Taming Mr Hayes: Mitigating signaling based attacks on smartphones

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012) Pub Date : 2012-06-25 DOI:10.1109/DSN.2012.6263943

Collin Mulliner, Steffen Liebergeld, Matthias Lange, Jean-Pierre Seifert

{"title":"Taming Mr Hayes: Mitigating signaling based attacks on smartphones","authors":"Collin Mulliner, Steffen Liebergeld, Matthias Lange, Jean-Pierre Seifert","doi":"10.1109/DSN.2012.6263943","DOIUrl":null,"url":null,"abstract":"Malicious injection of cellular signaling traffic from mobile phones is an emerging security issue. The respective attacks can be performed by hijacked smartphones and by malware resident on mobile phones. Until today there are no protection mechanisms in place to prevent signaling based attacks other than implementing expensive additions to the cellular core network. In this work we present a protection system that resides on the mobile phone. Our solution works by partitioning the phone software stack into the application operating system and the communication partition. The application system is a standard fully featured Android system. On the other side, communication to the cellular network is mediated by a flexible monitoring and enforcement system running on the communication partition. We implemented and evaluated our protection system on a real smartphone. Our evaluation shows that it can mitigate all currently known signaling based attacks and in addition can protect users from cellular Trojans.","PeriodicalId":236791,"journal":{"name":"IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2012.6263943","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Malicious injection of cellular signaling traffic from mobile phones is an emerging security issue. The respective attacks can be performed by hijacked smartphones and by malware resident on mobile phones. Until today there are no protection mechanisms in place to prevent signaling based attacks other than implementing expensive additions to the cellular core network. In this work we present a protection system that resides on the mobile phone. Our solution works by partitioning the phone software stack into the application operating system and the communication partition. The application system is a standard fully featured Android system. On the other side, communication to the cellular network is mediated by a flexible monitoring and enforcement system running on the communication partition. We implemented and evaluated our protection system on a real smartphone. Our evaluation shows that it can mitigate all currently known signaling based attacks and in addition can protect users from cellular Trojans.

查看原文本刊更多论文

驯服海耶斯:减轻针对智能手机的基于信号的攻击

从移动电话恶意注入蜂窝信令流量是一个新兴的安全问题。这些攻击可以通过被劫持的智能手机和驻留在手机上的恶意软件来执行。直到今天，除了在蜂窝核心网络中实施昂贵的附加功能之外，还没有适当的保护机制来防止基于信令的攻击。在这项工作中，我们提出了一个驻留在手机上的保护系统。我们的解决方案是将手机软件栈划分为应用程序操作系统和通信分区。应用系统是一个标准的全功能Android系统。另一方面，与蜂窝网络的通信由运行在通信分区上的灵活监控和执行系统进行调解。我们在真正的智能手机上实施并评估了我们的保护系统。我们的评估表明，它可以减轻所有目前已知的基于信令的攻击，此外还可以保护用户免受蜂窝木马病毒的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)

自引率

0.00%

发文量