GPRS Security Feature, Threats and Solution

What is GPRS?

General Packet Radio Service or well known as GPRS, is a packet-based wireless communication service. It provides a continuous connection to the Internet for mobile phone and computer users. The higher data rates allow users to have a chance in using video conference and to also access websites that has multimedia. GPRS is based on Global System for Mobile (GSM) communication. The second generation of GPRS (2G) has data rates from 56Kbps to 11Kbps. Through the years, the enhancement of 2G has produced the third generation of GPRS (3G). 3G means that it uses EDGE (Enhanced Data Rates for Global Evolution) which delivers up to 4 times the GPRS rate.

GPRS Security Features:

• Integrity - It is a security service that ensures that the data cannot be modified in an unauthorized manner.
• Confidentiality - It is the protection of data from disclosure to unauthorized third parties.
• Authentication - It provides assurance that a user in data communication is real; who or what they claim to be.
• Authorization - It is a security feature that ensures a user may only perform the actions that they are allowed to perform.
• Availability - It means that data services are usable by the appropriate users in the manner intended.

GPRS Threats:

Availability

- The most common type of attack on availability is Denial of Service (DoS) attack. Some of the types of DoS are:

• DNS (Domain Name System) Flood - DNS servers on the network can be flooded with either corrupted DNS queries or others traffic. Therefore by doing this, others users will not be able to locate the Gateway GPRS Support Node (GGSN) to use an external gateway.
• Border Gateway bandwidth saturation - A rogue operator that is connected to the same GPRS Roaming Exchange (GRX) may have the ability to generate enough amount of network traffic. It would then deny roaming access to or from the network.

Authentication and Authorization

- An imposter may appear to be a genuine user when they actually not. Some examples are:

• Overbilling Attacks - This attack is when a rogue mobile station hijacks an IP address of another mobile station and invokes a download from a rogue server on the Internet. The mobile station that was attacked, receiving the download would get charged for traffic that it did not request. The same rogue attacker could also execute this attack for the purpose of sending broadcasts of not requested data in the direction of the users' cell phones. This would then lead the user to be billed for data that they did not request and might not have wanted.
• Forged Update PDP Context Request - An attacker insert their own Serving GPRS Support Node (SGSN) into the Go Text Protocol (GTP) session and hijack the user's data connection.

Integrity and Confidentiality

• Capturing a users' data session - If an attacker can access to GTP or the DNS traffic, they can potentially discover confidential user's information. Without encryption, this data can be read or manipulated by unwanted parties.

GPRS Solutions:

• Ingress and Egress Packet Filtering - This will help prevent the Public Land Mobile Network (PLMN) from being used as source to attack the other roaming users. If the mobile operator is connected to more than on GRX, it will ensure that rouge attackers cannot arrive on paths where the other users are not connected.
• Overbilling Attack Prevention - Enable the GTP firewall to notify the network's firewall of an attack. The network's firewall would then be able to terminate the "hanging" session, thus cutting of unwanted traffic. Therefore, the GPRS users would not be overbilled.
• GTP Traffic Shaping - GTP rate limiting should be implemented to prevent the shared resources of bandwidth to be consumed or stolen by an attacker.

References:

http://netscreen.com/solutions/literature/white_papers/200074.pdf

http://mobileoffice.about.com/od/glossary/g/gprs.htm

http://searchmobilecomputing.techtarget.com/definition/GPRS