@inproceedings{7ff707e4d24a4bff8ce566c74851fc76,
title = "Real threats to your data bills: Security loopholes and defenses in mobile data charging",
abstract = "Secure mobile data charging (MDC) is critical to cellular network operations. It must charge the right user for the right volume that (s)he authorizes to consume (i.e., requirements of authentication, authorization, and accounting (AAA)). In this work, we conduct security analysis of the MDC system in cellular networks. We find that all three can be breached in both design and practice, and identify three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy. The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementations. We devise three showcase attacks to demonstrate that, even simple attacks can easily penetrate the operational 3G/4G cellular networks. We further propose and evaluate defense solutions.",
keywords = "AAA, Accounting, Attack, Authentication, Authorization, Cellular networks, Defense, Mobile data services",
author = "Chunyi Peng and Chi-Yu Li and Hongyi Wang and Tu, {Guan Hua} and Songwu Lu",
year = "2014",
month = nov,
day = "3",
doi = "10.1145/2660267.2660346",
language = "English",
isbn = "9781450329576",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",
pages = "727--738",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",
note = "21st ACM Conference on Computer and Communications Security, CCS 2014 ; Conference date: 03-11-2014 Through 07-11-2014",
}