Threat model framework for the telco core network
Defensive solutions for the telecom core network need to prepare for more complex attack patterns. Through this talk, we anticipate to accelerate the ongoing efforts by presenting a common language of threat modeling framework. Since this is a work-in-progress, we seek feedback and critics on our ideas and approach from the telcosec community present at the Troopers conference. We strongly believe that “together, we can!”.
From age old SS7 vulnerabilities to recent MessageTap malware, the telecom core network seems to be undergoing severe scrutiny from an offensive security point of view. What was once considered to be a closed garden is now opening up slowly with the advent of open source tools and projects and with more security professionals tampering it. But not only defenders learn, attackers also evolve and we see more sophisticated attacks. Discussions around building defensive solutions to protect the core network arising from both current and future generations of technology. Unfortunately, defensive approaches are not yet perceived with the same prudence that of their offensive counterparts. We try to ignite more conversation around such debate through this talk.
We discuss about unifying threat modeling for telecom core networks. The existent knowledge sought from attacks on the core network is scattered across multiple message-flow diagram. Threat modeling frameworks from the IT world, e.g. MITRE ATT&CK, tends to be more focused on the underlying platform rather than the network, and poses as a hurdle to be used in the context of the core network. In this realm, we propose to rework the threat modeling framework to serve our purpose. We believe that a unified way of threat modeling would pave our way further in building defensive solutions.