SlideShare a Scribd company logo

4G - Who is paying your cellular phone bill?

Priyanka Aash
Priyanka Aash

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in practice, but not all attack are understood and not all attack avenues using the IPX network have been explored. This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

Technology
1 of 44
Download to read offline
1 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs 4G - Who is paying your cellular phone bill?Silke Holtmanns Isha Singh Nokia Bell Labs
2 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Industrial Security Research?
3 Bell Labs •  Theoretical studies go into attack and countermeasure design •  Validation and awareness of our research by GSMA standards input and publication •  Customer feedback and test results allow us to fine-tune and optimize our countermeasures •  Research input will fit product needs and operators requests •  Operator needs can be discovered ”live” for new research challenges and disruptive new solutions Nokia Bell Labs – Future Attacks and Mitigation Research that solves real problems together with our customers and sometimes even competitors Lab Problem study / Threats/Attack Design Attack Testing Counter measures Validation and Awareness Customer Feedback Product Improvements Bell Labs Research Lifecycle
4 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs You connect What does actually happen?
5 Bell Labs Roaming Why should you care? Source: DefCon, National Geographics, Wikipedia You connected to AT&T, Verizon, T-Mobile, Sprint DefCon participants CMCC, Airtel, MegaFon, Telenor My colleagues, friends, family connected to DNA, Elisa, Telia
6 Bell Labs Connecting networks – The hidden private Internet The Interconnection Network (IPX)
7 Bell Labs I switch on my phone Las Vegas Antenna Core Network Carrier / IPX Carrier / IPX Core Network Authentication -> run to home network Checking subscriber
8 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs What is this secret network? Where does it come from?
9 Bell Labs <Change information classification in footer> © Nokia 2016 The good auld history 1981 – Nordic Operator Meeting Need to call my wife, she has birthday today. Stupid that I can not use my mobile. The sauna is not hot enough. Lets connect the networks. So you call me and I can heat up the sauna before you arrive. The beer is warm…. Should be longer in the fridge. Source: Kauppalehti.fi / Erja Lempinen
10 Bell Labs <Change information classification in footer> © Nokia 2016 Starting of practical discusions Cold beer would be nicer. Yeah we should connect the networks…..then you can put it before in the fridge in time. We would need a cable under the water of the baltic sea… Source: Kauppalehti.fi / Erja Lempinen
11 Bell Labs The technical details were worked out Some new protocol is needed for this. We don’t need security. It is a closed network just for us We could invite some other operators. Can you pass me another beer and the mustard? People will love it. Pizza delivery everywhere. I know someone in ITU who can help The networks are owned by the governments anyway. Source: Kauppalehti.fi / Erja Lempinen
12 Bell Labs •  Started with 5 Nordic operators and calls only about 35 years ago •  Now about 2000 companies connected to it -  Mobile operators -  Service providers (SMS aggregators, password recovery) -  Satelite communication providers etc •  Very inhomogenous operator structure •  Networks are a mix and match -  2G, 2.5G, 3G, 4G and now 5G -  Different hardware, protocols, products, releases -  Many services voice, SMS, MMS, IMS, data, VoIP •  Network evolved, but security awareness only recently started (2014) Evolutions of IPX SMS providers
13 Bell Labs SEP – Somebody Else Problem? Message for you…..
14 Bell Labs It is not only you that is ”reachable”
15 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Security?
16 Bell Labs Source: wired, the intercept, Verint skylock product description, vault.co, trace any mobile, bankinfosecurity, the hill Who would hack this network
17 Bell Labs Source: Security Week, The register, YouTube, wireless, wired, techworm Existing Attacks for the ”old” SS7 •  Location Tracking •  Eavesdropping •  Fraud •  Denial of Service user & network •  Credential theft •  Data session hijacking •  Unblocking stolen phone •  SMS interception •  One time password theft and account takeover for banks, Telegram, Facebook, Whatsapp, bitcoin wallet Most of the attacks today are still SS7 – but things change
18 Bell Labs How do attackers get in Rent a Service Kick in the door Hack via Internet Social Engineering Become an Operator Bribing and Employee
19 Bell Labs That is how they get in Well, of course there might be legitimate reason…maybe…. Some big Asian country
20 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs New protocol - New luck?
21 Bell Labs I switch on my phone Las Vegas Antenna Core Network Carrier / IPX Carrier / IPX Core Network Checking subscriber: ”Hey, does she have money, and what did he pay for” ”Make sure it is really her”
22 Bell Labs UE eNB MME HSS SGW PCRF PGW S9 Network used for testing of attack
23 Bell Labs
24 Bell Labs IPX S9 S9 Operator A Operator B Operator D Operator F Operators with connected S9 billing interface
25 Bell Labs S1 MME HSS SGW PGW PCRF Here You Are... eNB INTERNET S6a S5 S11 Gx Network Architecture (3G/4G)
26 Bell Labs
27 Bell Labs Visited - PCRF Home - PCRF S9 CCR CCA RAR RAA Credit Control Request -  Money? -  What kind of service? Re-Authentication Request -  All kind of control and information -  PCC management Normal incoming request for roaming (Fin in US)
28 Bell Labs •  Policy Charging Control -  Defines everything about your subsription -  Data type -  Data rates -  Whatever cellular service you can think off •  Defines how to handle you and what to grant you ”service flow filters” •  Usually identified by a string •  My own subscription is company paid and quite ”generous” -  Perfect target for an attacker What is a ”PCC”? Something you all have
29 Bell Labs Diameter Routing Issue – Two Possibilities how to route…..Hop-by-Hop Core Network Carrier / IPX Carrier / IPX Core Network Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 3 Attacker Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 2 Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 1 Answer Orig: US_NW Hop-by-hop ID: 3 Answer Orig: US_NW Hop-by-hop ID: 2 Answer Orig: US_NW Hop-by-hop ID: 1
30 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Attack 1.  Steal PCC of good subscription 2.  Update cheap subscription with PCC of good subscripion
31 Bell Labs V-PCRFH-PCRF S9 CCR CCA Credit Control Request -  I have a customer, lets do business Attacker Attack scenario against finnish operator – Request PCC via CCR Message Format: <CC-Request> ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Origin-Host } Diameter Edge Agent (DEA) { Origin-Realm } Used operator { Destination-Realm }
32 Bell Labs H-PCRFH-PCRF S9 RAR RAA Re-Authentication Request (RAR) -  IMSI Re-Authentication Answer (RAA) -  QoS-Rule-Install AVP Attacker Requesting PCC via RAR (posing as home network)
33 Bell Labs
34 Bell Labs
H-PCRFH-PCRF S9 RAR RAA Attacker Re-Authentication Request -  QoS-Rule-Install Answer does not matter Attack Scenario 1: Putting PCC via RAR (posing as home network)
36 Bell Labs H-PCRFV-PCRF S9 RAR RAA Re-Authentication Request (RAR) -  IMSI Re-Authentication Answer (RAA) -  QoS-Rule-Install AVP Attacker Attack Scenario 2: Putting PCC via RAR to outgoing roamer
37 Bell Labs
38 Bell Labs
39 Bell Labs Before and After
40 Bell Labs •  Attacker: -  Better services -  Shifting the costs – Letting somebody else pay the phone bill -  Re-selling ”opportunity” •  Users: -  Might be billed for services he has not used (in particular company subscriptions are at risk) •  Operators: -  Bill disputes (service desks) -  Loss of coporate customers -  Costs with partners that can not be charged to a user •  IPX carriers still want to see their money Impacts
41 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Countermeasures
42 Bell Labs Switch it off – build it from scratch?
43 Bell Labs •  S9 Interface -> use IPSec with trusted partners directly •  S9 only open on need basis •  Routing via origin realm, origin host •  IMSI range – operator match •  Check not to get messages from yourself •  Logical seperation of visitors and own subscribers •  Location distance •  Fingerprint partner •  Fingerprint ”flows” Countermeasures For Operators For “normal” Users •  Check your bill •  Keep an eye on the news •  Security and network protection is something that needs to be part of a Service Layer Agreement •  It is a quality indicator, similar to bandwith and coverage For “corporate” Users
44 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Thanks to EU SCOTT Project for funding part of this research Questions? Silke.Holtmanns@nokia.com

Recommended

Retail Phybridge PoLRE and CLEER
Retail Phybridge PoLRE and CLEERRetail Phybridge PoLRE and CLEER
Retail Phybridge PoLRE and CLEERJulian Kennedy
 
Rf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneRf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneAruba, a Hewlett Packard Enterprise company
 
WiMAX_CPE_VoIP
WiMAX_CPE_VoIPWiMAX_CPE_VoIP
WiMAX_CPE_VoIPArjun Nanjundappa
 
Air finder Supertag Webinar
Air finder Supertag WebinarAir finder Supertag Webinar
Air finder Supertag WebinarBrian Ray
 
Asset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of ThingsAsset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of ThingsBrian Ray
 
4 wireless pan, lan and man
4 wireless pan, lan and man4 wireless pan, lan and man
4 wireless pan, lan and manManigandan BE
 
2012 ah vegas rf troubleshooting
2012 ah vegas rf troubleshooting2012 ah vegas rf troubleshooting
2012 ah vegas rf troubleshootingAruba, a Hewlett Packard Enterprise company
 
11ac and client match for the awo ash chowdappa
11ac and client match for the awo ash chowdappa11ac and client match for the awo ash chowdappa
11ac and client match for the awo ash chowdappaAruba, a Hewlett Packard Enterprise company
 

Recommended

Retail Phybridge PoLRE and CLEER
Retail Phybridge PoLRE and CLEERRetail Phybridge PoLRE and CLEER
Retail Phybridge PoLRE and CLEERJulian Kennedy
 
Rf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneRf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneAruba, a Hewlett Packard Enterprise company
 
WiMAX_CPE_VoIP
WiMAX_CPE_VoIPWiMAX_CPE_VoIP
WiMAX_CPE_VoIPArjun Nanjundappa
 
Air finder Supertag Webinar
Air finder Supertag WebinarAir finder Supertag Webinar
Air finder Supertag WebinarBrian Ray
 
Asset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of ThingsAsset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of ThingsBrian Ray
 
4 wireless pan, lan and man
4 wireless pan, lan and man4 wireless pan, lan and man
4 wireless pan, lan and manManigandan BE
 
2012 ah vegas rf troubleshooting
2012 ah vegas rf troubleshooting2012 ah vegas rf troubleshooting
2012 ah vegas rf troubleshootingAruba, a Hewlett Packard Enterprise company
 
11ac and client match for the awo ash chowdappa
11ac and client match for the awo ash chowdappa11ac and client match for the awo ash chowdappa
11ac and client match for the awo ash chowdappaAruba, a Hewlett Packard Enterprise company
 
Overcoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small CellsOvercoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small CellsDavid Chambers
 
VOIP business model
VOIP business modelVOIP business model
VOIP business modelLatte Media
 
How to maximize benchmarking efficiency and deliver optimal customer experience
How to maximize benchmarking efficiency and deliver optimal customer experience How to maximize benchmarking efficiency and deliver optimal customer experience
How to maximize benchmarking efficiency and deliver optimal customer experience TEMS™ – now part of InfoVista (formerly Ascom Network Testing)
 
World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell" World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell" Ji Hun (Jay) Ko
 
Air heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAir heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAruba, a Hewlett Packard Enterprise company
 
VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)Vikas Shokeen
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Modelsguesta5f2fb
 
LoRaWAN vs Haystack
LoRaWAN vs HaystackLoRaWAN vs Haystack
LoRaWAN vs HaystackHaystack Technologies
 
Rumana Akther Id#072842056
Rumana Akther Id#072842056Rumana Akther Id#072842056
Rumana Akther Id#072842056mashiur
 
Mobile Devices and Wi-Fi
Mobile Devices and Wi-FiMobile Devices and Wi-Fi
Mobile Devices and Wi-FiAruba, a Hewlett Packard Enterprise company
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP PresentationMario B.
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHaystack Technologies
 
Simplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTESimplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTERobert Seymour
 
VOIP services
VOIP servicesVOIP services
VOIP servicesPankaj Saharan
 
2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs Plus2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs PlusMaureen Donovan
 
Jishan resume
Jishan resumeJishan resume
Jishan resumeMohd Jishan
 
volte ims network architecture
volte ims network architecturevolte ims network architecture
volte ims network architectureVikas Shokeen
 
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...IMTC
 
Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement Webinar Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement WebinarMaureen Donovan
 
Voip
VoipVoip
VoipAbd17m
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep DiveTelcoBridges Inc.
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep DiveAlan Percy
 

More Related Content

What's hot

Overcoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small CellsOvercoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small CellsDavid Chambers
 
VOIP business model
VOIP business modelVOIP business model
VOIP business modelLatte Media
 
World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell" World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell" Ji Hun (Jay) Ko
 
VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)Vikas Shokeen
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Modelsguesta5f2fb
 
Rumana Akther Id#072842056
Rumana Akther Id#072842056Rumana Akther Id#072842056
Rumana Akther Id#072842056mashiur
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP PresentationMario B.
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHaystack Technologies
 
Simplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTESimplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTERobert Seymour
 
2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs Plus2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs PlusMaureen Donovan
 
volte ims network architecture
volte ims network architecturevolte ims network architecture
volte ims network architectureVikas Shokeen
 
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...IMTC
 
Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement Webinar Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement WebinarMaureen Donovan
 

What's hot (20)

Overcoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small CellsOvercoming high deployment costs of synchronizing Enterprise Small Cells
Overcoming high deployment costs of synchronizing Enterprise Small Cells
 
VOIP business model
VOIP business modelVOIP business model
VOIP business model
 
How to maximize benchmarking efficiency and deliver optimal customer experience
How to maximize benchmarking efficiency and deliver optimal customer experience How to maximize benchmarking efficiency and deliver optimal customer experience
How to maximize benchmarking efficiency and deliver optimal customer experience
 
World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell" World's Smallest LTEeNB called "eIfCell"
World's Smallest LTEeNB called "eIfCell"
 
Air heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAir heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-ns
 
VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)VoWifi 02 - VoWifi architecture overview (pdf ppt)
VoWifi 02 - VoWifi architecture overview (pdf ppt)
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Models
 
LoRaWAN vs Haystack
LoRaWAN vs HaystackLoRaWAN vs Haystack
LoRaWAN vs Haystack
 
Rumana Akther Id#072842056
Rumana Akther Id#072842056Rumana Akther Id#072842056
Rumana Akther Id#072842056
 
Mobile Devices and Wi-Fi
Mobile Devices and Wi-FiMobile Devices and Wi-Fi
Mobile Devices and Wi-Fi
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP Presentation
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified Networking
 
Simplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTESimplifying IMS - IMS, VoLTE, RCS and LTE
Simplifying IMS - IMS, VoLTE, RCS and LTE
 
VOIP services
VOIP servicesVOIP services
VOIP services
 
2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs Plus2020 March BSN POTs and POTs Plus
2020 March BSN POTs and POTs Plus
 
Jishan resume
Jishan resumeJishan resume
Jishan resume
 
volte ims network architecture
volte ims network architecturevolte ims network architecture
volte ims network architecture
 
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
IMTC VoLTE Webinar - Voice over LTE: Industry, Standardization and Market Rea...
 
Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement Webinar Broad Sky POTs Replacement Webinar
Broad Sky POTs Replacement Webinar
 
Voip
VoipVoip
Voip
 

Similar to 4G - Who is paying your cellular phone bill?

ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep DiveAlan Percy
 
SITE_6_Release_Highlights.pdf
SITE_6_Release_Highlights.pdfSITE_6_Release_Highlights.pdf
SITE_6_Release_Highlights.pdfBirodhShrestha1
 
Choosing the Right Cabling System for Health care Environments
Choosing the Right Cabling System for Health care EnvironmentsChoosing the Right Cabling System for Health care Environments
Choosing the Right Cabling System for Health care EnvironmentsApollo Hospitals Group and ATNF
 
"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013Ryan Koop
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11Irsandi Hasan
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteCohesive Networks
 
Evolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseEvolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseAndy Odgers
 
Presentation - 5G Private & Dedicated Networks.pdf
Presentation - 5G Private & Dedicated Networks.pdfPresentation - 5G Private & Dedicated Networks.pdf
Presentation - 5G Private & Dedicated Networks.pdfAjay Gangakhedkar
 
Session bordercontrollers
Session bordercontrollersSession bordercontrollers
Session bordercontrollersAstri AndTi
 
CTS Presentation to CCNC on PIM and PS DAS
CTS Presentation to CCNC on PIM and PS DASCTS Presentation to CCNC on PIM and PS DAS
CTS Presentation to CCNC on PIM and PS DASSujeeva Ranasinghe, MBA
 
Link Labs LPWA Webinar
Link Labs LPWA WebinarLink Labs LPWA Webinar
Link Labs LPWA WebinarBrian Ray
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: CienaJisc
 
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529Stanley Tseng
 
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld
 
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco Canada
 
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and Telegraf
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and TelegrafHow to Monitor DOCSIS Devices Using SNMP, InfluxDB, and Telegraf
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and TelegrafInfluxData
 

Similar to 4G - Who is paying your cellular phone bill? (20)

ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
 
SITE_6_Release_Highlights.pdf
SITE_6_Release_Highlights.pdfSITE_6_Release_Highlights.pdf
SITE_6_Release_Highlights.pdf
 
Choosing the Right Cabling System for Health care Environments
Choosing the Right Cabling System for Health care EnvironmentsChoosing the Right Cabling System for Health care Environments
Choosing the Right Cabling System for Health care Environments
 
"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013
 
redes-2
redes-2redes-2
redes-2
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
 
Evolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseEvolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the Enterprise
 
Presentation - 5G Private & Dedicated Networks.pdf
Presentation - 5G Private & Dedicated Networks.pdfPresentation - 5G Private & Dedicated Networks.pdf
Presentation - 5G Private & Dedicated Networks.pdf
 
Session bordercontrollers
Session bordercontrollersSession bordercontrollers
Session bordercontrollers
 
CTS Presentation to CCNC on PIM and PS DAS
CTS Presentation to CCNC on PIM and PS DASCTS Presentation to CCNC on PIM and PS DAS
CTS Presentation to CCNC on PIM and PS DAS
 
Link Labs LPWA Webinar
Link Labs LPWA WebinarLink Labs LPWA Webinar
Link Labs LPWA Webinar
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: Ciena
 
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529
ITRI ICL LTE SmallCell & Multi-RAT G/W 技術介紹 20140529
 
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
 
Rohit_resume
Rohit_resumeRohit_resume
Rohit_resume
 
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
 
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and Telegraf
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and TelegrafHow to Monitor DOCSIS Devices Using SNMP, InfluxDB, and Telegraf
How to Monitor DOCSIS Devices Using SNMP, InfluxDB, and Telegraf
 
Ccna labs
Ccna labsCcna labs
Ccna labs
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

4G - Who is paying your cellular phone bill?

  • 1. 1 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs 4G - Who is paying your cellular phone bill?Silke Holtmanns Isha Singh Nokia Bell Labs
  • 2. 2 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Industrial Security Research?
  • 3. 3 Bell Labs •  Theoretical studies go into attack and countermeasure design •  Validation and awareness of our research by GSMA standards input and publication •  Customer feedback and test results allow us to fine-tune and optimize our countermeasures •  Research input will fit product needs and operators requests •  Operator needs can be discovered ”live” for new research challenges and disruptive new solutions Nokia Bell Labs – Future Attacks and Mitigation Research that solves real problems together with our customers and sometimes even competitors Lab Problem study / Threats/Attack Design Attack Testing Counter measures Validation and Awareness Customer Feedback Product Improvements Bell Labs Research Lifecycle
  • 4. 4 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs You connect What does actually happen?
  • 5. 5 Bell Labs Roaming Why should you care? Source: DefCon, National Geographics, Wikipedia You connected to AT&T, Verizon, T-Mobile, Sprint DefCon participants CMCC, Airtel, MegaFon, Telenor My colleagues, friends, family connected to DNA, Elisa, Telia
  • 6. 6 Bell Labs Connecting networks – The hidden private Internet The Interconnection Network (IPX)
  • 7. 7 Bell Labs I switch on my phone Las Vegas Antenna Core Network Carrier / IPX Carrier / IPX Core Network Authentication -> run to home network Checking subscriber
  • 8. 8 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs What is this secret network? Where does it come from?
  • 9. 9 Bell Labs <Change information classification in footer> © Nokia 2016 The good auld history 1981 – Nordic Operator Meeting Need to call my wife, she has birthday today. Stupid that I can not use my mobile. The sauna is not hot enough. Lets connect the networks. So you call me and I can heat up the sauna before you arrive. The beer is warm…. Should be longer in the fridge. Source: Kauppalehti.fi / Erja Lempinen
  • 10. 10 Bell Labs <Change information classification in footer> © Nokia 2016 Starting of practical discusions Cold beer would be nicer. Yeah we should connect the networks…..then you can put it before in the fridge in time. We would need a cable under the water of the baltic sea… Source: Kauppalehti.fi / Erja Lempinen
  • 11. 11 Bell Labs The technical details were worked out Some new protocol is needed for this. We don’t need security. It is a closed network just for us We could invite some other operators. Can you pass me another beer and the mustard? People will love it. Pizza delivery everywhere. I know someone in ITU who can help The networks are owned by the governments anyway. Source: Kauppalehti.fi / Erja Lempinen
  • 12. 12 Bell Labs •  Started with 5 Nordic operators and calls only about 35 years ago •  Now about 2000 companies connected to it -  Mobile operators -  Service providers (SMS aggregators, password recovery) -  Satelite communication providers etc •  Very inhomogenous operator structure •  Networks are a mix and match -  2G, 2.5G, 3G, 4G and now 5G -  Different hardware, protocols, products, releases -  Many services voice, SMS, MMS, IMS, data, VoIP •  Network evolved, but security awareness only recently started (2014) Evolutions of IPX SMS providers
  • 13. 13 Bell Labs SEP – Somebody Else Problem? Message for you…..
  • 14. 14 Bell Labs It is not only you that is ”reachable”
  • 15. 15 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Security?
  • 16. 16 Bell Labs Source: wired, the intercept, Verint skylock product description, vault.co, trace any mobile, bankinfosecurity, the hill Who would hack this network
  • 17. 17 Bell Labs Source: Security Week, The register, YouTube, wireless, wired, techworm Existing Attacks for the ”old” SS7 •  Location Tracking •  Eavesdropping •  Fraud •  Denial of Service user & network •  Credential theft •  Data session hijacking •  Unblocking stolen phone •  SMS interception •  One time password theft and account takeover for banks, Telegram, Facebook, Whatsapp, bitcoin wallet Most of the attacks today are still SS7 – but things change
  • 18. 18 Bell Labs How do attackers get in Rent a Service Kick in the door Hack via Internet Social Engineering Become an Operator Bribing and Employee
  • 19. 19 Bell Labs That is how they get in Well, of course there might be legitimate reason…maybe…. Some big Asian country
  • 20. 20 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs New protocol - New luck?
  • 21. 21 Bell Labs I switch on my phone Las Vegas Antenna Core Network Carrier / IPX Carrier / IPX Core Network Checking subscriber: ”Hey, does she have money, and what did he pay for” ”Make sure it is really her”
  • 24. 24 Bell Labs IPX S9 S9 Operator A Operator B Operator D Operator F Operators with connected S9 billing interface
  • 25. 25 Bell Labs S1 MME HSS SGW PGW PCRF Here You Are... eNB INTERNET S6a S5 S11 Gx Network Architecture (3G/4G)
  • 27. 27 Bell Labs Visited - PCRF Home - PCRF S9 CCR CCA RAR RAA Credit Control Request -  Money? -  What kind of service? Re-Authentication Request -  All kind of control and information -  PCC management Normal incoming request for roaming (Fin in US)
  • 28. 28 Bell Labs •  Policy Charging Control -  Defines everything about your subsription -  Data type -  Data rates -  Whatever cellular service you can think off •  Defines how to handle you and what to grant you ”service flow filters” •  Usually identified by a string •  My own subscription is company paid and quite ”generous” -  Perfect target for an attacker What is a ”PCC”? Something you all have
  • 29. 29 Bell Labs Diameter Routing Issue – Two Possibilities how to route…..Hop-by-Hop Core Network Carrier / IPX Carrier / IPX Core Network Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 3 Attacker Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 2 Request Orig: FakeFin Dest: US_NW Hop-by-hop ID: 1 Answer Orig: US_NW Hop-by-hop ID: 3 Answer Orig: US_NW Hop-by-hop ID: 2 Answer Orig: US_NW Hop-by-hop ID: 1
  • 30. 30 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Attack 1.  Steal PCC of good subscription 2.  Update cheap subscription with PCC of good subscripion
  • 31. 31 Bell Labs V-PCRFH-PCRF S9 CCR CCA Credit Control Request -  I have a customer, lets do business Attacker Attack scenario against finnish operator – Request PCC via CCR Message Format: <CC-Request> ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Origin-Host } Diameter Edge Agent (DEA) { Origin-Realm } Used operator { Destination-Realm }
  • 32. 32 Bell Labs H-PCRFH-PCRF S9 RAR RAA Re-Authentication Request (RAR) -  IMSI Re-Authentication Answer (RAA) -  QoS-Rule-Install AVP Attacker Requesting PCC via RAR (posing as home network)
  • 35. H-PCRFH-PCRF S9 RAR RAA Attacker Re-Authentication Request -  QoS-Rule-Install Answer does not matter Attack Scenario 1: Putting PCC via RAR (posing as home network)
  • 36. 36 Bell Labs H-PCRFV-PCRF S9 RAR RAA Re-Authentication Request (RAR) -  IMSI Re-Authentication Answer (RAA) -  QoS-Rule-Install AVP Attacker Attack Scenario 2: Putting PCC via RAR to outgoing roamer
  • 40. 40 Bell Labs •  Attacker: -  Better services -  Shifting the costs – Letting somebody else pay the phone bill -  Re-selling ”opportunity” •  Users: -  Might be billed for services he has not used (in particular company subscriptions are at risk) •  Operators: -  Bill disputes (service desks) -  Loss of coporate customers -  Costs with partners that can not be charged to a user •  IPX carriers still want to see their money Impacts
  • 41. 41 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Countermeasures
  • 42. 42 Bell Labs Switch it off – build it from scratch?
  • 43. 43 Bell Labs •  S9 Interface -> use IPSec with trusted partners directly •  S9 only open on need basis •  Routing via origin realm, origin host •  IMSI range – operator match •  Check not to get messages from yourself •  Logical seperation of visitors and own subscribers •  Location distance •  Fingerprint partner •  Fingerprint ”flows” Countermeasures For Operators For “normal” Users •  Check your bill •  Keep an eye on the news •  Security and network protection is something that needs to be part of a Service Layer Agreement •  It is a quality indicator, similar to bandwith and coverage For “corporate” Users
  • 44. 44 <Change information classification in footer> © Nokia 2016 Bell Labs Bell Labs Thanks to EU SCOTT Project for funding part of this research Questions? Silke.Holtmanns@nokia.com