In order to have full access of this Article, please email us on thedocumentco@hotmail.co.uk
Abstract
Telecommunication Mobile Network Security Issues, The exponential growth in utilisation of cell phones and advances in the world of technology raises concerns about the future of privacy and security issues due to advancement in the mobile technology. The increased popularity of smartphones and tablets has increased the consumption of mobile data network.
The exponential increase in mobile data usage poses risks such as network congestion and descent in network quality to mobile network operators (MNOs). In order to reduce the threat, mobile network operators are utilising key data offloading technologies such as the femtocell, to not only improve their network capacity but also to increase indoor cellular coverage. This paper will discuss the threat of increasing mobile network security issues due to advances in mobile technology.
This paper will discuss the security issues not only because of increase in cellular data usage, and evolution of mobile networks, but also the threats originating because of use of femtocell. The paper will discuss the fundamental security aspects of cellular systems; confidentiality, authenticity, availability, interception, fraud, Denial Of Service (DOS), channel jamming, unauthorized access, message forgery, hijacking, eavesdropping and integrity.
The goal of the study is twofold: first to investigate and expand in depth the security concerns surrounding telecommunication mobile network. Secondly, to research and identify security limitations of a femtocell network system and its architecture. Provide resourceful and mitigation methods to improve the network system. The aim of the study is to also analyse the strengths and weaknesses of different systems and to provide evaluation and solution to overcome the threats. The results of the research will be beneficial to user equipment (UE) and mobile network operators (MNOs).
Table of Contents:
1. Abstract
2. Introduction
a. Background
b. Aim
c. Objective
d. Problem Description
e. Thesis
f. Literature Review
g. Rationale
h. Scope and Constraints
i. Methodology
j. Secondary research
k. Primary research
l. Waterfall Model
m. Benefits of using Waterfall Methodology
3. Security issues related to mobile networks
a. Background on cellular networks
b. Vulnerabilities
c. Security technology
d. Related Work
4. Femtocell
a. What is Femtocell
b. Cellular networks and Femtocell
c. Femtocells’ security architecture
d. Security analysis of a Femtocell device
e. Security issues with Femtocell
f. Evaluation and solution of security issues with Femtocell
g. Proposed Security model
h. Evaluation of the Security Model
5. Conclusion
Introduction:
Mobile communication is now a vital part of our everyday life. Cell phones are now not only used for voice communication and sending text messages (SMS), they are now used to access the internet, competent enough to do what a typical PC is capable of.
Over the last few years, there’s been different generation of networks and they’ve become more proficient as the networks advances; First generation (1G) networks: First generation services provided basic voice service through the analog network. Second generation (2G) networks: second generation services provided voice and data service through a digital network was developed as replacement for 1G network.
The Later and modern networks, Third generation (3G) networks and the Fourth generation (4G) networks are described as global roaming, which empower users with its higher transmission rates.
Aim:
The aim of this research is to discuss the problems identified with the mobile cellular networks, by discussing not only the use of mobile cellular networks but also by analysing the steps taken by telecom industries to provide security. The aim is to discuss the challenges faced by companies in order to provide security, and to create a model that helps in overcoming those challenges and in providing security.
Objectives
• To research and investigate the security issues surrounding
• Telecommunication mobile network.
• Evaluate the security measures on a small base station (femtocell)
• Evaluate the competing technologies
• Establish the best methodologies to ensure the completion of the project
• Implement a test plan and devise a model to test the effectiveness of the chosen technology.
Problems Involved in the Mobile Networks:
The advances in the modern technology increase comfort on one hand, but at the same time also increase the threat of cyber-crimes. A cyber-attack on telecommunications operator can interrupt service for thousands of phone customers, disrupt internet connections, interfere with businesses and hinder government operations.
The threat of these attacks cannot be ignored, as the threat is not minor e.g. a study conducted by a division of the Department of US Homeland Security, reported approximately 190,000 cyber incidents involving not only private users but also US government agencies, critical infrastructure and the department’s industry partners. The study shows a 68% increase in cyber-crimes as compared to 2011.
The threat does not only come in the form of cyber-attacks in the form of disruption of the mobile networks. In addition with the evolution of telecom industry, telecom companies are also acting as large global operators, and are recreating themselves as technology companies. Companies are also creating mobile applications for use of VoIP calls and enabling data storage on cloud services. Mobility and cloud storage together create new frontiers of risks for operators and users that expose them to almost the same security risks as the tech companies.
A more alarming situation is that the same study shows only 45% of telecom companies have a mobile security strategy in place and only 38% utilise mobile device management software and only 36% protect corporate e-mail and calendaring on employee- and user-owned device. Despite the crucial need for implementation of security systems in mobile networks, a striking lack of security practices exist among telecom organisations, e.g. a study shows that only 34% of survey participants have created a secure mobile development app, and only 26% utilise firewall policies to protect data. Encryption of data is vital for security but only 27% of telecom respondents encrypt data in the mobile apps and just 30% use transport encryption.
Another problem that exists with telecom security and with the mobile cellular networks is the third party information sharing, including intellectual property (IP). Intellectual property can include sensitive data such as long term marketing plans, information about mergers and acquisitions, financial data and development documents etc. If this type of information is leaked companies can be targeted and their long-term economic goals or development goals might be under threat. Thus, Telecommunication Mobile Network Security Issues it is immensely important to protect IP, just like it is to take security measure to protect the other aspects. Despite the importance of IP a survey shows that only 18% of survey participants have procedures in place to protect IP, and only 17% accepted to classify the business value of data.
The problem does not only lie in the infrastructure of cellular networks, but the carelessness of users about security issues also increases the threat. Studies show that a small percentage of users attempt to use protection for cloud services, encryption, security system for transactions and so on. It is binding to take measures to keep fundamental security aspects of cellular systems i.e. confidentiality, authenticity, availability, interception, fraud, Denial of Service (DOS), channel jamming, unauthorized access, message forgery, hijacking, eavesdropping and integrity. Without preservation of these aspects security of everyone involved in the telecom industry, user or operator is compromised.
Thesis:
The security issues in the telecom industry need an immediate attention and require an action approach model to resolve the issue. The increasing security issues call for an advance approach to security. Thus, a combined approach that’s driven by knowledge and is based on solving the issues in the most effective way should be used to resolve these security issues. The approach can be based on four basic components: Security is now a business imperative, security threats are business risks, the most valuable information must be protected, and all activities and investments should be driven by comprehensive, current information about assets, Telecommunication Mobile Network Security Issues ecosystem threats, and vulnerabilities. The approach involved should not only include designing infrastructure that ensure maximum security but also knowledge campaigns for employees of telecom companies and for users, because despite the existence of an efficient infrastructure, if a user or employee is not aware of malicious viruses that can harm their devices and breach their security it will not be possible to provide an effective security system.
Literature Review
This study will look in depth into the security measures already in place for mobile networks and how efficient these securities are. Mobile networks are fast expanding into complex systems, which make them vulnerable to security attacks. Newly employed security features reduced the feasibility of technical fraud. However, as third generation and fourth generation cellular systems become major components of ubiquitous wireless communication, the security of cellular systems faces new challenges. Integration into packet switching networks (such as the Internet) will expose these systems to all kinds of attacks, Telecommunication Mobile Network Security Issues and will demand a higher level of security (Shin, Mishra, Arbaugh, & Ma). There are several factors to look at governing in a mobile environment but the three main factors are: hardware, system and application characteristics.
This article from a cisco report, gone are the days when spam blockers and antivirus software could help guard an easily defined network perimeter from most threats. Today’s networks go beyond traditional boundaries, and constantly evolve and spawn new attack vectors: mobile devices, web-enabled and mobile applications, hypervisors, social media, web browsers, home computers, and even vehicles. Point-in-time solutions can’t respond to the myriad technologies and strategies in use by malicious actors. This makes monitoring and managing information security even more difficult for security teams. (Cisco, 2014)
As mentioned earlier, the security issues in the telecom industry need an immediate attention and require an action approach model to resolve the issue. The increasing security issues call for an advance approach to security. Thus, a combined approach that’s driven by knowledge and is based on solving the issues in the most effective way should be used to resolve these security issues. The approach can be based on four basic components: Security is now a business imperative, security threats are business risks, the most valuable information must be protected, and all activities and investments should be driven by comprehensive, current information about assets, ecosystem threats, and vulnerabilities. The approach involved should not only include designing infrastructure that ensure maximum security but also knowledge campaigns for employees of telecom companies and for users, because despite the existence of an efficient infrastructure, if a user or employee is not aware of malicious viruses that can harm their devices and breach their security it will not be possible to provide an effective security system.
Femtocells are one of the infrastructures or cells created that maximise protection. A detailed description and functionality of femtocells will be provided in the next section. However, when it comes to demonstrating the vulnerability of a femtocell, an article from a report from the Berlin Institute of Technology shows a successful hack of a femtocell system, they successfully break into the femtocell security and they managed to run arbitrary code on the femtocell. They integrated the functionality to request session keys for connected phones. They conclude with a rather brief list of possible attacks against the femtocell and the core network with their compromised femtocell. (van den Broek & Schreur)
A report from a research states ‘’deployed femtocells already outnumber traditional 3G base stations globally, and their deployment is increasing rapidly. However, the security of these low-cost are inherently trusted, able to monitor and modify all communication passing through them, and with an ability to contact other femtocells through the VPN network.’’ (Borgaonkar, 2013). A study from the same researcher also states ‘’attacks specifically targeting end users are a major problem and almost impossible to mitigate by operators due to the nature of the current femtocell architecture. The only solution towards attacks against end-users would be to not treat the femtocell as a trusted device and rely on end-to-end encryption between the phone and the operator network. However, due to the nature of the 3G architecture and protocols and the large amount of required changes, it is probably not a practical solution’’. (Borgaonkar, 2013).
Rationale
This project is meant to identify the flaws and limitations in a mobile/cellular network system. It will provide evaluation and suggestion of security measure for a mobile network. The results from the research and analysis will be beneficial to user equipment (UE) and mobile network operators (MNO).
Scope and Constraints
The research and study of the project will be thorough and with the time frame given, the project will be completed within the time frame. However, due to the limited resources (software and devices) available at the university and the complexity of the data collection, it may prove difficult testing theories in practical.
Methodology
Secondary research
Majority of the research and analysis needed for the project would be done using the university’s library, and its IT resources such as ‘IEEE Explorer’ etc.
Primary research
Primary research: some of the data collected may require the use of OPNET computer software, which is available in the university’s IT suite.
Waterfall Model
There are different methodologies to choose from to complete this study, such as Agile, Waterfall model, etc.
The waterfall model is best suited for the research.
Diagram below is a representation of different phases of Waterfall model:
Benefits of using Waterfall Methodology
• ‘It provides phase-by-phase checkpoints for the project.
• It can be applied to an iterative approach’ (Charvat & Simplot, 2003)
• Waterfall model is easy to use.
• Each phase is managed and completed one at a time before moving on to the next phase.
• Waterfall model integrate better with smaller projects where requirements are adequately implied.
Note: All the work taken from primary or secondary sources have been cited in bibliography in the end.
Mobile Networks, Strengths, Drawbacks and Security Issues:
Security Issues with Mobile Networks according to the Government Accountability office U.S:
• Started from the basics threat by mobile networks and how it can be avoided. Password protection is the basic feature a customer can use to protect his device. However sometimes mobile devices do not have passwords enabled, or they lack passwords to authenticate users and control access to data stored on devices. With the innovation of technology and in the era of smart phones and tablets, devices have the technical capability to support passwords and some devices even include biometric reader to scan a fingerprint for authentication. However, according to some studies consumers barely utilize these mechanisms. In addition even if users employ passwords, they can easily be determined. With no passwords, or passwords that are easy to breakthrough, there is an increased risk of unauthorized access and misuse of the mobile devices. The increase risk of unauthorized access increases the risk of theft of important information leading to an increase in cyber-crime.
• With the advancement in telecommunication, and use of information technology in banking systems, financial transactions are also done using mobile devices. In order to protect the online transactions, two factor authentication system is being utilized. There are three types of two factor authentication:
o Something you know, such as a Personal Identification Number (PIN), password, or a pattern.
o Something you have, such as an ATM card, phone, or fob.
o Something you are, such as a biometric like a fingerprint or voice print.
However, the security problem that arises using the mobile networks for transaction is that consumers do not always use two-factor authentication. According to studies consumers generally use static password instead of two factor authentication for online transactions, specially done through mobile networks. Security provided by two factor authentication is better than the security provided by the static passwords. Although mobile devices can also be used for authentication schemes, i.e. codes sent via text, mobile passcodes, but there is a high probability that unauthorized users could gain access to sensitive information by breaking those codes. In addition, mobile networks can be hacked as well which increases the threat of theft.
• Encryption is necessary to protect all information sent through mobile networks and wireless transmissions. However wireless transmissions are not always encrypted. Sometimes information such as e-mails sent by a mobile device is not encrypted while in transit. Moreover, many applications do not encrypt data while transmission (sending and receiving), which makes it easy to intercept the data. If there is data transmission and application is using only http instead of secure http, then the data is exposed to be intercepted. Thus, when a wireless transmission is not encrypted data is not safe and can be easily intercepted.
• Another threat that mobile network consumers, or wireless technology users face is the treat from devices containing malware. Consumers might download applications that contain malware. It can be downloaded through any game, security patch, picture or anything disguised as a useful application. Users are usually not able to tell difference between a legitimate application and an application containing malware, because of lack of enough information technology knowledge. Data can easily be intercepted if a user downloads an application containing malware. Malware can break encryption of the information which can lead to data being intercepted by eavesdroppers.
o There are security applications and software for protection against malware but these applications and software can affect the performance of device. In addition those software and application are not built in and sometimes sometimes users are unaware of such software so they do not download them. If the security software is not installed, hackers or eavesdroppers can easily send malware and gain unauthorized access to devices. Moreover, if the systems in place are not effective, security can still be breached and information can be intercepted.
• Operating systems are not always up-to-date. Security fixes for mobile devices should always be updated on mobile devices in a timely manner. However sometimes it takes weeks or months before security updates are provided to the consumers’ devices. In addition depending on the nature of the vulnerability, the process of updating fixes may be complex and involve many parties. An example can be of development of updates by Google to fix security vulnerabilities in the Android OS. However, for a device specific update it is up to a device manufacturer to produce a device specific update incorporating a vulnerability fix. It can take time if there are copyrighted modifications to the device’s software. Moreover after development of an update, it is up to each carrier to test it and transmit the update to consumer’s device. In this process, carrier can also delay the update because it take carriers time to test whether the updates will interfere with other aspects of device or software installed on it.
o The problem with updates is not only that devices need to be updated in timely manner, some devices such as smart phones and tablets do not receive updates if they are 2 years or older. For example apple products cannot update to the latest software if they are 2-3 years old. Such devices face increased threat of security breach because they are not equipped to fight the latest or newly discovered vulnerabilities. In addition, if the softwares are not always up-to-date, threat of third party interference through third party applications i.e. browsers increase. Utilization of outdated softwares increase the threat that hackers may utilize the security vulnerabilities attached to outdated softwares.
• As mentioned earlier with the revolution in field of information technology, mobile devices play almost the same role as PCs. One of the features that mobile devices possess is that they can connect to any wireless internet connections. Many devices do not have the firewall to provide protection against unknown networks. A device uses communication ports to connect with other devices and the internet, while it is connected to a wide area network. Ports that connect the device to internet are not always secure; a hacker can access the mobile device through a port that is not secure. If a device has firewall, it protects these ports and allows users to choose the connections they want to allow into their mobile devices. However without a firewall, the mobile device might be open to intrusion through an unsecured communication port and a hacker may be able to obtain sensitive information on the unsecure device and misuse it.
• Another feature of mobile devices is modification in which a mobile device removes its limitations so consumers can add features. The process of modification is known as ‘jail breaking’ or ‘rooting’. Jail-breaking changes the security system of the device hence exposing it to risks. It changes the security system by permitting installation of unauthorized software functions and applications or to not be tied to particular wireless networks. Some users may jailbreak and install the applications to just install firewall for security but some just use it for the sake of downloading desirable applications. In the latter case, devices are exposed to a higher security threat, because the actual built in security provided by the manufacturer has been changed and thus the device have lower security against inadvertently malware. Moreover jail broken devices may not receive security or software updates from the manufacturer user might have to put in extra effort in order to maintain up-to-date software.
• Communication channels i.e. Bluetooth and location services are vital part of up to date telecommunication devices. Having these communication channels in discover mode allows other users to see them and can allow an attacker to send malware through that connection. In addition it can just let eavesdropper to activate a microphone or camera to eavesdrop on the user. Open communication channels are not an only issue; using unsecured wireless network spots can also allow hackers to connect to the device and view sensitive information.
• Man in the middle attack is a cyber-attack that is attacker secretly inserts himself between two connections and communication and possibly alters the communication between two parties who believe they are directly communicating with each other. Man is the middle attack is also known as eavesdropping, in eavesdropping an attacker intercepts the private communication, or insert him between a communications and makes it seem like two parties are talking to each other. If an attacker can reach the access point of a Wi-Fi network he can intercept information.
• According to studies conducted in 2014, use of smartphones and tablets by employees because majority of the applications have security holes just waiting to be exploited. For example, Snapchat has a flaw that can cause iPhones to crash and provide a gateway for denial of service attacks. These security threats are enough to make anybody feel threatened.( Don Reisinger, 2014)
Following are the suggestions of GAO to improve the security network:
• Enable user authentication
• Enable two-factor authentication for sensitive transactions
• Verify the authenticity of downloaded applications
• Install antimalware capability
• Install firewall
• Install security updates
• Remotely disable lost or stolen devices
• Enable encryption for data stored on device or memory card
• Enable whitelisting
• Establish a mobile device security policy
• Provide mobile device security training
• Establish a deployment plan
• Perform risk assessments
• Perform configuration control and management ((Cooney Michael, Network World 2012).
Reasons behind the Security Issues:
One of the reasons behind security issues faced by mobile networks can be summarised into this report present by Government Accountability Office (GAO) of United States.
“Mobile devices face an array of threats that take advantage of numerous vulnerabilities commonly found in such devices. These vulnerabilities can be the result of inadequate technical controls, but they can also result from the poor security practices of consumers. Private [companies] and relevant federal agencies have taken steps to improve the security of mobile devices, including making certain controls available for consumers to use if they wish and promulgating information about recommended mobile security practices. However, security controls are not always consistently implemented on mobile devices, and it is unclear whether consumers are aware of the importance of enabling security controls on their devices and adopting recommended practices.” (Cooney Michael, Network World 2012).
Femtocells:
Femtocells are new innovation in the world of telecommunication. The reason for evolution of femtocells is to improve the efficiency of femtocells. Since cell-phone signals are strongly reduced, when indoors, leading to poor quality calls. Femtocells function through mini base stations that are placed in users’ homes so that the users can directly connect to the cellular network through the femtocell instead of the outdoor macrocell, thereby improving the call quality. Femtocells are not only connected to the cellular mobile networks but also to the latest technologies i.e. 3G architecture, as well as the various interference issues that the femtocell connects to.
Telecommunications specially the field of wireless networks have seen tremendous growth in the last few years. With the increase traffic of wireless network users, cellular phones start to face issues such as poor signal strength and call quality while indoors. In addition Voice over IP (VoIP) applications have been a huge development. Customers can make free calls through the internet, using VoIP. In order to improve the quality of services provided to customers, and to ensure customer loyalty and satisfaction, telecommunication companies needed to come up with an efficient system that improves call quality and in areas of low signal strength, and to reduce VoIP as a competition and threat. The solution in place is the deployment of femtocells.
As mentioned earlier, femtocells are small base stations installed in homes. They are similar to small size routers and are installed in homes to reduce the load on the external macrocells. In order to utilise the features of a femtocell, user must have an internet broadband connection, and the user then must purchase a femtocell from a mobile operator and simply plug it to the connection.
While creating femtocells mobile operators have kept in mind that it should be a simple and a user friendly device. Similar to a Wi-Fi connection, femtocell will detect the mobile handset and vice versa, and a connection will be established. All calls made after that are through femtocell. Femtocells are tested by mobile operators around the world and are considered to be the technology that will revolutionise, cellular communications and telecom industry around the world. The slight difference between femtocells and Wi-Fi is that femtocells operate in the licensed spectrum, and mostly mobile operators, are allotted three, licensed 5MHz frequency bands. Femtocells are considered to be the most effective and efficient form of technology at the moment, but since they need to operate in certain bandwidths, there are bound to be interference issues.
Some of the benefits and concerns related to femtocells are listed below:
Benefits of Femtocell
• Femtocells do not require the use of special dual mode handsets. Every mobile phone can use femtocells.
• Femtocells save the battery compared with dual mode handsets where GSM/UMTS and Wi-Fi interfaces have to coexist, largely increasing the battery consumption.
• With Femtocells, thanks to the handover with the outdoor network, users can smoothly use their mobile when they enter or leave their house.
• Femtocells have an indoor coverage that is between the range of 150-600 feet. The wide range allows the users to use a handset anywhere in the range, especially in the house without having to find a location that gives the clearest reception.
• With femtocells call quality and signal quality is automatically improved. Since femtocells are used as personalized towers provided by operators, there is no problem with the network when using femtocell.
• Compatibility of femtocells with VoIP.
• Operators are planning on incorporating other features such as Wi-Fi, cellular and DSL into femtocell to achieve maximum efficiency.
• Femtocells can increase efficiency of the existence systems i.e. 3G and cellular networks by providing them with better coverage.
• If adapted on a large scale i.e. if there are several users in an area who are using femtocells then the dependency on macro cells will be reduced and femtocells can be used as the small cells for coverage.
• It is quite popular that users are usually not happy with the reception that they receive indoors. Use of femtocell will solve that problem and increase customer satisfaction.
• Femtocells are essentially useful to carriers and consumers, for carriers there is data offload macro cells, lower data, expanded operator revenue, lower cost on backhaul and an increase in brand loyal customers. For users, they have better coverage and increased speed everywhere.
Concern related to femtocells:
• The major use of femtocells is to provide a quality network service without interference, but due to the limited ranges of connectivity sometimes there are problems with interference.
• Although companies are looking at how to solving issues of smooth transitioning of user equipment (UE) from a macrocell to femtocell or from a femtocell to femtocell, but the problem with lack of smooth transitioning is customers facing difficulties in connecting to the cell, and battery drain which searching for a frequency that can match.
• The issue of security is a major concern in the deployment of femtocells. As the femtocells are backhauled over infrastructure like the internet, Wi-Fi, that also serves as a backhaul for the femtocell gateway and the service provider core network, so there are major concerns relating to security of the femtocell. Compared to the backhaul that is controlled centrally in a macrocellular system, femtocells’ backhaul is third party entity and cannot be controlled by the user or operator. Thus it is difficult for an operator to provide the quality of service along with security.
The issue of security will be discussed later in the paper in the section “Security problems with femtocell”.
Infrastructure of Femtocells:
Femtocells come with the major benefits of used of the licensed spectrum and the use of carriers’ network along with the use of internet connection at home or office. The femtocell requires technology designs that could fix into the carefully planned networks of service providers.
A very brief overview of structure of femtocells and how it connects to different networks to function is given below:
Femtocells needs to be integrated into existing operator networks, in order to do that a subsystem has been added into existing technology and the subsystem is called Home Node B Subsystem (HNS). Femtocells share almost the same functionality as the functionality of 3G network, and connect to the same carrier back-end network. Contrary to the traditional telecommunication equipment, operators employ femtocells in environments that otherwise cannot be controlled by them. Therefore, operators introduced new network services to enforce security requirements and to allow operators to remotely control these devices.
Why are femtocells considered to also be an attempt to provide cellular network security? One of the reasons is that the security gateway component of the femtocell enables it to communicate with the operator or carries in a secure way over an untrusted broadband network that uses a separate link-encryption layer to prevent eavesdropping or traffic modification. There is a standard operation that a carrier or operator need to use in order to even remotely control a femtocell. They need to adapt the operation, administration, maintenance and provisioning server as a part of their management system. Operators act as the central management entity within the network. Major components of femtocells are defined by 3GPP, but the implementation details are left to vendors and may differ among different operator networks.
Femtocell is effectively trusted similar to a normal base station. While there is a link-layer encryption between the mobile devices and the femtocell, and between the femtocell and the carrier’s network, but there is no confidentiality or integrity agreement between the consumer and the carrier.
This picture below gives a brief over-view of functioning of a femtocell
Image taken from following source.
Femto Forum Website, http://www.femtoforum.org (Accessed April 10, 2015).
Evaluation:
Studies on femtocells mostly conclude that the ability of the femtocells to offload data and video traffics will depend on how efficient and reliable a femtocell is. Femtocell is not just a micro cell or a small range device, or a high capacity and greatly efficient device, but it’s a revolution in the area of telecommunication. It has been designed after considering the generation of existing technologies and how this new technology will interact with the existing cellular networks easily at all the network layer. As mentioned earlier, it performs tasks like interference management handoffs, authentication and sometimes billing functions. In order for a device to perform all these tasks it needed to be standardized, and research and development along with acceptance of the growing radio access technologies.
As mentioned earlier in this paper, some of the issues that will be discussed regarding femtocells in this paper are security problems with femtocells, how those issues can be resolved coupled with the issues of other cellular technologies.
Security problems with femtocells are discussed in details below:
Security Problems with Femtocells:
Femtocells use copyrighted security, employing firewalls that sit between callers and carriers. However, critics have pointed out that anyone in range of someone else’s femtocell can use that connection. However, manufacturers’ claim that other users would have to be inside a house or indoor where femtocell is placed. Moreover, owner can choose to restrict access to the service up to a limited numbers. However, it is still to be seen if carriers will make their femtocell devices accessible to other customer by default or not. (Sutherland Ed, 2009).
If the infrastructure of femtocell is studied it is same as regular base stations, thus it faces the same security threats as the normal base stations. Actually if it is studied in more detail is it more exposed to threats because attackers will find it easy to attack a small inexpensive device than a large network base. The small size, material quality, low cost components and the IP interface of femtocells make it more suited for malicious attacks and tampering then a more expensive business grade node station.
Some of the attack threat that femtocells can face are discussed below.
• Denial Of Service (DOS)
o Denial of service (DOS) is an attack which aims to target the availability of a certain node of even disability of the entire network. DOS attacks are usually done by exhausting the processing power of the target and make the services unavailable. How it happens is that DOS attacks flood some kind of traffic to the target. How DOS attacks can easily target femtocells, is that these attacks depend on the disturbed nature of services. As mentioned earlier, femtocells might face interference; moreover, their battery life might be low because they are small cells that are placed at home. Thus, because of interference prone nature, attackers can use the battery exhaustion and radio jamming method to conduct the DOS attacks.In femtocells DOS attacks might actually be worse than attacks of larger base stations because femtocells require internet connection to function, and in turn they are connected to the IP of the service providers, that can lead for an attacker to gain access of not only user’s confidential information but also operators’ information. These attacks are on core networks of the operator and the device and can lead to two malicious attacks discussed below.
• Impersonation
o Impersonation attacks are also a serious threat to security of mobile networks. Femtocells are also vulnerable to the threat of impersonation attacks mainly because of the interference issues, as the nodes can easily be captured, and with interference problems attackers can insert themselves in conversations and gain access to confidential information.
• Eavesdropping
o Eavesdropping is essentially the same as impersonation because impersonation can gain unauthorized access to the network or communication, and eavesdropper can intercept the confidential information that they should not have access to.
• Channel Jamming
o Channel jamming can be done through hacking the nodes by sending traffic to the cells and jamming them. Since the cells are extremely small and run on battery it is easy to jam the softwares by targeting on exhausting the hardware and battery.
• Unauthorized Access
o Since femtocells support both open and closed usage. In some situations neighbors might also be allowed to connect to them. If they are connected then the access control list cannot really be managed, leading to the question of authentication and problem of shared ownership. In that case eavesdroppers can easily attack and intercept information.
• Message Forgery
o As mentioned earlier femtocells work using the same infrastructure as other cellular networks such as 3G, LTE etc, thus they face the same threat as the other networks. Thus a malicious virus can be sent to a femtocell and conversations can be intercepted for message forgery.
• Hijacking
o Hackers can intercept the conversations by identifying and hacking the nodes and hijack information and server.
• Hacking
o Although when the technology is designed it is presented to be very secure but an attack on a femtocell network by Hacker’s choice on the Vodafone access gateway; with a claim that more attacks will be published shows the threat of security with employment of femtocells.
• Femtocells need securing and mutual authentication between the device and the serving network, secure storage, secure network access, and secure…
Recent Comments