Colloquium Details
Vulnerabilities and Opportunities in SMS-Capable Cellular Networks
| Author: | Patrick McDaniel Pennsylvania State University |
|---|---|
| Date: | May 17, 2007 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
| Host: | Jun Li |
Abstract
Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this talk, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing counter-measures that mitigate or eliminate the threats introduced by these attacks, and identify opportunities and requirements for the security infrastructure of the next generation cellular networks.
Biography
Patrick McDaniel is the Hartz Family Career Development Assistant Professor in the Computer Science and Engineering Department at the Pennsylvania State University, and co-director of the Systems and Internet Infrastructure Security Laboratory. He received his Ph.D. from the University of Michigan in 2001 where he studied the form, algorithmic limits, and enforcement of security policy. Prior to joining Penn State, Patrick was a senior technical staff Member of the Secure Systems Group at AT&T Labs-Research and Adjunct Professor of the Stern School of Business at New York University.
Patrick's recent research efforts have focused on telecommunications security, distributed systems security, network security, language- based security, and public policy and technical issues in digital media. Patrick is a past recipient of the NASA Kennedy Space Center fellowship, a frequent contributor to the IETF security standards, and has authored many papers and book chapters in various areas of systems security. He is the co-chair of the 2007 and 2008 IEEE Symposium on Security and Privacy, and served as the Program Chair of the 2005 USENIX Security Symposium, the Vice Chair for Security and Privacy for WWW 2005, and is the Chair of the Industry and Government Track at the 2005 and 2007 ACM Computer and Communications Security conference. Patrick is also an associate editor of the journal ACM Transactions on Internet Technologies and a guest editor of the IEEE Transactions on Software Engineering. Prior to pursuing his Ph.D. in 1996, Patrick was a software architect and program manager in the telecommunications industry.