FinalAssignment
Topic:
AResearchProposalonCyberSecurityforNextGeneration
WirelessNetworks
Submittedby:
NikosBizanis
N.Bizanis@student.tudelft.nl
4417631
Delft
24/11/2014
1. INTRODUCTION
2. MAINISSUESANDRELATEDWORK
"TS133401V8.2.1Digitalcellular...ETSI."19Nov.2014
<http://www.etsi.org/deliver/etsi_ts/133400_133499/133401/08.02.01_60/ts_133401v080201p.pdf>
2
Cheng,Pengetal."FeasibilitystudyofapplyingLTEtoSmartGrid."SmartGridModelingandSimulation
(SGMS),2011IEEEFirstInternationalWorkshopon17Oct.2011:108113.
Traynor,Patrick,PatrickMcDaniel,andThomasLaPorta."Onattackcausalityininternetconnected
cellularnetworks."Proceedingsof16thUSENIXSecuritySymposiumonUSENIXSecuritySymposium6
Aug.2007:116.
4
Enck,Williametal."ExploitingopenfunctionalityinSMScapablecellularnetworks."Proceedingsofthe
12thACMconferenceonComputerandcommunicationssecurity7Nov.2005:393404.
5
Lee,PatrickPC,TianBu,andThomasWoo."OnthedetectionofsignalingDoSattackson3Gwireless
networks."INFOCOM2007.26thIEEEInternationalConferenceonComputerCommunications.IEEE6
May.2007:12891297.
Xu,Wenyuanetal."Thefeasibilityoflaunchinganddetectingjammingattacksinwirelessnetworks."
Proceedingsofthe6thACMinternationalsymposiumonMobileadhocnetworkingandcomputing25May.
2005:4657.
7
Clancy,TCharles."Efficientofdmdenial:Pilotjammingandpilotnulling."Communications(ICC),2011
IEEEInternationalConferenceon5June.2011:15.
8
Bassil,Ramzietal."SignalingorienteddenialofserviceonLTEnetworks."Proceedingsofthe10thACM
internationalsymposiumonMobilitymanagementandwirelessaccess24Oct.2012:153158.
9
Mulliner,Collin,andJPSeifert."RiseoftheiBots:Owningatelconetwork."MaliciousandUnwanted
Software(MALWARE),20105thInternationalConferenceon19Oct.2010:7180.
enddevices into bots, thus creating a network, which may allow him to
either to gain control over the entire infrastructure (e.g. in order to
exfiltrate sensitive information), or to launch a DDoS attack using the
infecteddevices.
Thepoints made above, lead tothe conclusion thatalthoughgreatefforts
have been made and substantial research has already been done, it is
clear that the field is so rapidly evolving and there are so many new
potential applications of those systems, that there are always some new
gaps that open up in the existing knowledge and many new questions
need to be answered. I strongly believe that a new, integrated security
framework is necessary, as a rule for future systems, for the following
reasons:
Most of the more mature studies, providing solutions and
countermeasures against availability attacks, are outdated, as they
were done for 2nd and 3rd generation systems, which have a
significantlydifferentarchitecturethantodaysnetworks.
The majority of the work done on modern networks, such as LTE,
has been centered, until now, on demonstrating the feasibility of
availabilityattacks(e.g. radio jamming orDoS),butnotonproviding
protectiveactions.
Thescope of mostofthosepapersislimited,studyingjustaspecific
subcategory of cyberattacks, and not trying to provide a holistic
safety approach. This approach must take into account the
interdependencies of future networks with critical infrastructures,
providinganintegratedriskmanagementandsecurityframework.
3. EXPECTEDOUTCOMEOFTHERESEARCH
4. PLANOFACTION
Theresearchtimelineshouldfollowtheschematicgivenabove.Namely:
In the first 34 months of the research, a vulnerability assessment
must be given, consistingofattacksimulations,ormaybesomefield
testindeployednetworks,ifgiventheopportunity.
In the next 23 months, the architectural design is constructed,
which could serve as a future standard recommendation, for the
operators to implement. This consists of a risk assessment
framework, which will try to model the impact of cyberattacks
against the availability of wireless networks, given their use as a
backbone of critical systems. This can be assisted by modelling
analysis, and higherlevel simulations, which will measure the
vulnerabilities introduced to the critical systems by the use of
wirelessnetworksasapillaroftheirfunction.
In the final 12months ofthe project, a set of policyregulationsare
formulated, which could serve as a recommendation to the
authoritiesthatcanenforcethemtotheproviders.