Diameter Security: An Auditor’s Viewpoint

Authors

  • Sergey Mashukov Positive Technologies, Russia

DOI:

https://doi.org/10.13052/jicts2245-800X.513

Keywords:

Diameter, Security, 4G

Abstract

In this paper we share our experience in conducting security audits for several different mobile network operators and discuss the difficulties encountered in the process. We also describe successful attacks performed by us on Diameter equipment in these environments. Some of these attacks have not been published previously.

 

Downloads

Download data is not yet available.

Author Biography

Sergey Mashukov, Positive Technologies, Russia

S. Mashukov attended Lobachevsky State University of Nizhny Novgorod, Russian Federation, receiving his B.Sc. and M.Sc. degrees in Computer Science in 2010 and 2012, respectively. Before joining Positive Technologies in 2016, he worked for 6 years on maintenance and development of a Diameter Base implementation for the one of the most deployed telecom platforms in the world.

As a telecom security specialist, his main point of interest is security of the Diameter protocol. He performs Diameter security audits for international MNOs and conducts research on the protocol weaknesses.

Sergey is also the general developer of the Diameter Vulnerability Scanner tool and member of the Telecom Attack Discovery development team.

References

Kotte, B. T. (2016). Analysis and Experimental Verification of Diameter Attacks in Long Term Evolution Networks. Master’s thesis, Aalto University, Espoo.

De Oliveira, A. (2016). “Assaulting IPX Diameter Roaming Network,” in Proceedings of the Troopers IT-Security Conference, Heidelberg.

Rao, S., Holtmanns, S., Oliver, I., and Aura, T. (2016). The Known Unknowns of SS7 and Beyond. Espoo: Aalto University.

SCTP Stack for Python (2017). Available at: https://github.com/philp raxis/pysctp

ETSI (2012). 3GPP Specification: 29.329; Sh Interface Based on the Diameter Protocol; Protocol Details. Version 14.0.0 by 3rd Generation Partnership Project. Sophia Antipolis: ETSI.

European Committee for Standardization (2013). 3GPP Specification: TS29.272 Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) Related Interfaces Based on Diameter Protocol Version 14.0.0 by 3rd Generation Partnership Project. Brussels: European Commission.

Nohl, K., and Melette, L. (2015). Advanced Interconnect Attacks. Chasing GRX and SS7 Vulns. Available at: https://www.youtube.com/watch?v=2oCOdGpXvZY

Fajardo, V. (Ed.), Arkko, J., Loughney, J., and Zorn, G. (Ed.). (2012). RFC6733 Diameter Base Protocol. Available at: https://www.rfc-editor.org/rfc/rfc6733.txt

Tschofenig, H., Korhonen, J. (Ed.), Zorn, G., and Pillay, K. (2016). RFC7966 Security at the Attribute-Value Pair (AVP) Level for Non-neighboring Diameter Nodes: Scenarios and Requirements. Available at: https://www.rfc-editor.org/info/rfc7966

Downloads

Published

2017-09-08

How to Cite

Mashukov, S. . (2017). Diameter Security: An Auditor’s Viewpoint. Journal of ICT Standardization, 5(1), 53–68. https://doi.org/10.13052/jicts2245-800X.513

Issue

2017: Vol 5 Iss 1

Section

Articles