horizon 2020 research and innovation programme for funding this project under grant agreement No. 737422 of the SCOTT project and Nokia Bell Labs for providing this platform.

Author information

Authors and Affiliations

  1. Nokia Bell Labs, Espoo, Finland

    Isha Singh & Silke Holtmanns

  2. Aalto University, Helsinki, Finland

    Raimo Kantola

Authors
  1. Isha Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Silke Holtmanns
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raimo Kantola
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Isha Singh or Silke Holtmanns .

Editor information

Editors and Affiliations

  1. Inria-RBA, Rennes, France

    Jean-Louis Lanet

  2. Bucharest University of Economic Studies, Bucharest, Romania

    Cristian Toma

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, I., Holtmanns, S., Kantola, R. (2019). Roaming Interface Signaling Security for LTE Networks. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12942-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12941-5

  • Online ISBN: 978-3-030-12942-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy