Protecting IMS/UMA and IP Communications

The advent of any technology is when unscrupulous users see if they can take advantage of it. The first computer worms, viruses and spam are a few examples of how good technology was used by those with malicious intent to damage systems or steal data or money. The PC is 25 years old and there are more malicious attacks taking place now than ever.

One trend that seems to be certain is attackers generally go after critical mass.

In other words a new operating system with 0.5% market share is not a very enticing target. As more people use the new operating system hackers start to see an opportunity to do what they do best — hack.

So if you are following me so far and you have been reading the research indicating hundreds of millions of users will soon be on IMS networks do you see an opportunity for hackers to attack. I know I do and I am not alone as a recent conversation with Sipera Systems leads me to believe the company is quite serious about minimizing hacker attacks on IMS networks.

If you are thinking about rolling out IMS or UMA you need to realize there are many risks associated with the deployment. Specifically the low cost for a malicious user to become authenticated. In this case all it takes is a prepaid ISIM card which can be purchased for less than $20. For less than $30 you can buy an ISIM card reader. From there a hacker goes to and picks up the IPSec/IKEv2 Racoon2 module and Python/Pearl scripting tools. The next step is researching IMS/SIP/GPRS message formats at and then the hacker can script various flood, fuzzing and spoofing attacks. The hacker could set up multiple IPSec tunnels to various PDGs in the network or a across multiple GPRS sessions. Sipera tells me up to 10,000 messages per second of floods can be generated in this fashion and this would equal the traffic of 10 million users.

The company figures a hacker could wreak the above havoc for less than $50 and about ten days of work per attack. The damage to the service provider is not estimated by Sipera Systems but one would surmise it could easy balloon into the millions of dollars depending on how long it takes to respond and neutralize the attacker.

As you can imagine there are a number of vulnerabilities in an IMS system and Sipera has identified 20,000 of them falling into categories such as "flood" which has more than 60 types, "distributed flood" which comes in at 40+ and "misuse" which comes in at 19. In all there are 90 major classes of attacks.

Some of the more insidious attacks are stealth denial of service or DoS which could mean a constantly ringing phone or the hijacking of a handset to make phone calls which could not only rack up costs for subscribers but could reduce battery life.

Worst of all is the big brother of spam over internet protocol or SPIT. In this case it is spam over IMS which could become known as SPIM. In both cases callers receive voicemail spam as well as live call spam.

The problem with IMS security is the threat of application level attacks and Seshu Madhavapeddy, Sipera President and CEO thinks encryption and authentication are a start but you need sophisticated application-level security to keep subscribers really safe.

As you might imagine Sipera has a solution to these challenges in the form of their IPCS 510 and it is built to support 100,000 users and 10,000 simultaneous sessions. Expect the device to be ready this quarter. Contact the company for details.

If you are rolling out IMS/UMA or FMC, you must be at IMS Expo next week as the entire industry — the most important vendors will be there for you to see. If it isn’t at IMS expo it really doesn’t matter in IP Multimedia Subsystem. Come hear sessions like SIP’s Role in IMS, Security Issues in IMS, The Basics of IMS, Introduction to Fixed/Mobile Convergence and much more. Register now and we hope to see you in San Diego.

    Leave Your Comment


    Share via
    Copy link
    Powered by Social Snap