Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay - - PowerPoint PPT Presentation

▶

Feb 29, 2024 289 likes •556 views

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin Xu, Ben Leong Mobile Internet is Hot ot 2 Public IP Whats the deal? Subscribers want Public IP 3 M2M M2M Machine to Machine

SLIDE 1

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks

Wai Kay Leong, Aditya Kulkarni, Yin Xu, Ben Leong

SLIDE 2

Mobile Internet is Hot

SLIDE 3

Public IP – What’s the deal?

Subscribers want Public IP

SLIDE 4

M2M

M2M – Machine to Machine

Delivery Vans Security Cameras Sensor Nodes Traffic Control

SLIDE 5

Our Local Situation

 ISP A  ISP B  ISP C

Public IP by default† Change APN Change APN

†Does not work for certain devices

Free Public IP for LTE networks

SLIDE 6

The Dangers of Public IP

Susceptible to simple IP attacks

1. DoS Flooding
2. Quota Drain
3. Battery Drain

Private IP

10. 42. 0. 1

NAT

10. 42. 0. 1

No r out e t o hos t

Public IP

215. 12. 5. 1

Attacker

SLIDE 7

Attack 1: DoS Flooding

 Overwhelm the link/resources  Conventionally

 Higher bandwidth (30 Mb/s)  Requires more data

Normal traffic Malicious Packets Malicious Packets

SLIDE 8

Buffer Sizing Matters

ISP Buffer

ISP A 2,000 pkts ISP B 600 pkts ISP C 800 ms

 ISP C uses AQM

 Drop packets older than 800 ms

 Sized in packets

 1,500-byte packet ≡ 1-byte packet

Xu et al. PAM 2014

Low traffic is sufficient to DoS

SLIDE 9

Experiment Set-up

UDP DoS

Send rate (Mb/s) Packet Size (bytes) Measure TCP throughput (kb/s)

SLIDE 10

Results

SLIDE 11

ISP C – AQM

 No packet drops  Long UDP processing time  Delays TCP SYN/ACK

SLIDE 12

Attack 2: Quota Drain

 Data cost $$$  Limited free quota.

1.

Billed for dropped packets (Peng et al.)

2.

Billed for unwanted packets

Gateway Node-B

SLIDE 13

High Speed LTE

SLIDE 14

Time to Drain Quota

20

1 MB every 15 min over 1 month

SLIDE 15

Attack 3: Battery Drain

 Network communication consumes power  LTE protocol states

RRC IDLE RRC CONNECTED

Incoming data Timeout Low power High power

Active Short DRX Long DRX

SLIDE 16

Power Monitor

 Different ISPs  Different patterns

 Same device

 Packet size does not matter  More details in the paper

SLIDE 17

Battery Consumption

24 times faster drain

SLIDE 18

Defense Against Attacks

 Avoid Public IP

 Use Network Address Translation (NAT)

 NAT traversal

 can be slow  not 100% successful  requires NAT servers

 Firewalls?

SLIDE 19

Firewall on device

Harm is already done

Subscriber ISP Attacker

SLIDE 20

Firewall on ISP

 Hard to differentiate legitimate traffic  Complex firewall hard to deploy

ISP Attacker Legitimate User Subscriber

SLIDE 21

Proxy + Firewall

 ISP firewall allows solicited access  Attacker can spoof as proxy

ISP

Attacker

Subscriber IP: x.x.x.x

Proxy Server

IP: y.y.y.y Allows y.y.y.y

src:y.y.y.y

SLIDE 22

Double IP address

 Give proxy a secret IP address

ISP

Attacker

Subscriber IP: x.x.x.x

Proxy Server

IP: y.y.y.y Allows z.z.z.z

src:y.y.y.y

IP: z.z.z.z

SLIDE 23

In Summary

ISP

Attacker

Subscriber IP: x.x.x.x

Proxy Server

IP: y.y.y.y Allows z.z.z.z

src:y.y.y.y

IP: z.z.z.z

 Firewall prevents unsolicited access  Secret IP prevents spoofing  Proxy Firewall filters legitimate users

Legitimate User

SLIDE 24

Conclusion

 Public IP: Desirable, but Dangerous

 Best to avoid public IP  Sometimes enabled by default!

 Attacks are

 Simple  Requires little resources  Can be hard to detect/differentiate

 Proxy Solution

 How effective or reliable?

SLIDE 25

Moving Forward…

 Mobile networks will be faster  More users

 Personal  Commercial

 Security is a concern

 P2P or M2M

SLIDE 26