GPRS Security ThreatsAvailability
The most common type of attack on availability is a denial of service (DOS) attack. There are several types of denial of service attacks that are possible on the Gp interface
- Spoofed GTP PDP Context Delete – An attacker with the appropriate information, can potentially craft a GTP PDP Context Delete message which will remove the GPRS Tunnel between the SGSN and GGSN for a subscriber. Some of the information that must be known can be learned by crafting other types of network traffic. If an attacker doesn’t care about whom they are denying service, they can send many PDP Context Delete messages for every tunnel ID that might be used.
- Bad BGP Routing Information – An attacker who has control of a GRXs routers or who can inject routing information into a GRX operators route tables, can cause an operator to lose routes for roaming partners thereby denying roaming access to and from those roaming partners.
- DNS Cache Poisoning – It may be possible for an attacker to forge DNS queries and/or responses that causes a given users’ APN to resolve to the wrong GGSN or even none at all. If a long Time To Live (TTL) is given this can prevent subscribers from being able to pass data at all..
• Spoofed Update PDP Context Request – An attacker can use their own SGSN or a compromised SGSN to send an Update PDP Context Request to an SGSN, which is handling an existing GTP session. The attacker can then insert their own SGSN into the GTP session and hijack the data connection of the subscriber.
Integrity & Confidentiality
Should an attacker be in a position to access GTP or DNS traffic they can potentially alter it mid-stream or discover confidential subscriber information.
- Capturing a subscriber’s data session – Because GTP and the embedded T-PDUs are not encrypted, an attacker who has access to the path between the GGSN and SGSN such as a malicious employee or cracker who has compromised access to the GRX can potentially capture a subscriber’s data session. This is generally true of traffic on public networks and subscribers should be advised to utilize IPSec or similar protection.
References
OLA Beeying! I think your post is quite okay though it is abit short. However i think it will be good if you could explain more on the diagram. Thank you!
ReplyDeleteZahidah