CS Computer and Network Security: GSM Overload
|
|
- Meredith Miller
- 5 years ago
- Views:
Transcription
1 CS Computer and Network Security: GSM Overload Professor Patrick Traynor Fall 2017
2 Reminders You need to start working on your project! Some of you have not yet built anything. This will be a problem soon! Remember, you must turn in all of your code, plus a makefile and instructions on how to run it! Remember to keep doing your reading! Not just for the final, but also so that you can participate in the class! 2
3 Unintended Consequences The law of unintended consequences states that most human actions have at least one unintended consequence. 3
4 Low Rate DoS Attacks While recent attacks on cellular networks seem unrelated, there is a common factor that catalyzes them all. Comparing multiple attacks uncovers causality: SMS Attack (JCS 09, CCS 05) Network Characterization and Partial Mitigations (TON 10, MobiCom 06) Data Teardown/Setup Attacks (USENIX Security 07) Clash of Design Philosophies The architecture of cellular networks inherently makes them susceptible to denial of service attacks. 4
5 SMS Delivery (simplified) CCH PSTN VLR MSC HLR VLR Network SMSC MSC Internet ESME 5
6 Control Channels Control channels are used for a handful of infrequently used functions. Call setup, SMS delivery, mobility management, etc... The SDCCH allows the network to perform most of these functions. The number of SDCCHs typically depends on the expected use in an area. 4/8/12... PCH RACH AGCH SDCCH 6
7 GSM TDMA Frames TDMA Frame: Slot 0 Slot 1 Slot 2 Slot 3 Slot 4 Slot 5 Slot 6 Slot 7 Frame: msec Frame 0 Frame 1 Frame 2... Frame Multiframe: msec 7
8 From Frames to Channels 26 Multiframe: ms }Frame: 4.615ms 8
9 Recognition Once you fill the SDCCH channels with SMS traffic, call setup is blocked Voice X SMS SMS SMS SMS SMS SMS SMS SMS The goal of an adversary is therefore to fill SDCCHs with SMS traffic. Not as simple as you might think... 9
10 Reconnaissance Can such an attack be launched by targeting a single phone? Low end phones: msgs High end phones: 500+ msgs (battery dies) How do you get messages into the network? , IM, provider websites, bulk senders, etc... Don t the networks have protections? IP Address blocking, Spam filtering 10
11 Finding Phones North American Numbering Plan (NANP) NPA-NXX-XXXX Numbering Plan Area Numbering Plan Exchange (Area code) Mappings between providers and exchanges publicly documented and available on the web Implication: An adversary can identify the prefixes used in a target area. 11
12 Web-Scraping Googling for phone numbers gives us better results: 7,300 in NYC 6,184 in D.C. in 5 seconds... 12
13 Provider Interfaces Almost all provider interfaces indicate whether or not a number is good. Some sites even tell you a target phone s availability. This interface is an oracle for available phones. 13
14 Exploit (Metro) C Sectors in Manhattan SDCCHs per sector 12 SDCCH (55 sectors) 1 sector 594, 000 msg/hr 165 msg/sec Messages per SDCCH per hour «900 msg/hr 1 SDCCH «165 msgs/sec * 1500 bytes = kb/sec kb/sec on multi-send interface... Comparison: Cable modem ~= 768 kb/sec 14
15 Attack Profile 1.2 SDCCH Utilization TCH Utilization 1 Utilization SDCCH Utilization TCH Utilization Time (seconds) Applied simulation and analysis to better characterize the attacks. Examined call blocking under multiple arrival patterns with exponentially distributed service times. Using 495 msgs/sec, a blocking probability of 71% is possible with the bandwidth of a cable modem. 15
16 Security Goals Goal: To preserve the fidelity of both voice services and legitimate text messages during targeted SMS attacks. Security Model: We must trust equipment in the network core. We can not trust Internet users or customer devices. 16
17 Placing Mitigations PSTN VLR MSC HLR VLR Network SMSC MSC Internet ESME 17
18 Solution Classifications Scheduling/Shaping/Regulation WFQ, Leaky Bucket, Priority Queues AQM (WRED, REM, AVQ) Resource Provisioning SDCCH (SMS) SDCCH (Voice) TCH (Voice) Service Queue (SMS) Service Queue (Voice) TCH (Voice) SRP Percent of Attempts Blocked Percent of Attempts Blocked DRP Time (seconds) SDCCH TCH Service Queue Time (seconds) SDCCH (SMS) SDCCH (Voice) TCH (Voice) DCA Utilization Percent of Attempts Blocked Time (seconds) Time (seconds) 18
19 WRED - Overview High Med Low t med,max t med,min t low,max t low,min 19
20 WRED - Overview High Med Low t med,max t med,min t low,max t low,min N Q = P Q 1 ρ target = ρ actual (1 P drop ) P drop = P drop,high λ high + P drop,med λ med + P drop,low λ low λ SMS P drop = P drop,max (Q avg t min ) (t max t min ) 20
21 WRED - Results 1 Service Queue (SMS - Priority 1) Service Queue (SMS - Priority 2) Service Queue (SMS - Priority 3) 1 SDCCH TCH Service Queue Percent of Attempts Blocked Low Priority SMS Blocking Utilization Average Queue Occupancy Time (seconds) Time (seconds) Messages of high and medium-priority experience no blocking, but increased delay. An average of 77% of low-priority messages are blocked. This is a nice solution, assuming meaningful partitioning of flows. 21
22 ...and yet... Performance improvements come from one of two changes: speedup or parallelization. As diverse as our solutions appear, they all attempt to maximize performance through the latter. In many senses, we are not solving the problem - we are pushing food around on our plate. Adding bandwidth should logically address this problem. 22
23 Cellular Data Networks GPRS/EDGE provide much higher bandwidth service. Packet-switched data services are attractive to providers and users for a number of reasons. User devices operate in one of three states: IDLE, STANDBY and READY. STANDBY IDLE: The device is unavailable. STANDBY: Available, but not exchanging packets. READY: Actively listening for packets. STANDBY Timer Expires Paging Request GPRS Detach READY READY Timer Expires GPRS Attach IDLE 23
24 Data Architecture HLR Internet GGSN SGSN IP Address SGSN
25 Real Network Configs To make these simulations represent reality, we use a Samsung Blackjack in Field Test Mode to discover settings of an operational network. Field Test Mode tells us that control channels for voice and data are shared in real networks. Voice and data traffic may be able to interfere with each other. 25
26 Reducing Overhead Because paging is so expensive, we don t want to do it for every packet. Establishing a connection takes 5 seconds: Waiting: Paging, Wakeup, Processing, Acquiring timeslots Transmission GPRS differentiates packets at the MAC layer by Temporary Block Flows (TBFs). Each TBF is assigned a Temporary Flow ID (TFI). 26
27 Teardown Attack: Overview TFIs are implemented as 5-bit fields, yielding a maximum of 32 concurrent flows. If you send a message to a phone once every 5 seconds, the targeted device maintains its TFI. An adversary can therefore cause legitimate flows to block due to TBF/TFI exhaustion msgs msgs Capacity sectors sectors 1 sector Kbps 110 Kbps 41 bytes 41 bytes 1 msg 1 msg sec 5 sec 27
28 Teardown Attack: Results 1 Average Percent Blocking During Attack Attack Traffic (kbps) RACH (Data) RACH (Voice) PDTCH (Data) TCH (Voice) If an attacker can send 160Kbps of data traffic, 97% of legitimate traffic will be blocked. Note that data service is blocked with less than 30% of the attack traffic previously used to attack SMS. 28
29 Setup Attack Average Percent Blocking During Attack Attack Traffic (kbps) RACH (Data) RACH (Voice) To prevent this attack, we reclaim TFIs when the base station sends the last packet in a flow. If an attacker can send 4950Kbps of attack traffic, over 85% of all legitimate traffic will be blocked. Voice and SMS will be blocked at the same rate! 29
30 Broken Solutions Add more TFIs. This is an artificial boundary. Why does it exist? Add more bandwidth. Session establishment requires a few seconds, so adding bandwidth should speed this up and alleviate the problem. lim T hroughput = #Requests # Requests BW Setup(P aging, W aiting, P rocessing) T hroughput = Setup(P aging, W aiting, P rocessing) + T ransmission 30
31 The Failure of Bandwidth Control Channel Throughput (packets/sec) (requests/sec) Setup Latency = 1 sec 2 sec 3 sec 4 sec 5 sec Decreasing the cost of connection establishment requires reducing connection setup latency. Increased Rate Bandwidth (packets/sec) Today 31
32 Connecting the Dots... The concept of connection establishment is considerably different in cellular and data networks. Cellular networks page, wake and negotiate with hosts. Data networks simply forward packets. These networks were specialized to deliver voice, but data service has been shoehorned in... The setup for data connections simply can not be amortized like voice calls... 32
33 Clash of Design Philosophies The Internet uses the End-to-End Principle as its guiding philosophy. Cellular data networks are still fundamentally circuit-switched systems. Because specialized networks implement more functionality than absolutely necessary for all flows, they exhibit rigidity. Such systems are unable to adapt to meet changing requirements and conditions. 33
34 A Cautionary Tale... Cellular networks are among the most specialized systems ever constructed. Adding services that violate the assumptions upon which the network is optimized allows an attacker to force such systems to fail at very low rates... The unintended consequence of attempts to save battery life allow attackers to shut down the network. Many more vulnerabilities exist in this network... 34
CSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 1 Unintended Consequences The
More informationMobile Security / /
Mobile Security 96-835 / 18-639 / 14-829 Patrick Tague 14 Sept 2010 Class #7 Securing Cellular Services Agenda Vulnerabilities in Cellular Services SMS and related attacks Cellular data services and attacks
More informationMobile Security Fall 2012
Mobile Security 14-829 Fall 2012 Patrick Tague Class #5 Telecom Infrastructure Attacks Announcements Project teams and topics need to be set soon Project topics must be approved before the proposal can
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #4 Telecom System Security General Vulnerabilities Service interruption vulnerabilities Due to increased capacity offered by high speed communication
More informationMitigating Attacks on Open Functionality in SMS-Capable Cellular Networks
Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor College of Computing Georgia Institute of Technology traynor@cc.gatech.edu William Enck, Patrick McDaniel, and
More informationMitigating Attacks on Open Functionality in SMS-Capable Cellular Networks
Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta Systems and Internet Infrastructure Security Laboratory Networking
More informationMitigating Attacks on Open Functionality in SMS-Capable Cellular Networks
Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta Systems and Internet Infrastructure Security Laboratory Networking
More informationMobile Security Fall 2014
Mobile Security Fall 2014 Patrick Tague Class #3 Telecom Security Issues 1 Class #3 Brief history of telecom security Attacks on telecom networks A few project pitches 2 A3 RES A8 Kc RAND K more than And
More informationMobile Security Fall 2015
Mobile Security Fall 2015 Patrick Tague #4: Telecom System Security Issues 2015 Patrick Tague 1 Class #4 Finish up our telecom security history lesson Interesting effects of telecom evolution Analysis
More informationMitigating Attacks on Open Functionality in SMS-Capable Cellular Networks
Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Abstract The evolution of phone networks from isolated voice carriers to Internet-enabled multipurpose data and voice networks
More informationGPRS System Architecture
1 LECTURE 6 GPRS What is GPRS? 2 General Packet Radio Service is an overlay on top of GSM physical layer and network entities It extends data capabilities of GSM and provides connection to external packet
More informationUNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase
UNIT-5 GSM System Operations (Traffic Cases) Registration, call setup, and location updating Call setup Interrogation phase For the interrogation phase The initial address message comes outside the GSM
More information40 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 17, NO. 1, FEBRUARY 2009
40 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 17, NO. 1, FEBRUARY 2009 Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, Student Member, IEEE, William Enck, Student
More informationGSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS
GSM Example of a PLMN (Public Land Mobile Network) At present most successful cellular mobile system (over 200 million subscribers worldwide) Digital (2 nd Generation) cellular mobile system operating
More informationExploiting Open Functionality in SMS-Capable Cellular Networks
1 Exploiting Open Functionality in SMS-Capable Cellular Networks William Enck, Patrick Traynor, Patrick McDaniel, Thomas La Porta Technical Report NAS-TR-0007-2005 Systems and Internet Infrastructure Security
More informationExploiting Open Functionality in SMS-Capable Cellular Networks
Exploiting Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta Systems and Internet Infrastructure Security Laboratory Department of
More informationWIRELESS SYSTEM AND NETWORKING
LECTURE 6 WIRELESS SYSTEM AND NETWORKING References: Rappaport (Chapter 9 and 10) Bernhard (Chapter 3, 4 and 5) Garg (Chapter 8 and 9) Kaarenen (Chapter 1-5 and 9) WIRELESS EVOLUTION Japan Europe Americas
More informationSMS ATTACKS AND SECURITY IN MOBILE COMPUTING
SMS ATTACKS AND SECURITY IN MOBILE COMPUTING N.Janani Dept. Computer Science & Engineering, Karpagam College Of Engineering (KCE) Coimbatore, TamilNadu, India Email: blackmoon318@gmail.com ABSTRACT: Cellular
More informationFROM GSM TO LTE-ADVANCED: AN INTRODUCTION TO MOBILE NETWORKS AND MOBILE BROADBAND 2. GENERAL PACKET RADIO SERVICE (GPRS) AND EDGE
FROM GSM TO LTE-ADVANCED: AN INTRODUCTION TO MOBILE NETWORKS AND MOBILE BROADBAND 2. GENERAL PACKET RADIO SERVICE (GPRS) AND EDGE GPRS (General Packet Radio Service) Enhance GSM to transport data in an
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 8, 2011 Class #9 Link/MAC layer security Announcements HW #1 is due on Thursday 2/10 If anyone would like Android phones for their course
More informationGeneral Packet Radio Service (GPRS) 13 年 5 月 17 日星期五
General Packet Radio Service (GPRS) What is GPRS? GPRS (General Packet Radio Service) A packet oriented data service for IP and X.25 over GSM networks Enables packet-switched services on the resources
More informationGPRS and UMTS T
GPRS and UMTS T-110.2100 Global Packet Radio Service GPRS uses the time slots not used for circuit switched services Data rate depends on the availability of free time slots GPRS uses the multislot technique,
More informationGSM System Overview. Ph.D. Phone Lin.
GSM System Overview Phone Lin Ph.D. Email: plin@csie.ntu.edu.tw 1 Outlines Introduction GSM Architecture Location Tracking and Call Setup Security GSM Data Services Unstructured Supplementary Service Data
More informationInternal. GSM Fundamentals.
Internal GSM Fundamentals www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Chapter 1 GSM System Overview Chapter 2 GSM Network Structure Chapter 3 Service Area and Number Planning Chapter
More informationCS 716: Introduction to communication networks. - 9 th class; 19 th Aug Instructor: Sridhar Iyer IIT Bombay
CS 716: Introduction to communication networks - 9 th class; 19 th Aug 2011 Instructor: Sridhar Iyer IIT Bombay Contention-based MAC: ALOHA Users transmit whenever they have data to send Collisions occur,
More informationImplementation of a WAP model to evaluate Capacity in 3G radio access networks
Implementation of a model to evaluate Capacity in 3G radio access networks Henrik Fållby Outline Scoop of this thesis switched vs. circuit switched networks Data in GSM radio networks Wireless Application
More informationDimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks
Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations Mobile Telephony Networks 1 The Evolution of Mobile Telephony 1st Generation 2nd 3rd 4th Analogue Voice
More information10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.
10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS
More informationEnd-to-end IP Service Quality and Mobility - Lecture #5 -
End-to-end IP Service Quality and Mobility - Lecture #5 - Special Course in Networking Technology S-38.215 vilho.raisanen@nokia.com Planned contents & draft schedule 1. Introduction Jan 13th 2. Characteristics
More informationImplementation of a WAP model to evaluate Capacity in 3G radio access networks. Henrik Fållby
Implementation of a WAP model to evaluate Capacity in 3G radio access networks Henrik Fållby Outline Scoop of this thesis Packet switched vs. circuit switched networks Packet Data in GSM radio networks
More informationGSM and Similar Architectures Lesson 13 GPRS
GSM and Similar Architectures Lesson 13 GPRS 1 Two switching modes Circuit Switching Packet switching 2 Circuit switching A connection first sets up Then the entire data transmits through the path that
More informationINTRODUCTION TO GSM DATA SERVICES. ETI25111 Monday, April 3, 2017
INTRODUCTION TO GSM DATA SERVICES ETI25111 Monday, April 3, 2017 BASIC GSM SERVICES 1. Teleservices (a) Voice full-rate (13kbs) (b) Voice Half-rate (6.5 kbps) (c) SMS (up to 160 characters) (d) MMS (e)
More informationLecture overview. Modifications and derivatives of GSM Data transmission in GSM: HSCSD GPRS part one EDGE
Lecture overview Modifications and derivatives of GSM Data transmission in GSM: HSCSD GPRS part one EDGE Modifications and derivatives of GSM Introduction of half-rate speech coding (BR 6.5 kb/s) Two users
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationIntroduction to Real-Time Communications. Real-Time and Embedded Systems (M) Lecture 15
Introduction to Real-Time Communications Real-Time and Embedded Systems (M) Lecture 15 Lecture Outline Modelling real-time communications Traffic and network models Properties of networks Throughput, delay
More informationCS 457 Networking and the Internet. Network Overview (cont d) 8/29/16. Circuit Switching (e.g., Phone Network) Fall 2016 Indrajit Ray
8/9/6 CS 457 Networking and the Internet Fall 06 Indrajit Ray Network Overview (cont d) Circuit vs. Packet Switching Best Effort Internet Model Circuit Switching (e.g., Phone Network) Step : Source establishes
More informationENSC 835 HIGH PERFORMANCE NETWORKS. PROJECT PRESENTATION Fall 2003 GPRS - Wireless links, Base Station Controller and Cell update
ENSC 835 HIGH PERFORMANCE NETWORKS PROJECT PRESENTATION Fall 2003 GPRS - Wireless links, Base Station Controller and Cell update 1 Frank Zimmermann Frank.Zimmermann@gmx.net Roadmap Project goals GPRS overview
More informationMultiple Access (1) Required reading: Garcia 6.1, 6.2.1, CSE 3213, Fall 2010 Instructor: N. Vlajic
1 Multiple Access (1) Required reading: Garcia 6.1, 6.2.1, 6.2.2 CSE 3213, Fall 2010 Instructor: N. Vlajic Multiple Access Communications 2 Broadcast Networks aka multiple access networks multiple sending
More informationRunning GPRS/EDGE Data Services with Osmocom
Running GPRS/EDGE Data Services with Osmocom Daniel Willmann April 21, 2017 sysmocom - s.f.m.c. GmbH Contents GPRS structure PCU NITB SGSN GGSN Running GPRS Daniel Willmann Running
More informationCSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca
CSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Jannotti Administrivia Homework I out later today, due next Thursday Today: Link Layer (cont.)
More informationBase Station Subsystem Key Performance Indicators in EGPRS
Base Station Subsystem Key Performance Indicators in EGPRS Anders Arte Supervisor: Prof. Sven-Gustav Häggman Instructor: M.Sc. Leo Bhebhe Content Introduction Objectives and Methodology EGPRS EGPRS Fundamentals
More informationCS 344/444 Computer Network Fundamentals Final Exam Solutions Spring 2007
CS 344/444 Computer Network Fundamentals Final Exam Solutions Spring 2007 Question 344 Points 444 Points Score 1 10 10 2 10 10 3 20 20 4 20 10 5 20 20 6 20 10 7-20 Total: 100 100 Instructions: 1. Question
More informationMobile Communications
Mobile Communications 3GPP Public Land Mobile Networks: GSM, GPRS Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto 1 What is the architecture of the GSM network network elements, interfaces,
More informationModule objectives. Integrated services. Support for real-time applications. Real-time flows and the current Internet protocols
Integrated services Reading: S. Keshav, An Engineering Approach to Computer Networking, chapters 6, 9 and 4 Module objectives Learn and understand about: Support for real-time applications: network-layer
More informationCHAPTER 5 PROPAGATION DELAY
98 CHAPTER 5 PROPAGATION DELAY Underwater wireless sensor networks deployed of sensor nodes with sensing, forwarding and processing abilities that operate in underwater. In this environment brought challenges,
More informationQuality of Service (QoS)
Quality of Service (QoS) A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete
More informationCh.16 - Wireless WAN System Architectures
Ch.16 - Wireless WAN System Architectures 1 Wireless WAN 2 GSM via PSTN 3 GSM via ISDN 4 GPRS 5 Mobitex 6 CDPD 7 PPDC 8 UMTS 9 Future Systems 10 Systems Summary 1 11 Systems Summary 2 1 This section will
More information2 Network Basics. types of communication service. how communication services are implemented. network performance measures. switching.
2 Network Basics types of communication service how communication services are implemented switching multiplexing network performance measures 1 2.1 Types of service in a layered network architecture connection-oriented:
More informationSubject: Adhoc Networks
ISSUES IN AD HOC WIRELESS NETWORKS The major issues that affect the design, deployment, & performance of an ad hoc wireless network system are: Medium Access Scheme. Transport Layer Protocol. Routing.
More informationDelivering Voice over IEEE WLAN Networks
Delivering Voice over IEEE 802.11 WLAN Networks Al Petrick, Jim Zyren, Juan Figueroa Harris Semiconductor Palm Bay Florida Abstract The IEEE 802.11 wireless LAN standard was developed primarily for packet
More informationPriority Traffic CSCD 433/533. Advanced Networks Spring Lecture 21 Congestion Control and Queuing Strategies
CSCD 433/533 Priority Traffic Advanced Networks Spring 2016 Lecture 21 Congestion Control and Queuing Strategies 1 Topics Congestion Control and Resource Allocation Flows Types of Mechanisms Evaluation
More informationFinal Exam: Mobile Networking (Part II of the course Réseaux et mobilité )
Final Exam: Mobile Networking (Part II of the course Réseaux et mobilité ) Prof. J.-P. Hubaux February 12, 2004 Duration: 2 hours, all documents allowed Please write your answers on these sheets, at the
More informationOn Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core ABSTRACT Patrick Traynor Georgia Tech Information Security Center (GTISC) School of Computer Science Georgia Institute
More informationSIMULATION FRAMEWORK MODELING
CHAPTER 5 SIMULATION FRAMEWORK MODELING 5.1 INTRODUCTION This chapter starts with the design and development of the universal mobile communication system network and implementation of the TCP congestion
More informationPhysical Layer. Medium Access Links and Protocols. Point-to-Point protocols. Modems: Signaling. Modems Signaling. Srinidhi Varadarajan
P Physical Layer Srinidhi Varadarajan Medium Access Links and Protocols Three types of links : point-to-point (single wire, e.g. PPP, SLIP) broadcast (shared wire or medium; e.g, Ethernet, Wavelan, etc.)
More informationCSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca
CSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Administrivia Homework I out later today, due next Thursday, Sep 25th Today: Link Layer
More informationFinal Implemented QoS architecture for the IST Project VIRTUOUS Demonstrator
Final Implemented QoS architecture for the IST Project VIRTUOUS Demonstrator Filomena Del Sorbo, Giuseppe Lombardi, Fabio Ventrone Computer Science Department University of Rome La Sapienza, Via F. Buonarroti,
More informationRahman 1. Application
Data Link layer Overview of IEEE 802.11 Application Presentation Session Transport LLC: On transmission, assemble data into a frame with address and CRC fields. On reception, disassemble frame, perform
More informationCSC 4900 Computer Networks: Introduction
CSC 4900 Computer Networks: Introduction Professor Henry Carter Fall 2017 What s this all about? 2 A Modern Day Silk Road We live with nearly constant access to the most extensive system ever built by
More informationMODELING OF SMART GRID TRAFFICS USING NON- PREEMPTIVE PRIORITY QUEUES
MODELING OF SMART GRID TRAFFICS USING NON- PREEMPTIVE PRIORITY QUEUES Contents Smart Grid Model and Components. Future Smart grid components. Classification of Smart Grid Traffic. Brief explanation of
More informationChapter 5 Ad Hoc Wireless Network. Jang Ping Sheu
Chapter 5 Ad Hoc Wireless Network Jang Ping Sheu Introduction Ad Hoc Network is a multi-hop relaying network ALOHAnet developed in 1970 Ethernet developed in 1980 In 1994, Bluetooth proposed by Ericsson
More informationECEN Final Exam Fall Instructor: Srinivas Shakkottai
ECEN 424 - Final Exam Fall 2013 Instructor: Srinivas Shakkottai NAME: Problem maximum points your points Problem 1 10 Problem 2 10 Problem 3 20 Problem 4 20 Problem 5 20 Problem 6 20 total 100 1 2 Midterm
More informationSTEVEN R. BAGLEY PACKETS
STEVEN R. BAGLEY PACKETS INTRODUCTION Talked about how data is split into packets Allows it to be multiplexed onto the network with data from other machines But exactly how is it split into packets and
More informationChapter 6 Medium Access Control Protocols and Local Area Networks
Chapter 6 Medium Access Control Protocols and Local Area Networks Part I: Medium Access Control Part II: Local Area Networks CSE 3213, Winter 2010 Instructor: Foroohar Foroozan Chapter Overview Broadcast
More informationCSCD 433/533 Advanced Networks Spring Lecture 22 Quality of Service
CSCD 433/533 Advanced Networks Spring 2016 Lecture 22 Quality of Service 1 Topics Quality of Service (QOS) Defined Properties Integrated Service Differentiated Service 2 Introduction Problem Overview Have
More informationReminder: Datalink Functions Computer Networking. Datalink Architectures
Reminder: Datalink Functions 15-441 15 441 15-641 Computer Networking Lecture 5 Media Access Control Peter Steenkiste Fall 2015 www.cs.cmu.edu/~prs/15-441-f15 Framing: encapsulating a network layer datagram
More informationCHAPTER 7 MAC LAYER PROTOCOLS. Dr. Bhargavi Goswami Associate Professor & Head Department of Computer Science Garden City College
CHAPTER 7 MAC LAYER PROTOCOLS Dr. Bhargavi Goswami Associate Professor & Head Department of Computer Science Garden City College MEDIUM ACCESS CONTROL - MAC PROTOCOLS When the two stations transmit data
More informationOptical Packet Switching
Optical Packet Switching DEISNet Gruppo Reti di Telecomunicazioni http://deisnet.deis.unibo.it WDM Optical Network Legacy Networks Edge Systems WDM Links λ 1 λ 2 λ 3 λ 4 Core Nodes 2 1 Wavelength Routing
More informationNetwork Support for Multimedia
Network Support for Multimedia Daniel Zappala CS 460 Computer Networking Brigham Young University Network Support for Multimedia 2/33 make the best of best effort use application-level techniques use CDNs
More informationAnnouncements. Network Performance: Queuing. Goals of Today s Lecture. Window Scaling. Window Scaling, con t. Window Scaling, con t
Announcements Network Performance: Queuing Additional reading for today s lecture: Peterson & Davie 3.4 EE 122: Intro to Communication Networks Fall 2006 (MW 4-5:30 in Donner 155) Vern Paxson As: Dilip
More informationSynopsis of Basic VoIP Concepts
APPENDIX B The Catalyst 4224 Access Gateway Switch (Catalyst 4224) provides Voice over IP (VoIP) gateway applications for a micro branch office. This chapter introduces some basic VoIP concepts. This chapter
More informationCellular Networks and Mobility
Cellular Networks and Mobility Daniel Zappala CS 460 Computer Networking Brigham Young University Cellular Networks GSM 2G/3G Architecture 3/20 2G Standard 4/20 GSM: combined FDM/TDM divide into 200 khz
More informationUMTS Addresses and Identities Mobility and Session Management
UMTS Addresses and Identities Mobility and Session Management - Numbering, addressing and location identities - UE modes - Mobility management - Session management and QoS Numbering, Addressing and Location
More informationSupporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN)
Supporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN) G. S. Ahn, A. T. Campbell, A. Veres, and L. H. Sun IEEE Trans. On Mobile Computing
More informationCellular Communication
Cellular Communication Cellular Communication Cellular communication is designed to provide communications between two moving units, or between one mobile unit and one stationary phone or land unit (PSTN).
More informationWireless Communication
Wireless Communication Hwajung Lee Key Reference: Prof. Jong-Moon Chung s Lecture Notes at Yonsei University Wireless Communications Bluetooth Wi-Fi Mobile Communications LTE LTE-Advanced Mobile Communications
More informationCHAPTER 3 EFFECTIVE ADMISSION CONTROL MECHANISM IN WIRELESS MESH NETWORKS
28 CHAPTER 3 EFFECTIVE ADMISSION CONTROL MECHANISM IN WIRELESS MESH NETWORKS Introduction Measurement-based scheme, that constantly monitors the network, will incorporate the current network state in the
More informationENSC 835: HIGH-PERFORMANCE NETWORKS CMPT 885: SPECIAL TOPICS: HIGH-PERFORMANCE NETWORKS
ENSC 835: HIGH-PERFORMANCE NETWORKS CMPT 885: SPECIAL TOPICS: HIGH-PERFORMANCE NETWORKS GPRS: Wireless links, multiple base transmitter stations, base station controller and cell update Fall 2003 Final
More informationChapter 2. Literature Survey. 2.1 Remote access technologies
Chapter 2 Literature Survey This chapter presents a brief report on literature reviewed in context to present work with an aim to identify current state of research in the domain. Literature review is
More informationETSN01 Exam Solutions
ETSN01 Exam Solutions March 014 Question 1 (a) See p17 of the cellular systems slides for a diagram and the full procedure. The main points here were that the HLR needs to be queried to determine the location
More informationWireless IP for M2M / IoT 101
Wireless IP for M2M / IoT 101 Neo White Paper A concise introduction to using wireless devices for M2M / IoT data transmissions. www.neo.aeris.com Let our experts lead the way Table of Contents INTRODUCTION
More informationQUALITY of SERVICE. Introduction
QUALITY of SERVICE Introduction There are applications (and customers) that demand stronger performance guarantees from the network than the best that could be done under the circumstances. Multimedia
More informationCircuit switched network
GPRS-Services Page 12 2. GPRS-Services GPRS integrates a vast sum of additional services in a GSM-network. For this it will be necessary to define a subscriber profile that corresponds with services the
More informationLecture 9. Quality of Service in ad hoc wireless networks
Lecture 9 Quality of Service in ad hoc wireless networks Yevgeni Koucheryavy Department of Communications Engineering Tampere University of Technology yk@cs.tut.fi Lectured by Jakub Jakubiak QoS statement
More informationWireless Networks (CSC-7602) Lecture 8 (15 Oct. 2007)
Wireless Networks (CSC-7602) Lecture 8 (15 Oct. 2007) Seung-Jong Park (Jay) http://www.csc.lsu.edu/~sjpark 1 Today Wireline Fair Schedulling Why? Ideal algorithm Practical algorithms Wireless Fair Scheduling
More informationIP Packet Switching. Goals of Todayʼs Lecture. Simple Network: Nodes and a Link. Connectivity Links and nodes Circuit switching Packet switching
IP Packet Switching CS 375: Computer Networks Dr. Thomas C. Bressoud Goals of Todayʼs Lecture Connectivity Links and nodes Circuit switching Packet switching IP service model Best-effort packet delivery
More informationOverview Computer Networking What is QoS? Queuing discipline and scheduling. Traffic Enforcement. Integrated services
Overview 15-441 15-441 Computer Networking 15-641 Lecture 19 Queue Management and Quality of Service Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 What is QoS? Queuing discipline and scheduling
More informationThe MAC layer in wireless networks
The MAC layer in wireless networks The wireless MAC layer roles Access control to shared channel(s) Natural broadcast of wireless transmission Collision of signal: a /space problem Who transmits when?
More informationCh. 4 - WAN, Wide Area Networks
1 X.25 - access 2 X.25 - connection 3 X.25 - packet format 4 X.25 - pros and cons 5 Frame Relay 6 Frame Relay - access 7 Frame Relay - frame format 8 Frame Relay - addressing 9 Frame Relay - access rate
More informationQuality of Service in the Internet
Quality of Service in the Internet Problem today: IP is packet switched, therefore no guarantees on a transmission is given (throughput, transmission delay, ): the Internet transmits data Best Effort But:
More informationDepartment of Electrical and Computer Systems Engineering
Department of Electrical and Computer Systems Engineering Technical Report MECSE-6-2006 Medium Access Control (MAC) Schemes for Quality of Service (QoS) provision of Voice over Internet Protocol (VoIP)
More informationChapter 1 Introduction
Emerging multimedia, high-speed data, and imaging applications are generating a demand for public networks to be able to multiplex and switch simultaneously a wide spectrum of data rates. These networks
More informationBasic Concepts. CS168, Fall 2014 Sylvia Ratnasamy h<p://inst.eecs.berkeley.edu/~cs168/fa14/
Basic Concepts CS168, Fall 2014 Sylvia Ratnasamy h
More informationNetwork Performance: Queuing
Network Performance: Queuing EE 122: Intro to Communication Networks Fall 2006 (MW 4-5:30 in Donner 155) Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim http://inst.eecs.berkeley.edu/~ee122/ Materials
More informationSystem Models. 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models. Nicola Dragoni Embedded Systems Engineering DTU Informatics
System Models Nicola Dragoni Embedded Systems Engineering DTU Informatics 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models Architectural vs Fundamental Models Systems that are intended
More informationNetwork Layer Enhancements
Network Layer Enhancements EECS 122: Lecture 14 Department of Electrical Engineering and Computer Sciences University of California Berkeley Today We have studied the network layer mechanisms that enable
More informationQoS Policy Parameters
CHAPTER 6 This chapter describes the parameters, both required and optional, for QoS provisioning using the ISC user interface. Service level QoS parameters include all entry fields in the VoIP, Management,
More informationTechnical Brief. FirstPacket Technology Improved System Performance. May 2006 TB _v01
Technical Brief FirstPacket Technology Improved System Performance May 2006 TB-02434-001_v01 Table of Contents FirstPacket Technology... 3 Introduction... 3 Bandwidth vs. Latency... 3 The Problem... 3
More informationB. Bellalta Mobile Communication Networks
IEEE 802.11e : EDCA B. Bellalta Mobile Communication Networks Scenario STA AP STA Server Server Fixed Network STA Server Upwnlink TCP flows Downlink TCP flows STA AP STA What is the WLAN cell performance
More informationCSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca
CSCI-1680 Link Layer Wrap-Up Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Administrivia Homework I out later today, due next ursday, Sep 27th Today: Link Layer
More information