Hi all, I am going to post some nice papers and docs about this issue.
If someone have more information about it ... please share it here :D.

1."Discovering Parameter Setting in 3G Networks via Active Measurements"
Authors: Antonio Barbuzzi, Fabio Ricciato, and Gennaro Boggia

Abstract:
The behavior and performance of a UMTS network
are governed by a number of parameter settings that are
configured by the network operator, e.g., timeouts. In this letter
we show that the actual value of such parameters can be inferred
by a conceptually simple set of end-to-end measurements, without
any cooperation with the network operator. In principle, such
information can be used by researchers to define realistic network
scenarios, e.g., for their simulations. Moreover, it can be used by
a malicious attacker to fine-tune a large scale attack against the
Radio Access Network, e.g., a paging attack.


W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"Securing a Wireless World"
Authors: HAO YANG, FABIO RICCIATO, SONGWU LU, AND LIXIA ZHANG

Abstract:
Securing wireless networks poses unique research challenges. In
this paper, we survey the state-of-the-art approaches to providing
security for three popular wireless networking paradigms, namely,
IEEE 802.11 based WLANs, third-generation cellular networks,
and mobile ad hoc networks. We identify the security threats
as well as examine the current solutions. We further summarize
lessons learned, discuss open issues, and identify future research
directions.

W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"On Attack Causality in Internet-Connected Cellular Networks"
Authors: Patrick Traynor, Patrick McDaniel and Thomas La Porta

Abstract
The emergence of connections between telecommunications
networks and the Internet creates significant avenues
for exploitation. For example, through the use
of small volumes of targeted traffic, researchers have
demonstrated a number of attacks capable of denying
service to users in major metropolitan areas. While such
investigations have explored the impact of specific vulnerabilities,
they neglect to address a larger issue - how
the architecture of cellular networks makes these systems
susceptible to denial of service attacks. As we show in
this paper, these problems have little to do with a mismatch
of available bandwidth. Instead, they are the result
of the pairing of two networks built on fundamentally
opposing design philosophies. We support this a
claim by presenting two new attacks on cellular data services.
These attacks are capable of preventing the use
of high-bandwidth cellular data services throughout an
area the size of Manhattan with less than 200Kbps of malicious
traffic. We then examine the characteristics common
to these and previous attacks as a means of explaining
why such vulnerabilites are artifacts of design rigidity.
Specifically, we show that the shoehorning of data
communications protocols onto a network rigorously optimized
for the delivery of voice causes that network to
fail under modest loads.


W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks"

Authors:
Patrick Traynor, Student Member, IEEE, William Enck, Student Member, IEEE,
Patrick McDaniel, Senior Member, IEEE, and Thomas La Porta, Fellow, IEEE

Abstract:
—The transformation of telecommunications networks
from homogeneous closed systems providing only voice services
to Internet-connected open networks that provide voice and data
services presents significant security challenges. For example,
recent research illustrated that a carefully crafted DoS attack
via text messaging could incapacitate all voice communications
in a metropolitan area with little more than a cable modem.
This attack highlights a growing threat to these systems; namely,
cellular networks are increasingly exposed to adversaries both
in and outside the network. In this paper, we use a combination
of modeling and simulation to demonstrate the feasibility of
targeted text messaging attacks. Under realistic network conditions,
we show that adversaries can achieve blocking rates of
more than 70% with only limited resources. We then develop
and characterize five techniques from within two broad classes of
countermeasures—queue management and resource provisioning.
Our analysis demonstrates that these techniques can eliminate or
extensively mitigate even the most intense targeted text messaging
attacks. We conclude by considering the tradeoffs inherent to the
application of these techniques in current and next generation
telecommunications networks.


W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"Security Analysis of Handover Key Management in 4G LTE/SAE Network"

Authors:
Chan-Kyu Han Hyoung-Kee Choi

Abstract:
The goal of 3GPP Long Term Evolution/System Architecture Evolution (LTE/SAE) is to move mobile
cellular wireless technology into its fourth generation. One of the unique challenges of fourth-generation technology is
how to close a security gap through which a single compromised or malicious device can jeopardize an entire mobile
network because of the open nature of these networks. To meet this challenge, handover key management in the
3GPP LTE/SAE has been designed to revoke any compromised key(s) and as a consequence isolate corrupted
network devices. This paper, however, identifies and details the vulnerability of this handover key management to
what are called desynchronization attacks; such attacks jeopardize secure communication between users and mobile
networks. Although periodic updates of the root key are an integral part of handover key management, our work here
emphasizes how essential these updates are to minimizing the effect of desynchronization attacks that, as of now,
cannot be effectively prevented. Our main contribution, however, is to explore how network operators can determine
for themselves an optimal interval for updates that minimizes the signaling load they impose while protecting the
security of user traffic. Our analytical and simulation studies demonstrate the impact of the key update interval on
such performance criteria as network topology and user mobility


W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"Exploiting Open Functionality in SMSCapable Cellular Networks"

Authors:
William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta

ABSTRACT
Cellular networks are a critical component of the economic and
social infrastructures in which we live. In addition to voice services,
these networks deliver alphanumeric text messages to the
vast majority of wireless subscribers. To encourage the expansion
of this new service, telecommunications companies offer connections
between their networks and the Internet. The ramifications
of such connections, however, have not been fully recognized. In
this paper, we evaluate the security impact of the SMS interface
on the availability of the cellular phone network. Specifically, we
demonstrate the ability to deny voice service to cities the size of
Washington D.C. and Manhattan with little more than a cable modem.
Moreover, attacks targeting the entire United States are feasible
with resources available to medium-sized zombie networks.
This analysis begins with an exploration of the structure of cellular
networks. We then characterize network behavior and explore
a number of reconnaissance techniques aimed at effectively targeting
attacks on these systems. We conclude by discussing countermeasures
that mitigate or eliminate the threats introduced by these
attacks.


W//

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

Unwanted Traffic in 3G Networks
Author: Fabio Ricciato

ABSTRACT:
The presence of “unwanted" (or background) traffic in the
Internet is a well-known fact. In principle any network
that has been engineered without taking its presence into
account might experience troubles during periods of massive
exposure to unwanted traffic, e.g. during large-scale
infections. A concrete example was provided by the spreading
of Code-Red-II in 2001, which caused several routers
crashes worldwide. Similar events might take place in 3G
networks as well, with further potential complications arising
from their high functional complexity and the scarcity
of radio resources. For example, under certain hypothetical
network con_guration settings unwanted tra_c, and specifically
scanning tra_c from infected Mobile Stations, can
cause large-scale wastage of logical resources, and in extreme
cases even starvation. Unwanted traffic is present nowdays
also in GPRS/UMTS, mainly due to the widespread use of
3G connect cards for laptops. We urge the research community
and network operators to consider the issue of 3G
robustness to unwanted traffic as a prominent research area


W

"Detection and Reaction against DDoS Attacks in Cellular Networks"
Authors: Slim REKHIS, Alaaedine CHOUCHANE, and Noureddine BOUDRIGA

Abstract:
The scarcity of resources in wireless
communications and the experience of attackers in conducting
Denial of Service (DoS) and Distributed DoS attacks in Internet
make detection and reaction against these attacks in cellular
networks, particularly in the 2.5G and 3G cases, a challenging
issue to address. CODERA (COoperative DEtection and Reaction
Architecture) is our proposed architecture that aims to detect
and react against DDoS and save network’s availability to
legitimate users. This paper depicts CODERA’s components and
operations and analyzes its performance.



W.

PLEASE ADD REPUTATION ... IF YOU LIKE IT ;)

"Impact of Paging Channel Overloads or Attacks on a Cellular Network"

Authors: Jeremy Serror, Hui Zang, Jean C. Bolot

ABSTRACT
IP and cellular phone networks used to be isolated from each other.
In recent years however, the two networks have started to overlap
with the emergence of devices that access the Internet using cellular
infrastructures. One important question then, given this overlap,
is whether actions or threats on the Internet side can impact the
telecom or cellular side. We address this problem in the paper and
specifically consider threats on the paging channel, which is a key
conduit shared by both Internet and cellular traffic.
Our contributions are as follows: we illustrate through experiments
on a CDMA2000 cellular network that overloads or attacks
launched from the Internet can significantly increase the paging
load and increase the delay of paging messages, including cellular
call setup requests, which in turn could lead to non-completed
calls; we derive a simple but accurate queuing model for the paging
system in a CDMA2000 network and use this model to demonstrate
that the paging channel exhibits sharp rather than graceful
degradation under load; and through this model, we identify critical
parameters that impact paging performance. Although our study is
focused on CDMA2000 networks, we believe that similar problems
exist in other types of cellular networks that employ a single control
channel with limited bandwidth for both voice and data services.

Security In Wireless Cellular Networks Download Link:-http://www.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf