DOI QR코드

DOI QR Code

Study on the Femtocell Vulnerability Analysis Using Threat Modeling

위협 모델링 기법을 이용한 펨토셀 취약점 분석에 대한 연구

  • 김재기 (고려대학교 정보보호대학원 정보보호학과) ;
  • 신정훈 (국방과학연구소) ;
  • 김승주 (고려대학교 사이버국방학과/정보보호대학원)
  • Received : 2016.06.15
  • Accepted : 2016.07.26
  • Published : 2016.08.31

Abstract

Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

최근 스마트폰 사용의 증가 및 사물인터넷 시대에 다양한 기기들이 무선 통신을 지원한다. 이에 따라 기존 기지국의 포화 상태를 막기 위한 기술로 일종의 소형 기지국인 펨토셀(Femtocell)을 보급하고 있다. 그러나 해킹 기술의 발전에 따라 펨토셀의 본래 목적과는 다르게, 관리자 권한 획득과 같은 취약점들이 발견되고 이를 통하여 펨토셀 사용자에 대한 개인정보 노출과 같은 심각한 문제가 발생할 수 있다. 따라서 펨토셀에서 발생할 수 있는 보안위협을 식별하고 체계적인 취약점 분석을 위한 방안이 필요하다. 본 논문에서는 위협 모델링(Threat Modeling) 기법을 이용하여 펨토셀에 발생할 수 있는 보안위협을 분석하고 취약점 점검을 위한 체크리스트를 도출한다. 그리고 도출한 체크리스트를 이용하여 실제 취약점 분석을 한 결과를 다루어 펨토셀의 위협과 취약점에 대한 분석 및 사례 연구를 통해 펨토셀의 보안성을 향상시킬 수 있는 방안을 제안한다.

Keywords

References

  1. K. S. Lee, W. H. Seok, Y. K. Song (ETRI), "The Current Status and Prospect of the Femtocell Market," 2012.
  2. IT donga, "Jammed data traffic fixer, Femtocell," 2012 [Internet], http://it.donga.com/9540/.
  3. Borgaonkar, Ravishankar, Kevin Redon, and Jean-Pierre Seifert, "Security analysis of a femtocell device," Proceedings of the 4th International Conference on Security of Information and Networks, ACM, 2011.
  4. Alexey Osipov and Alexander Zaitsev, "ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN," Black Hat Las Vegas (2015).
  5. Shostack, Adam, "Threat modeling: Designing for security," John Wiley & Sons, 2014.
  6. Loren Kohnfelder and Praerit Garg, "The threats to our products," 1999 [Internet], https://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-components-postattachments/00-09-88-74-86/The-threats-to-our-products.docx.
  7. Microsoft, "The STRIDE Threat Model," 2005 [Internet], https://msdn.microsoft.com/en-us/library/ms954176.aspx.
  8. Carnegie Mellon University Software Engineering Institute, "Octave," 2001 [Internet], http://www.cert.org/resilience/products-services/octave/index.cfm.
  9. Schiffman Mike, et al., "The Common Vulnerability Scoring System," National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup (2004).
  10. Brenda Larcom and Eleanor Saitta, "Trike" [Internet], http://www.octotrike.org/.
  11. STANDARDS NEW ZEALNAD, "AS/NZS ISO 31000:2009," 2009 [Internet], http://shop.standards.co.nz/catalog/31000%3A2009%28AS%7CNZS+ISO%29/view.
  12. Tony UcedaVelez, Marco M. Morana. "Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis," John Wiley, 2015.
  13. Klockwork, "Threat Modeling for Secure Embedded Software," Security Innovation & Klockwork, White Paper, 2011.
  14. M. Deng, K. Wuyts et al., "A Privacy Threat Analysis Framework: Supporting the Elicitation and Fulfillment of Privacy Requirements," Journal of Requirements Engineering, Springer-Verlag, 2011.
  15. D. Parker, "Our Excessively Simplistic Information Security Model and How to Fix It," ISSA Journal, pp.12-21, July, 2010.
  16. Microsoft, "Evaluating Security Threats" [Internet], https://msdn.microsoft.com/en-us/library/ms172104(v=vs.80).aspx.
  17. DistriNet Research Group, "LINDDUN privacy threat modeling," 2014 [Internet], https://distrinet.cs.kuleuven.be/software/linddun/index.php.
  18. Deng, Mina et al. "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements," Requirements Engineering, Vol.16, No.1 pp.3-32, 2011. https://doi.org/10.1007/s00766-010-0115-7
  19. Klocwork, "Threat Modeling for Secure Embedded Software," 2014 [Internet], http://www.klocwork.com/getattachment/bb113ce3-8930-484c-9762-3cc4ef904975/Threat-Modeling-for-Secure-Embedded-Software?sitename=Klocwork.
  20. CISCO, "Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update 2014-2019 White Paper," 2015 [Internet], http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white_paper_c11-520862.html.
  21. I. S. Hwang, "Ultra-compact smart solutions led by evolution wireless network 'Femtocell'," NETWORK TIMES, 2011.07.
  22. GSM Association, "Security Issues in HNB Deployment," Technical report, July, 2008.
  23. 3GPP, "Security of Home Node B (HNB) / Home evolved Node B (HeNB)," 3GPP TS 33.320 v9.5.0, Mar., 2011.
  24. R. Rajavelsamy, Jicheol Lee, and Sungho Choi, "Towards security architecture for Home (evolved) NodeB: challenges, requirements, and solutions," in Security and Communication Networks, pp.471-481, April, 2011, John Wiley & Sons Ltd. https://doi.org/10.1002/sec.155
  25. Chan-Kyu Han, Hyoung-Kee Choi, and In-Hwan Kim, "Building Femtocell More Secure with Improved Proxy Signature," in Proceedings of Global Telecommunications Conference, GLOBECOM 2009. IEEE, November, 2009.
  26. Borgaonkar, Ravishankar, and Kevin Redon, "Femtocell Security," 2010.
  27. Borgaonkar, Ravishankar, Kevin Redon, and Jean-pierre Seifert, "Experimental Analysis of the Femtocell Location Verification Techniques," in Proceedings of the 15th Nordic Conference in Secure IT Systems, (NordSec. 2010.).
  28. Borgaonkar, Ravishankar, Nico Golde, and Kevin Redon, "Femtocells: a Poisonous Needle in the Operator's Hay Stack," Black Hat Las Vegas, 2011.
  29. Golde Nico, Kevin Redon, and Ravishankar Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications," NDSS, 2012.
  30. Faisal Bin Ubaid and Adil Yasin, "Brief Overview on Femtocell Architecture & its Threats," Journal of Information & Communication Technology, Vol.6, No.2, pp.27-32, Fall, 2012.
  31. Tom Ritter, Doug DePerry, and Andrew Rahimi, "I Can Hear You Now: Traffic Interception & Remote Mobile Phone Cloning," Black Hat Las Vegas, 2013.
  32. Alexey Osipov and Alexander Zaitsev, "ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN," Black Hat Las Vegas, 2015.
  33. Yuwei Zheng and Haoqi Shan, "Build a free cellular traffic capture tool with a vxworks based femoto," DEFCON, 2015.
  34. Netmanias, "LTE Network Architecture," 2011 [Internet], http://www.netmanias.com/ko/post/blog/5344/lte-nrm/ltenetwork-architecture-network-reference-model.
  35. Netmanias, "Network Architecture for LTE and Wi-Fi Interworking," 2012 [Internet], http://www.netmanias.com/ko/?m=view&id=techdocs&no=5537.
  36. Information and communications technology glossary, "HO Hand-Off, Handoff, Handover," 2011 [Internet], http://www.ktword.co.kr/abbr_view.php?m_temp1=770.
  37. Hansol Inticube, "IPLS" [Internet], https://www.hansolinticube.com/mobile/sub03_ipls.html.
  38. CRESTEL, "Crestel CGF - Charging Gateway Function -Overview," [Internet], http://www.crestel.in/cgf-charginggateway-function.html.
  39. Information and communications technology glossary, "IMS (IP Multimedia Subsystem)" [Internet], http://www.ktword.co.kr/abbr_view.php?m_temp1=3238.
  40. Daniel Miessler, "IoT Attack Surfaces," DEFCON, 2015.
  41. Common Vulnerabilities and Exposures, "CVE-2013-2270" [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2270.
  42. Brassil, Jack, et al., "Authenticating Location with Femtocells," submitted for publication, 2012.
  43. Arapinis, Myrto, et al., "New privacy issues in mobile telephony: fix and verification," Proceedings of the 2012 ACM Conference on Computer and Communications Security, ACM, 2012.
  44. The MITRE Corporation, "CAPEC CATEGORY: Software" [Internet], https://capec.mitre.org/data/definitions/513.html.
  45. The MITRE Corporation, "CAPEC CATEGORY: Hardware" [Internet], https://capec.mitre.org/data/definitions/515.html.
  46. OWASP, "OWASP Internet of Things Project" [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project.
  47. The MITRE Corporation, "CAPEC CATEGORY: Physical Security" [Internet], https://capec.mitre.org/data/definitions/514.html.
  48. OWASP, "OWASP Top Ten Cheat Sheet" [Internet], https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet.
  49. SANS, "CWE/SANS TOP 25 Most Dangerous Software Errors" [Internet], http://www.sans.org/top25-software-errors/.
  50. 3GPP, "Service requirements for Home Node B (HNB) and Home eNode B (HeNB) TS 22.220 v13.0.0," 2016.
  51. 3GPP, "Security of Home Node B (HNB) / Home evolved Node B (HeNB). Technical Speci cation, TS 33.320 v12.1.0," 2014.
  52. 3GPP, "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security of H(e)NB (Release 8), 3GPP TR 33.820 v8.3.0," 2009.
  53. 3GPP, "Architecture aspects of Home Node B (HNB) / Home enhanced Node B (HeNB) TR 23.830 v9.0.0," 2009.