chapter  12
22 Pages

Cyberattack Surface of Next-Generation Mobile Networks

Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 12.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 12.2 Mobile Network Cyberattack Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

12.2.1 Service and Security Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 12.2.2 GSM Cyber Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 12.2.3 UMTS Cyber Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 12.2.4 LTE Cyber Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

12.3 Next-Generation Mobile Networks: Concepts and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 12.3.1 EPC as a Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 12.3.2 Software-Defined Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 12.3.3 Cloud-Based Radio Access Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

12.4 Cyberattack Surface of the Next-Generation Mobile Networks. . . . . . . . . . . . . . . . . . . . . . . . . 299 12.4.1 OpenFlow-Related Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 12.4.2 NFV-Related Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 12.4.3 EPC-Related Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 12.4.4 C-RAN-Related Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

12.5 Cyber Defense Design Requirements and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . 307 12.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Abstract This chapter presents the cyberattacking surface of the next-generation mobile networks. Drawing on native security approaches in the mobile environment, this chapter renders the present state of mobile network resilience and identifies the areas prone to cyberattacks. Extending toward the cloudification and in-software definition concepts, this chapter provides an overview of the next-generation mobile network architecture. Next, this chapter presents the associated cyberattack surface relative to the threat models, the security challenges, and the attacking vectors. Specifically, this chapter elaborates the characteristics of all the security-related threats for the evolved packet core segment, the software-defined backbone, and the cloud-based radio access network using the spoofing, tampering, repudiation, information disclosure, denial-of-service, and elevation of privilege (STRIDE) categorization and dynamic flow representation. This chapter extends the cyberattacking surface elaboration to include discussion on the existing defensive mechanisms or the segment-specific ones that can be adopted for the purpose of an integral software-definedmobile network (SDMN) protection. In conclusion, this chapter emphasizes the key design components in developing a robust defense solution and provides recommendations for its implementation in protecting the next-generation mobile networks.