Uncovering insecure designs of cellular emergency services (911)

Yiwen Hu, Min Yue Chen, Guan Hua Tu, Chi Yu Li, Sihan Wang, Jingwen Shi, Tian Xie, Li Xiao, Chunyi Peng, Zhaowei Tan, Songwu Lu

研究成果: Conference contribution同行評審

1 引文 斯高帕斯(Scopus)

摘要

Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities.

原文English
主出版物標題ACM MobiCom 2022 - Proceedings of the 2022 28th Annual International Conference on Mobile Computing and Networking
發行者Association for Computing Machinery
頁面703-715
頁數13
ISBN(電子)9781450391818
DOIs
出版狀態Published - 14 10月 2022
事件28th ACM Annual International Conference on Mobile Computing and Networking, MobiCom 2022 - Sydney, Australia
持續時間: 17 10月 220221 10月 2202

出版系列

名字Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM

Conference

Conference28th ACM Annual International Conference on Mobile Computing and Networking, MobiCom 2022
國家/地區Australia
城市Sydney
期間17/10/0221/10/02

指紋

深入研究「Uncovering insecure designs of cellular emergency services (911)」主題。共同形成了獨特的指紋。

引用此