An Analysis of 3G Phone Security - PowerPoint by 6ju1Nl


									An Analysis of 3G Phone Security

                   Emily Maples & Evan Nakano
                                    CMPE 209
   3G Definition
   Purpose of 3G Security
   Types of 3G Security Attacks
   3G Security Vulnerability Points
   Types of Protection
   Business Implication
   Conclusions
3G Definition
   “Third generation of telecommunication hardware
    standards and general technology for mobile networking,
    superseding 2.5H”
   Based on the International Telecommunication Union
    (ITU) family of standards
   Offers data, voice, and video services over a wide-area
    wireless network
Purpose of 3G Security
   Initially, mobile operators only provided cellular voice
       Had limited security concerns
   With 3G mobile networks, mobile operators are offering
    data services
       Requires opening up once restricted networks to a wider
        range of networks
   3G mobile operators must now address an entirely new
    set of hazards
       Including viruses, Trojans, and denial of service attacks
Types of 3G Security Attacks
   Viruses
   Denial of service
   Overbilling
   Spoofed PDP context
   Signaling-level attacks which involve modification
3G Security Vulnerability Points
   The mobile equipment (ME) itself (i.e. personal
    computers, smart phones, etc)
   The wireless link between the ME and the cellular base
    station (BS)
   Interfaces to other mobile or data networks
Types of Protection
   Device and network anti-virus scanning
   Firewalls and VPNs
   Intrusion detection and prevention (IDP)
   Signaling firewalls
Business Implication
   Interrupted service
   Lost billable minutes
   Increased customer dissatisfaction
   Increase number of support calls
   Legal ramifications
   Security is a significant factor to a mobile network
    operator as well as the subscribers
   There will always be attackers that find new ways of
    compromising data being sent across the network
   As long as networks vulnerability points are well
    understood, software mechanisms can be employed to
    protect the network against possible threats

To top