SPM5440CyberSecurityEssentials

FinalAssignment

Topic:
AResearchProposalonCyberSecurityforNextGeneration
WirelessNetworks

Submittedby:
NikosBizanis
N.Bizanis@student.tudelft.nl
4417631

Delft
24/11/2014

1. INTRODUCTION

The current generation (4G) wireless systems, such as LTE or WiMAX,

areimaginedtoprovideadvancedservicesbeyondtraditionalvoicetrafc.
Most importantly in our case,specialpurposemachinetomachine(M2M)
communicationsystems,that are alreadybeingusedinSCADAandother
industrial control systems, will take advantage of 4G networkcapabilities.
Other critical applications envisioned include transportation and
emergencyresponsenetworks.
This will most certainly make them an appealing target in the context of
cyberattacks. Although there has been substantial research done on
securing the communications channels of those networks for
confidentiality and integrity purposes, those systems have not until now
been studied in the context of critical infrastructure protection, with a
strongfocusontheiravailabilityandresiliency.
With thatreasoning in mind,Iconductedthisresearchproposal.Ithasthe
goalofdescribingingeneraltermsacomprehensiveframeworkaswellas
providing an indicative roadmap, combined with a timeline, of the steps
that need to be taken to secure wireless network, especially their
applicationsincriticalinfrastructures.
This proposal is organised as follows: In thesecond part, a statement of
the proposed topic is given, along with a brief review of the existing
literature on the subject. The main arguments in favor of the need of
further research on the topic are also given there. In the third part, the
expected results andoutcomeof theresearchisprovided.Inthelastpart,
a plan of action for the research that is to be conducted is given,
containing in rough terms the research methodology and an (expected)
timeline.

2. MAINISSUESANDRELATEDWORK

4G mobile networks were, until now, mainly considering

privacy/confidentiality and authentication as the essential part of their
security strategy. Indeed, if we examine the LTE standard for instance1 ,
we can observe that there are extensive provisions made for
confidentiality and authentication. On the other hand, countermeasures
against attacks on the availability of the network are absent from the
standard.
This absence is no longer acceptable, especially given the extensive
deployment of those networks in critical scenarios. Many examples can
be given, a characteristic one being the proposed use of LTE, or its
successors to the nearfuture smart grids2 . Other critical applications
include emergency response systems, or SCADA systems and sensor
networksinindustrialplants.
Also, trying to get a glimpse into the future, the connected world moves
rapidly towards a scenario where billions of devices are going to be
connected using M2M links, giving shape to the socalled Internet of
Things (IoT). Apart from supporting everyday convenience applications,
the IoT is going to be used into much more sensitive ones, such as
remotely controlling medical devices or safety systems. Next generation
wirelessnetworksarethenaturalchoiceforthebackbonethatwillsupport
theaforementionedglobalnetwork.
Under the scenarios mentioned in the above, one can only imagine the
impact of a largescale cyberattackon the availability ofthose networks.
1

"TS133401V8.2.1Digitalcellular...ETSI."19Nov.2014
<http://www.etsi.org/deliver/etsi_ts/133400_133499/133401/08.02.01_60/ts_133401v080201p.pdf>
2
Cheng,Pengetal."FeasibilitystudyofapplyingLTEtoSmartGrid."SmartGridModelingandSimulation
(SGMS),2011IEEEFirstInternationalWorkshopon17Oct.2011:108113.

The recent advent of the concept of Advanced Persistent Threat (ATP)

brings into consideration thepossibility of sophisticated largescale cyber
attacks on the networks that will support the function of the most critical
infrastructuresofasociety.
The conclusion, given the above considerations, is that in recent years,
the threat landscapehas evolveddramatically, whereas at the same time
there were no major security updates in the wireless standards. Those
updates are eagerly needed to cope with the ATP, especially in the
context of availability and resiliency of those networks, and that is the
mainreasoningbehindthisresearchproposal.
Indeed, it hasalreadybeen noticed that commercial cellular networksare
vulnerable to availability attacks, and especially to the Denial of Service
(DoS) variant. This threat is intensified since modern wireless systems
work over the Internet, encompassing an allIP architecture. This of
course poses greater dangers, since in the public Internet threats
abandonanditismucheasiertolaunchalargescalecyberattack3.
There has been some early work on the availability of cellular wireless
networks, centered on older 2nd and 3rd generation systems. For
instance, there have been studies made for 2nd generation GSM
networks4 . In this paper the ease of taking down a cellular network was
demonstrated, by means of an attack coming either from the public
Internet, or from a set of infected handsets, manifested by a flooding of
SMS messages(in thelattercasewehaveaDistributedDenialofService
attack DDoS). There were also some countermeasures for the
eliminationofthe problempresented.For3rdgenerationUMTSnetworks,
vulnerabilities were also shown to exist5 . There, theDoSattack takesthe
3

Traynor,Patrick,PatrickMcDaniel,andThomasLaPorta."Onattackcausalityininternetconnected
cellularnetworks."Proceedingsof16thUSENIXSecuritySymposiumonUSENIXSecuritySymposium6
Aug.2007:116.
4
Enck,Williametal."ExploitingopenfunctionalityinSMScapablecellularnetworks."Proceedingsofthe
12thACMconferenceonComputerandcommunicationssecurity7Nov.2005:393404.
5
Lee,PatrickPC,TianBu,andThomasWoo."OnthedetectionofsignalingDoSattackson3Gwireless
networks."INFOCOM2007.26thIEEEInternationalConferenceonComputerCommunications.IEEE6
May.2007:12891297.

form of a signalling overload in the network, and a scheme for early

detection is presented, although there are no concrete mitigation
countermeasuresspecified.
Another typical form of attack that was studied in the previous decade,
cantakeplace inthe physicallayer (theradiointerface)ofanetwork,and
is called radio jamming. The scope and plausibility of this kind of cyber
attacks to the wireless network has been evaluated by extensive
experiments6 . Although some algorithms to detect jamming attacks are
sketchedinthatpaper,thejammingtechniquessimulatedarerathernaive
(e.g. random jamming) and it is expected that in the face of ATP much
moreeffectiveattackscenariosmustbeconsidered.
As far as cuttingedge systems are concerned, theresearch has thus far
been concentrated on the detection of plausible attacks, rather than in
designing countermeasures, proving the immaturity of the field. For
instance, the danger from jamming attacks has been demonstrated7 .
Here, OFDM pilot subcarrier jamming is studied, where OFDM is the
highorder modulation scheme, which is already used in 4G wireless
systems(e.g.LTEor WiMAX), and pilots are signals used by thedevices
to estimate and connect to the channel. The author shows that just by
jamming these signals, which requires a modest amount of powerand a
simple jammingdevice,onecaneffectivelydisruptthenetwork.Inanother
recent work8 , the authors used extensive simulations to prove the
plausibility of a DoS attack, by flooding the network with excessive
signalling requests, thereby preventing the legitimate users from
accessing the needed resources. Another interested work9 shows how
easily one can design a CommandandControl protocol to turn
6

Xu,Wenyuanetal."Thefeasibilityoflaunchinganddetectingjammingattacksinwirelessnetworks."
Proceedingsofthe6thACMinternationalsymposiumonMobileadhocnetworkingandcomputing25May.
2005:4657.
7
Clancy,TCharles."Efficientofdmdenial:Pilotjammingandpilotnulling."Communications(ICC),2011
IEEEInternationalConferenceon5June.2011:15.
8
Bassil,Ramzietal."SignalingorienteddenialofserviceonLTEnetworks."Proceedingsofthe10thACM
internationalsymposiumonMobilitymanagementandwirelessaccess24Oct.2012:153158.
9
Mulliner,Collin,andJPSeifert."RiseoftheiBots:Owningatelconetwork."MaliciousandUnwanted
Software(MALWARE),20105thInternationalConferenceon19Oct.2010:7180.

enddevices into bots, thus creating a network, which may allow him to
either to gain control over the entire infrastructure (e.g. in order to
exfiltrate sensitive information), or to launch a DDoS attack using the
infecteddevices.
Thepoints made above, lead tothe conclusion thatalthoughgreatefforts
have been made and substantial research has already been done, it is
clear that the field is so rapidly evolving and there are so many new
potential applications of those systems, that there are always some new
gaps that open up in the existing knowledge and many new questions
need to be answered. I strongly believe that a new, integrated security
framework is necessary, as a rule for future systems, for the following
reasons:
Most of the more mature studies, providing solutions and
countermeasures against availability attacks, are outdated, as they
were done for 2nd and 3rd generation systems, which have a
significantlydifferentarchitecturethantodaysnetworks.
The majority of the work done on modern networks, such as LTE,
has been centered, until now, on demonstrating the feasibility of
availabilityattacks(e.g. radio jamming orDoS),butnotonproviding
protectiveactions.
Thescope of mostofthosepapersislimited,studyingjustaspecific
subcategory of cyberattacks, and not trying to provide a holistic
safety approach. This approach must take into account the
interdependencies of future networks with critical infrastructures,
providinganintegratedriskmanagementandsecurityframework.

3. EXPECTEDOUTCOMEOFTHERESEARCH

From theconsiderations above, itwasclearthatanyfutureresearchmust

avoid having the limited scope of work that has already been done.
Instead of just some technical suggestions the approach taken into this
proposal has the goal of providing a holistic, unified framework, which
could beprovided to vendors andoperatorsofcurrentandfuturewireless
networks.
The final deliverable would consist of three layers, describing research
that takes place in distinct time phases. More specifically, goingfromthe
firsttimestagestothelateroneswecandiscern:
1. Afirst stageis a more shortterm goal. Itconsists of sometechnical
analysis, targeting at analysing, on a purely practical lowlevel, the
vulnerabilities (there is already literature on this topic, as it was
already mentioned in the previous section), and proposing a set of
specific countermeasures. More specifically, a strong technical
analysisis required, in order to determinethe conditionsthatmake
possibleattacks against theavailabilityofwirelessnetworks,aswell
as anassessmentoftheimmediateimpactthoseattackscouldhave
onthenetwork,ifsuccessful.
2. A second stage, consisting of a risk assessment on a higher level,
which would also carefully consider the critical interdependence
between the wireless networks and the critical systems they
support. Using these considerations, along with the current threat
landscapeand having as a pillarthesolutionsprovidedbystepone,
we could be led to a new architectural design for next generation
networks. This will result intochangingthe current paradigm,which
is focused on guaranteeing mainly privacy and authentication.This

design will have the ultimate goal of becoming a part of future

standardreleases.
3. A third, and most ambitious stage, consists of thedesignofa legal
and regulatory framework that will bind the network equipment
vendorsand theoperators, into enforcing the optimalcybersecurity
practices.
A schematic of that plan, with the earlier stages at the base of the
pyramid,andthelaterstagesontop,isshownbelow:

4. PLANOFACTION

Theresearchtimelineshouldfollowtheschematicgivenabove.Namely:
In the first 34 months of the research, a vulnerability assessment
must be given, consistingofattacksimulations,ormaybesomefield
testindeployednetworks,ifgiventheopportunity.
In the next 23 months, the architectural design is constructed,
which could serve as a future standard recommendation, for the
operators to implement. This consists of a risk assessment
framework, which will try to model the impact of cyberattacks
against the availability of wireless networks, given their use as a
backbone of critical systems. This can be assisted by modelling
analysis, and higherlevel simulations, which will measure the
vulnerabilities introduced to the critical systems by the use of
wirelessnetworksasapillaroftheirfunction.
In the final 12months ofthe project, a set of policyregulationsare
formulated, which could serve as a recommendation to the
authoritiesthatcanenforcethemtotheproviders.