Telco honeypot
Sebeni, Flavia (2019)
Sebeni, Flavia
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201904235785
https://urn.fi/URN:NBN:fi:amk-201904235785
Tiivistelmä
Operators upgrade only parts of their networks and employ current technologies as needed. 2G and 3G SS7-based networks were designed as private, closed networks and their security was based on physical security of its elements, making it impossible for attackers to tamper with. Telecommunication networks communicate over the Interconnection link, possibly exposing an operator's network to an SS7 attack even if it does not use the decades old protocol anymore. The Diameter protocol used in 4G networks was envisioned to fix the known flaws and it offers secure connection over the air, but vulnerabilities still exist at the Core side.
4G networks are essentially open environments designed to allow network operators and service providers to connect to the Core Network via open interfaces, creating a bigger attack surface. The transition to 5G networks will be gradual and attacks targeted at older technologies will still be implementable.
Securing edge elements in the network is not comprehensive enough. A network-wide approach with security measures integrated both at the network side and end-user devices is recommendable.
This thesis examined known security flaws, previous work on demonstrating attacks and implemented a telecommunications honeypot to discover possible new attacks. An open-source software for the Core part of a network was used and packet data was collected and analyzed.
4G networks are essentially open environments designed to allow network operators and service providers to connect to the Core Network via open interfaces, creating a bigger attack surface. The transition to 5G networks will be gradual and attacks targeted at older technologies will still be implementable.
Securing edge elements in the network is not comprehensive enough. A network-wide approach with security measures integrated both at the network side and end-user devices is recommendable.
This thesis examined known security flaws, previous work on demonstrating attacks and implemented a telecommunications honeypot to discover possible new attacks. An open-source software for the Core part of a network was used and packet data was collected and analyzed.