Real threats to your data bills: Security loopholes and defenses in mobile data charging

Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan Hua Tu, Songwu Lu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

23 Scopus citations

Abstract

Secure mobile data charging (MDC) is critical to cellular network operations. It must charge the right user for the right volume that (s)he authorizes to consume (i.e., requirements of authentication, authorization, and accounting (AAA)). In this work, we conduct security analysis of the MDC system in cellular networks. We find that all three can be breached in both design and practice, and identify three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy. The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementations. We devise three showcase attacks to demonstrate that, even simple attacks can easily penetrate the operational 3G/4G cellular networks. We further propose and evaluate defense solutions.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages727-738
Number of pages12
ISBN (Print)9781450329576
DOIs
StatePublished - 3 Nov 2014
Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
Duration: 3 Nov 20147 Nov 2014

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference21st ACM Conference on Computer and Communications Security, CCS 2014
Country/TerritoryUnited States
CityScottsdale
Period3/11/147/11/14

Keywords

  • AAA
  • Accounting
  • Attack
  • Authentication
  • Authorization
  • Cellular networks
  • Defense
  • Mobile data services

Fingerprint

Dive into the research topics of 'Real threats to your data bills: Security loopholes and defenses in mobile data charging'. Together they form a unique fingerprint.

Cite this