Mobile data charging: New attacks and countermeasures

Chunyi Peng*, Chi-Yu Li, Guan Hua Tu, Songwu Lu, Lixia Zhang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations

Abstract

3G/4G cellular networks adopt usage-based charging. Mobile users are billed based on the traffic volume when accessing data service. In this work, we assess both this metered accounting architecture and application-specific charging policies by operators from the security perspective. We have identified loopholes in both, and discovered two effective attacks exploiting the loopholes. The "tollfree-data-access-attack" enables the attacker to access any data service for free. The "stealth-spam-attack" incurs any large traffic volume to the victim, while the victim may not be even aware of such spam traffic. Our experiments on two operational 3G networks have confirmed the feasibility and simplicity of such attacks. We also propose defense remedies.

Original languageEnglish
Title of host publicationCCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages195-204
Number of pages10
DOIs
StatePublished - 26 Nov 2012
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States
Duration: 16 Oct 201218 Oct 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2012 ACM Conference on Computer and Communications Security, CCS 2012
CountryUnited States
CityRaleigh, NC
Period16/10/1218/10/12

Keywords

  • Accounting attacks
  • Cellular networks
  • Mobile data services

Fingerprint Dive into the research topics of 'Mobile data charging: New attacks and countermeasures'. Together they form a unique fingerprint.

  • Cite this

    Peng, C., Li, C-Y., Tu, G. H., Lu, S., & Zhang, L. (2012). Mobile data charging: New attacks and countermeasures. In CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 195-204). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2382196.2382220