Telecommunication Network Security

March 17, 2014 (at 9:30 a.m.)

This workshop explains telecommunication networks and their particular technologies with focus on 3GPP and its 4G telecommunication specifications. The technologies will be evaluated and analyzed concerning several security threats, focusing on protocols like GTP, S1AP and X2AP. Furthermore, methodologies and tools will be presented for attacking and testing the implementation of those networks. It is very important that providers implement proposed features properly and work out secure configurations. Otherwise this will result in security breaks in back- or front-end structures. Concepts and standards for mobile networks may have non-approved features like those of self-organizing systems. Surely, with new methods come new attack vectors. The here presented research is aimed on old and new methods and split up into several categories, including awareness of user equipment, an overview on mobile telecommunication networks, and theoretical and practical attacks against themselves and their interfaces. This includes potential attack vectors, information gathering and an analysis of component implementation and the overall architecture.


Network Architecture Overview

Security Risks and Attacks in 2G and 3G Networks

Security risks and attacks in 4G Networks

Control messages and procedures


Laptop; Virtualbox/Vmware installed. Administrator rights needed

Target Audience

In telecommunication interested people. Basic understanding of telecommunication will be helpful. Network and OS knowledge assumed.

Daniel Mende

Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.

Hendrik Schmidt

Hendrik Schmidt is a seasoned security researcher with vast experiences in large and complex enterprise networks. He is a pentester at the German based ERNW GmbH with focus on telecommunication networks. Over the years he evaluated and reviewed all kinds of network protocols and applications. He loves to play with complex technologies and networks and demonstrated several implementation and design flaws. In this context he learned how to play around with core and backhaul networks, wrote protocol fuzzers and spoofers for testing implementations and security architecture. As his profession of pentester, security researcher and consultant he will happily share his knowledge with the audience.