KNOW THE UNKNOWN ® NIKSUN Inc., CONFIDENTIAL This document and the confidential information it contains shall be distributed, routed or made available solely to persons having a written obligation to maintain its confidentiality. The Art of Cybersecurity (on a 5G canvas) Darryle Merlette, CISSP Executive Director – Security Solutions, NIKSUN Inc. IEEE 5G Summit May 26, 2015
36
Embed
The Art of Cybersecurity (on a 5G canvas)5gsummit.org/docs/slides/Darryle-Merlette-5GSummit-Princeton... · Hackers and Painters NIKSUN Confidential – Restricted Access See Title
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
KNOW THE
UNKNOWN®
NIKSUN Inc., CONFIDENTIAL This document and the confidential information it contains shall be distributed, routed or made available solely to persons having a written obligation to maintain
its confidentiality.
The Art of Cybersecurity (on a 5G canvas) Darryle Merlette, CISSP
Executive Director – Security Solutions, NIKSUN Inc. IEEE 5G Summit
May 26, 2015
Hackers and Painters
Slide 2 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
What hackers and painters have in common is that they're both makers. Along with composers, architects, and writers, what hackers and painters are trying to do is make good things.
-- Paul Graham (Hackers and Painters)
Evolution
Slide 3 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
1G (analog) All band radio receiver to eavesdrop
Clone phones to steal airtime
2G/3G GSM hack using IMSI catcher to impersonate tower (2G)
Noise generator and amplifier to knock 3G network offline, then downgrade to 2G.
3G/4G/5G
All the vulnerabilities of IP networks…
85% of all internet traffic is WWW Promise of WWWW will likely cause increase
Eavesdropping, Cloning, Spoofing…and IP
NIKSUN Inc., CONFIDENTIAL. INTERNAL USE ONLY. See confidentiality restrictions on title page
Slide 4
Monthly global mobile data traffic will surpass 15 Exabytes by 2018.
The number of mobile-connected devices exceeds the world’s population.
The average mobile connection speed will surpass 2 Mbps by 2016.
Due to increased usage on smartphones, smartphones will reach 66 percent of mobile data traffic by 2018.
Monthly mobile tablet traffic will surpass 2.5 Exabytes per month by 2018.
4G traffic will be more than half of the total mobile traffic by 2018.
More Mobile Phones than people on Earth
Source: Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013–2018
NIKSUN Inc., CONFIDENTIAL - INTERNAL USE ONLY. See confidentiality restrictions on title page. Slide 5
Proliferation of Apps and Devices
NIKSUN, Inc. CONFIDENTIAL -- See confidentiality restrictions on title page. Slide 6
Convergent & Rich Virtual & SAS Games and Apps
Portable & Capable Rich Multimedia Chats
ANYWHERE ANYTIME REAL-TIME
DYNAMIC INTERACTIVE
Many traditional web-based malware also affect mobile devices
Wirelurker and Masque (iOS) Creates trojaned versions of apps for binary file replacement
If same bundle identifier is used, can replace apps installed through App Store (but not preinstalled apps)
Roughly 25% of all Google Play apps are clones (Columbia University)
Mobile Malware and Attacks
NIKSUN Inc., CONFIDENTIAL. INTERNAL USE ONLY. See confidentiality restrictions on title page
Slide 7
Slide 8 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
The Internet of Things
Slide 9 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
Shodan – Search Engine for IoT
Slide 10 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
Shodan – Default password device search
Slide 11 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
Shodan – SCADA search
Slide 12 NIKSUN Confidential – Restricted Access See Title Page for Restrictions
Shodan – IP Address search
Two Broad Categories
Signature Detection Specific patterns in packets
Similar to anti-virus paradigm
Must be periodically updated
Vulnerable to evasion and new attacks
Anomaly Detection Deviations from statistical/behavioral norms
Can either “learn” or “be told” what is “normal”
Can often detect new attacks
Network Detection
NIKSUN Inc., CONFIDENTIAL. INTERNAL USE ONLY. See confidentiality restrictions on title page
Slide 13
3G/4G/LTE Monitoring Points
Slide 14
S11
S1-U
SGi
eNB
Internet
CSBC
PSTN
MGW
External
IP
Networks
Mb
P-CSCF
S-CSCF
MRFP
MRFC
Mp
Mw
Mw
S1-MME
Other Types of Signaling
GTP-U [incl. RTP+SIP]
GTP-C /GRE
NIKSUN Interfaces
SIP Signaling
Diameter Signaling
EGCP
RTP
SGI
S1-MME
Firewall
User Data
HSS
SGW
S6a
S5/S8 PGW
MME
Trusted
None 3gpp
IP access
S2a ePDG
S2b
Untrusted
None 3gpp IP
access
S10
SGSN
S6d S3
3GPP AAA
Server
S6b
S4
PCRF/PCEF
OCS
Gy
IMS Charging
Unit
UTRAN
Rf
Cx/Dx
Gm
S16
Gx
GERAN
eNB
I-CSCF
NIKSUN Inc., CONFIDENTIAL - INTERNAL USE ONLY. See confidentiality restrictions on title page. Slide 14