Testbed for Cellular Telecommunications Cyber Vulnerability Analysis

Cellular networks play an increasing role supporting critical government, including military and private information systems. Enhanced capability and ubiquity of mobile devices (i.e., smartphones) is resulting in increasing cyber exploit developments targeting the smartphone and growing concern of exploits targeting the cellular infrastructure. Telecommunication advances such as Long Term Evolution (LTE) and Internet Protocol (IP) Multimedia Subsystem (IMS) continue to move cellular communications to an all IP core. An all IP core is part of the move to Next Generation Network (NGN). However, the transition to NGN is expected to occur over time, and during the lengthy transition period multiple generations of telecommunication must coexist and interoperate. Legacy telecommunication equipment such as 3G cellular communications and the public switched telephone network (PSTN) must interoperate with modern telecommunication equipment such as 4G/LTE and IMS. Cellular telecommunications provide IP connectivity to external networks including the Internet. Thus, both legacy and NGN cellular telecommunications are vulnerable to the same classes of threats as other networked computer systems connected to the Internet, in addition to threats associated with their legacy systems. Cyber security analysis of these systems remains a significant challenge. Traditional techniques such as red-teaming, vulnerability assessments, and penetration testing are often unsatisfactory and limited in scope because of the lack of access to telecommunication infrastructure equipment. The consequence is that the effects of a cyber-attack on cellular telecommunications are often unknown.In order to provide greater cellular telecommunications security posture and insight to system providers, equipment manufacturers, and researchers, security analysis of these systems must occur. Performing experiments on telecommunication systems or on a telecommunication testbed is a key part of security analysi- . To overcome the problems with security analysis using expensive telecommunication hardware, Sandia National Laboratories has developed a cellular telecommunication cyber-security analysis testbed using physical hardware, extensive virtualization and emulated machines, and simulation to answer complex system questions about cellular systems and their interaction with legacy and NGN fixed systems. In this paper we will discuss the testbed development and components, several use-cases that were executed during the course of the study which leverage the testbed, the types of cyber-attacks that can be assessed, and the class of questions security analysts can now ask and answer about cyber-attacks against cellular systems. In the use-cases we used the testbed to assess the system-level impacts when published component-level vulnerabilities are exploited by a red team.