Abstract
This paper presents the Cellular Network Vulnerability Assessment Toolkit - CAT, designed for end-to-end vulnerability assessment of 3G networks. It is the first tool of its kind to model and represent 3G network vulnerabilities and attacks as attack graphs. CAT uses freely available 3G telecommunication specifications written in SDL, the standard Specification and Description Language to produce attack graphs. Attack graphs generated by CAT are unique due to their: (1) global representation of the network, (2) independence from physical deployments, and (3) depiction of the 3G attack graph model and cascading effects.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
K. Kotapati, P. Liu, Y. Sun, T. F. LaPorta, A Taxonomy of Cyber Attacks on 3G Networks, in Proc. IEEE Intl Conf. on Intelligence and Security Informatics (Extended Abstract), 2005. Lecture Notes in Computer Science, Vol. 3495, Springer-Verlag, 2005
Third Generation Partnership Projects (3GPP and 3GPP2), http://www.3gpp.org/
O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. M. Wing, Automated Generation and Analysis of Attack Graphs, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.273, May 12–15, 2002
3G TS 21.133 V3.1.0 (1999-12) 3G Security; Security Threats and Requirements version 3.1.0
3G TR 33.900 V1.2.0 (2000-01), A Guide to 3rd Generation Security
3G TS 33.120 V3.0.0 (1999-05) 3G Security; Security Principles and Objectives version 3.0.0
P. Howard, M. Walker, T. Wright, Towards a coherent approach to third generation system security, Second International Conference, 3G Mobile Communication Technologies, 2001. on (Conf. Publ. No. 477)
N. A. El-Fishway, M. A. Nofal, A. M. Tadros, An Improvement on Secure Communication in PCS, Performance, Computing, and Communications Conference, 2003. Conference Proceedings of the 2003 IEEE International, 9–11 April 2003
C. C. Lo and Y. J. Chen, Secure communication mechanisms for GSM networks, IEEE Transactions on Consumer Electronics, Vol. 45, No. 4, pp..
D. Welch, S. Lathrop, Wireless Security Threat Taxonomy, June 2003 IEEE Workshop on Information Assurance.
C. Clissmann, A. Patel, Security for mobile users of telecommunication services, Universal Personal Communications, 1994. Record., 1994 Third Annual International Conference on, 27 Sept.–1 Oct. 1994, Pages:350–353.
C. B. Brookson, Security in current systems, IEE Colloquium on Security in Networks (Digest No. 1995024), 3 Feb. 1995, Pages: 3/1–3/6.
C. J. Mitchell, Security techniques, in Proceedings of the IEE Electronics Division Colloquium on Security in Networks, London, February 1995, IEE (London) Digest No: 1995/024, pp. 2/1–2/6.
K. Boman, G. Horn, P. Howard, V. Niemi, UMTS security, Electronics & Communication Engineering Journal, Volume: 14, Issue:5, Oct. 2002, Pages: 191–204
L. P. Swiler, C. Philips and T. Gaylor, A Graph-Based Network Vulnerability Analysis System, SandiaReport, SAND97-3010/1, January 1998, Sandia National Laboratories, Albuquerque, New Mexico, U.S.A., 1998.
C. A. Phillips, L. P. Swiler, A Graph-Based System for Network-Vulnerability Analysis, Proceedings of the 1998 Workshop on New Security Paradigms (NSPW’98, Charlottsville, VA, USA), pp. 71–79, ACM Press
L. Swiler, C. Phillips, D. Ellis, S. Chakerian, Computer-Attack Graph Generation Tool, in Proceedings of the DARPA Information Survivability Conference and Exposition II, June 2001.
R.W. Ritchey and P. Ammann, Using model checking to analyze network vulnerabilities. In Proceedings 2000 IEEE Computer Society Symposium on Security and Privacy, pages 156–165, Oakland, CA, May 2000.
P. Ammann, D. Wijesekera, S. Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18–22, 2002, Washington, DC, USA
S. Jha, O. Sheyner, J. Wing, Two Formal Analys s of Attack Graphs, Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW’02), p.49, June 24–26, 2002
S. Jha, O. Sheyner, and J. M. Wing, Minimization and Reliability Analyses of Attack Graphs, CMU-CS-02-109, February 2002. Detailed version of paper to appear in Computer Security Foundations Workshop, Nova Scotia, June 2002.
O. Sheyner and J. Wing, Tools for Generating and Analyzing Attack Graphs, Proceedings of Formal Methods for Components and Objects, Lecture Notes in Computer Science, 2005.
B. Schneier, Attack graphs, Dr. Dobb’s Journal, pp. 21–29, December 1999
J. Ellsberger, D. Hogrefe, A. Sarma, SDL, Formal Object-oriented Language for Communicating Systems, Prentice Hall, 1997, ISBN 0-13-621384-7, 312 pp.
3GPP TS-23.018 (v3.4.0) Basic Call Handling-Technical realisation, April 99
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Kotapati, K., Liu, P., LaPorta, T.F. (2006). CAT — A Practical Graph & SDL Based Toolkit for Vulnerability Assessment of 3G Networks. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_14
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)