CN110995704A - Hidden DoS attack method and system based on brute force cracking - Google Patents

Hidden DoS attack method and system based on brute force cracking Download PDF

Info

Publication number
CN110995704A
CN110995704A CN201911220499.6A CN201911220499A CN110995704A CN 110995704 A CN110995704 A CN 110995704A CN 201911220499 A CN201911220499 A CN 201911220499A CN 110995704 A CN110995704 A CN 110995704A
Authority
CN
China
Prior art keywords
target user
user
target
international mobile
mobile subscriber
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911220499.6A
Other languages
Chinese (zh)
Inventor
谭钦红
吴晓龙
陈发堂
王华华
王丹
郑焕平
杨黎明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201911220499.6A priority Critical patent/CN110995704A/en
Publication of CN110995704A publication Critical patent/CN110995704A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W68/00User notification, e.g. alerting and paging, for incoming communication, change of service or the like

Abstract

The invention belongs to the technical field of mobile communication safety, and relates to a hidden DoS attack method and a system based on brute force cracking, wherein the method comprises the steps of obtaining user information, and obtaining the international mobile subscriber identity range of a target user according to the user information; a malicious base station is used for constructing a fake page, and the range of the international mobile subscriber identity of a target subscriber is narrowed; replacing the temporary mobile user identification code of the user, constructing a fake page, and determining the international mobile user identification code of the user; the malicious base station injects a forged paging message at the paging occasion of the target user, wherein the forged paging message comprises an international mobile subscriber identity of the target user; when the target user is separated from the network, the target user initiates the ATTACH request again; the novel hidden DoS attack disclosed by the invention uses plaintext information which is transmitted in an air interface and does not relate to information after encryption, so that the existing LTE network cannot adopt effective measures to resist the attack and operators and users cannot perceive the attack.

Description

Hidden DoS attack method and system based on brute force cracking
Technical Field
The invention belongs to the technical field of mobile communication security, and particularly relates to a hidden DoS attack method and system based on brute force cracking.
Background
In recent years, 4G has been vigorously developed globally, and the number of 4G users has now reached an unprecedented scale. According to Gartner's data, the use of LTE devices will reach 260 billion stations by 2020. Therefore, any impact on the security of the LTE system will have a serious impact on a large number of devices that rely on the LTE system. In this context, we are also facing more and more serious safety issues.
International Mobile Subscriber Identity (IMSI) is a number that is internationally assigned to uniquely identify a mobile subscriber. The IMSI is represented by a 15-digit binary coded decimal number, of which 15 digits the first 3 digits represent the mobile device country area code (MCC for short), the following 2 or 3 digits represent the mobile device network code (MNC for short), and the remaining 10 or 9 decimal digits are the mobile subscriber identification number (MSIN for short).
The Temporary Mobile Subscriber Identity (TMSI) is set to prevent illegal individuals or groups from leaking the true international Mobile Subscriber Identity or location of the Mobile Subscriber by monitoring the signaling exchange over the air interface. This number is assigned by a Mobile Management Entity (MME) and is changed from time to time. Typically when a base station (eNodeB) calls a subscriber, the TMSI is also used and is typically shorter than the IMSI. The TMSI, which is a temporary "representative" of the IMSI, is set to avoid transmitting the IMSI over the air interface as much as possible to protect the user's privacy information.
In a GSM network system, a method for mainly acquiring the IMSI of a mobile phone user is to induce the user to send the IMSI to a pseudo base station, and a one-way authentication mechanism adopted in the GSM network is utilized, namely, in the process that the mobile phone accesses the GSM network, the network needs to authenticate the identity of the mobile phone, and the mobile phone does not need to authenticate a communication network. In the LTE communication network, a mechanism of bidirectional authentication is adopted, that is, the base station authenticates the user, and the user also authenticates the base station, and only after the authentication is passed, the user can access the LTE network. This makes the method of obtaining IMSI in GSM networks not directly applicable to LTE networks.
Disclosure of Invention
In order to solve the problem that the IMSI of a user is difficult to obtain due to bidirectional authentication and encryption in an LTE network, the invention provides a hidden DoS attack method and a system based on brute force cracking, and as shown in figure 1, the method comprises the following steps:
s1, acquiring the paging frame index and the temporary mobile user identification code of the target user;
s2, searching the country and area code of the mobile equipment and the network code of the mobile equipment according to the mobile phone number of the target user;
s3, obtaining the range of the international mobile subscriber identity of the target subscriber, and constructing the international mobile subscriber identity of the target subscriber;
s4, constructing a fake page by using the malicious base station, wherein the fake page comprises the international mobile subscriber identity and the temporary mobile subscriber identity of the target subscriber;
s5, detecting whether the RRC connection establishment request in the target user contains the temporary mobile user identification code of the target user, and determining the international mobile user identification code of the target user according to the detection;
s6, injecting a forged paging message at the paging occasion of the target user by using the malicious base station, wherein the paging message comprises the international mobile subscriber identity of the target user;
s7, when the target user is separated from the network, the target user initiates the ATTACH request again;
and S8, repeating the step S7 to continuously refuse the service for the target user.
Further, the international mobile subscriber identity comprises 15 binary coded decimal digits, the first three digits identify the country code of the mobile device, the subsequent 2 or 3 digits represent the network code of the mobile device, the remaining 10 or 9 decimal digits are the mobile subscriber identity, and a target user international mobile subscriber identity range is obtained according to the maximum value and the minimum value of the international mobile subscriber identity.
Further, a paging message contains 16 paging records at most, the identifier of the first 15 paging records is marked as the international mobile subscriber identity within the range of the international mobile subscriber identity of the target subscriber, and the identifier of the 16 th paging record is marked as the temporary mobile subscriber identity of the target subscriber as the TMSI1
Further, as shown in fig. 2, step S5 specifically includes:
if the target user receives the paging message sent by the malicious base station and identifiers of the first 15 paging records in the paging message are all incorrect, the RCC connection establishment request of the target user comprises a temporary mobile user identification code of the target user;
otherwise, the RCC connection establishment request of the target user does not include the temporary mobile user identification code of the target user;
repeating the steps, and reducing the range of the international mobile subscriber identity of the target subscriber to 15;
re-acquiring the temporary mobile user identification code of the target user, re-releasing the user to the normal network, allocating a TMSI to the target user by the normal network, and recording the TMSI as the TMSI2
Respectively constructing 15 paging messages by using 15 international mobile subscriber identities of target users, wherein each paging message comprises two paging records, the identifier of the first paging record is one of the 15 guessed international mobile subscriber identities of the target users, and the identifier of the second paging record is a temporary mobile subscriber identity of the current target user;
if the target user comprises the temporary mobile user identification code of the current target user in the RCC connection establishment request, the international mobile user identification code of the target user in the paging message is incorrect;
and if the target user does not include the current temporary mobile user identification code of the target user in the RCC connection establishment request, the target user international mobile user identification code in the paging message is correct.
The invention also provides a hidden DoS attack system based on brute force cracking, which comprises a malicious base station, a data acquisition module, an international mobile subscriber identity acquisition module and a DoS attack module, wherein:
the malicious base station is used for sending a paging message to a target user;
the data acquisition module is used for acquiring data of a target user by a user;
the international mobile subscriber identity obtaining module is used for obtaining the international mobile subscriber identity of the target price user according to the data of the target user;
a DoS attack module, configured to perform DoS attack on a user according to an international mobile subscriber identity of the user, where the module implements a function, as shown in fig. 3, to construct a page using an IMSI of a target user, so that the User (UE) disengages from a network and re-initiates an ATTACH procedure.
The invention is based on eavesdropping PFI and TMSI of the target user, and brute force cracking is carried out on IMSI of the target UE on the basis, and then the target UE is applied to the off-network attack. Compared with the prior art, the novel hidden DoS attack disclosed by the invention uses plaintext information which is transmitted in an air interface and does not relate to information after encryption, so that the existing LTE network cannot take effective measures to resist the attack. The invention adopts a passive monitoring mode to acquire parameters during the attack, so that an operator cannot sense the attack. The target user is also unaware during Brute Force IMSI and during the injection of fake paging records in the paging message.
Drawings
FIG. 1 is a flow chart of a system employed by the present invention;
FIG. 2 is a block diagram of Brute Force IMSI (Brute Force) employed in the present invention;
fig. 3 is a block diagram of the DoS attack of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a hidden DoS attack method based on brute force cracking, which comprises the following steps of:
s1, acquiring the paging frame index and the temporary mobile user identification code of the target user;
s2, searching the country and area code of the mobile equipment and the network code of the mobile equipment according to the mobile phone number of the target user;
s3, obtaining the range of the international mobile subscriber identity of the target subscriber, and constructing the international mobile subscriber identity of the target subscriber;
s4, constructing a fake page by using the malicious base station, wherein the fake page comprises the international mobile subscriber identity and the temporary mobile subscriber identity of the target subscriber;
s5, detecting whether the RRC connection establishment request in the target user contains the temporary mobile user identification code of the target user, and determining the international mobile user identification code of the target user according to the detection;
s6, injecting a forged paging message at the paging occasion of the target user by using the malicious base station, wherein the paging message comprises the international mobile subscriber identity of the target user;
s7, when the target user is separated from the network, the target user initiates the ATTACH request again;
and S8, repeating the step S7 to continuously refuse the service for the target user.
In this embodiment, taking a china mobile subscriber as an example, the country code of the mobile device is 460 and the network code of the mobile device is 00. Assuming that the paging index frame of the target user is 109 and the T ═ nB of the cell where the target user is located is 128, the process of acquiring the IMSI of the target user is shown in fig. 2, and includes the following steps 1 to 4:
step 1, using open source software running on Ubuntu to drive hardware to realize the construction of a pseudo user (malicious user), using the constructed pseudo user to receive a system message in an air interface, and then decoding the system message into a plaintext message. Capturing a System Information Block (SIB) in a cell gap of a target user by using a malicious user, and determining a default Discontinuous Reception cycle (DRX cycle) T of the cellCAnd discontinuous reception period T of the userUEWhen the user starts up, a mobility management entity (MME for short) at the network side configures T for the userUEValue of (a), nB is the density of paging, and the paging cycle is denoted as T ═ min (T)C,TUE) In the present embodiment, T ═ nB ═ 128.
Step 2, the calculation process for specifying the paging frame index in the protocol 36304 includes:
UE_ID=IMSI mod 1024;
Figure BDA0002300700830000051
Figure BDA0002300700830000052
SFN mod T=PFI;
wherein, SNF is the current system frame number; the UE _ ID is a value obtained by subtracting the IMSI from 1024.
And acquiring the SFN when the target user pages and the paging cycle T of the system message by using a platform of a laboratory. The PFI can be calculated by the two parameters, and then the range of the IMSI of the target user can be calculated according to the derivation formula of the PFI.
In this embodiment, it is assumed that the paging frame index PFI of the target subscriber is 109, and in the case of T ═ nB ═ 128, the paging frame index PFI is indicated as the last 7 bits of the binary representation of the decimal international mobile subscriber identity of the target subscriber.
Because the international mobile subscriber identity comprises 15 binary coded decimal digits, the first three digits identify the mobile device country code,the next 2 or 3 digits represent the mobile device network code, the remaining 10 or 9 decimal value digits are the mobile subscriber identification number, and in this embodiment the mobile device country area code is 460 and the mobile device network code is 00, representing the first 11 digits of the target UE decimal IMSI binary representation. Therefore, the range of the IMSI of the present embodiment can be obtained, the minimum value is 460000000000109, the maximum value is 460009999999981, the difference between the minimum value and the maximum value is the number of IMSIs, which is equal to 9999999872, and by using the calculation formula of PFI, the T value and the nB value, the possible IMSI values of the target subscriber can be obtained every 128, so that the number of the possible IMSI values is (9999999872/128) ═ 78124999, and the IMSI is usediThe international mobile subscriber identity representing the ith guess, whose set is denoted G ═ IMSIi|1≤i≤78124999}。
Step 3,
Fake paging message, containing 16 paging records in one paging message at most, the identifier of the first 15 paging records being the IMSI, N, guessed by usq={IMSIjJ is more than or equal to 1 and less than or equal to 15}, a paging message can contain 15 possible IMSI values at most, so the number of the paging messages which are required in total is (78124999/15) ═ 5208333.27, and the whole number is 5208334, wherein N isqE is G, and q is more than or equal to 1 and less than or equal to 5208334. The identifier of the 16 th paging record is the TMSI of the target UE, with which the TMSI is used1And (4) showing. For forged paging messages, if the target UE receives the IMSI in the pagingjAll incorrect, the target UE will include the TMSI in the RCC connection setup request1. If IMSIjContains the correct IMSI, the target UE will not include the TMSI in the RCC connection setup request1. Uninterrupted use of IMSIjAttempting paging until the target UE's RRC connection setup request does not include TMSI1So we can narrow the range of IMSI to 15.
Step 4, since the current TMSI of the target UE is invalid due to the IMSI used as the identifier in the paging message, we want to allow the target UE to connect to the normal base station to continue to acquire the new TMSI of the target UE, which is denoted as TMSI2In combination with TMSI2To construct a paging message.
Obtaining TMSI of target UE2Then, we need to construct 15 paging messages, each paging message only contains two paging records, the identifier of the first paging record is one of 15 guessed target user international mobile subscriber identities, and the identifier of the second paging record is the temporary mobile subscriber identity of the current target user.
If the target user will include a new TMSI (TMSI) in the RCC connection establishment request2It means that the guessed IMSI is incorrect. If the target user does not include TMSI in the RCC connection establishment request2It means that the IMSI is guessed correctly. Thus, the IMSI of the target UE is obtained.
Fig. 3 is a schematic diagram of a DoS attack process performed by the present invention, and the process is as follows:
step 5, stipulate in the protocol, when the user receives the paging message with IMSI as the mark, will separate with the local evolution type packet system (EPS for short), and delete the parameters such as GUTI. After the detachment is completed, the user will re-initiate the ATTACH procedure. The paging message is forged by using the IMSI obtained in the step 4, and the paging message with the IMSI as an identifier is continuously broadcasted, so that the target user is continuously and circularly separated from the local EPS and then initiates an ATTACH process, thereby achieving the purpose of Dos.
The invention also provides a hidden DoS attack system based on brute force cracking, which comprises a malicious base station, a data acquisition module, an international mobile subscriber identity acquisition module and a DoS attack module, wherein:
the malicious base station is used for sending a paging message to a target user;
the data acquisition module is used for acquiring data of a target user by a user;
the international mobile subscriber identity obtaining module is used for obtaining the international mobile subscriber identity of the target price user according to the data of the target user;
and the DoS attack module is used for carrying out DoS attack on the user according to the international mobile subscriber identity of the user, namely, the obtained IMSI is used for forging the paging message, the paging message with the IMSI as the identifier is continuously broadcasted, and the target user is continuously and circularly separated from the local EPS and then initiates an ATTACH process, thereby achieving the purpose of Dos.
Further, the international mobile subscriber identity obtaining module comprises a rough range obtaining module, a first precise range obtaining module and an accurate obtaining module, wherein:
the rough range acquisition module is used for acquiring all possible international mobile subscriber identification codes of a target subscriber according to the information of the subscriber;
the accurate range acquisition module is used for constructing paging messages and reducing the range of the international mobile subscriber identity to 15;
and the accurate acquisition module is used for acquiring the international mobile subscriber identity of the target subscriber.
Further, the process of acquiring all possible international mobile subscriber identities of the target user by the coarse range acquisition module includes:
according to the international mobile subscriber identification code including 15 binary coded decimal digits, the first three digits identify the country area code of the mobile equipment, the next 2 or 3 digits represent the network code of the mobile equipment, the rest 10 or 9 decimal digits are the mobile subscriber identification number, and then according to the maximum value and the minimum value of the international mobile subscriber identification code, a target user international mobile subscriber identification code range is obtained.
Further, the process of narrowing the range of the international mobile subscriber identity to 15 by the accurate range obtaining module includes:
if the target user receives the paging message and the identifiers of the first 15 paging records in the paging message are all incorrect, the RCC connection establishment request of the target user comprises a temporary mobile user identification code of the target user;
otherwise, the RCC connection establishment request of the target user does not include the temporary mobile user identification code of the target user;
repeating the above steps, and reducing the range of the target user international mobile subscriber identity to 15.
Further, the temporary mobile user identification code of the target user is obtained again, the user is released to a normal network again, and the normal network is divided into the target userAllocating a TMSI, and recording the TMSI as the TMSI2
Respectively constructing 15 paging messages by using 15 international mobile subscriber identities of target users, wherein each paging message comprises two paging records, the identifier of the first paging record is one of the 15 guessed international mobile subscriber identities of the target users, and the identifier of the second paging record is a temporary mobile subscriber identity of the current target user;
if the target user comprises the temporary mobile user identification code of the current target user in the RCC connection establishment request, the international mobile user identification code of the target user in the paging message is incorrect;
and if the target user does not include the current temporary mobile user identification code of the target user in the RCC connection establishment request, the target user international mobile user identification code in the paging message is correct.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. A hidden DoS attack method based on brute force cracking is characterized by comprising the following steps:
s1, acquiring the paging frame index and the temporary mobile user identification code of the target user;
s2, searching the country and area code of the mobile equipment and the network code of the mobile equipment according to the mobile phone number of the target user;
s3, obtaining the range of the international mobile subscriber identity of the target subscriber, and constructing the international mobile subscriber identity of the target subscriber;
s4, constructing a fake page by using the malicious base station, wherein the fake page comprises the international mobile subscriber identity and the temporary mobile subscriber identity of the target subscriber;
s5, detecting whether the RRC connection establishment request in the target user contains the temporary mobile user identification code of the target user, and determining the international mobile user identification code of the target user according to the detection;
s6, injecting a forged paging message at the paging occasion of the target user by using the malicious base station, wherein the paging message comprises the international mobile subscriber identity of the target user;
s7, when the target user is separated from the network, the target user initiates the ATTACH request again;
and S8, repeating the step S7 to continuously refuse the service for the target user.
2. The hidden DoS attack method based on brute force cracking as claimed in claim 1, wherein the international mobile subscriber identity includes 15 binary coded decimal digits, the first three digits identify the country area code of the mobile device, the next 2 or 3 digits represent the network code of the mobile device, the remaining 10 or 9 decimal digits are the mobile subscriber identity, and a target user international mobile subscriber identity range is obtained according to the maximum value and the minimum value of the international mobile subscriber identity.
3. The hidden DoS attack method based on brute force cracking as claimed in claim 1, wherein one paging message contains 16 paging records at most, the identifier of the first 15 paging records is recorded as the international mobile subscriber identity within the range of the international mobile subscriber identity of the target subscriber, and the identifier of the 16 th paging record is recorded as the temporary mobile subscriber identity of the target subscriber, which is recorded as TMSI1
4. The hidden DoS attack method based on brute force cracking as claimed in claim 1, wherein the step S5 includes:
if the target user receives the paging message sent by the malicious base station and identifiers of the first 15 paging records in the paging message are all incorrect, the RCC connection establishment request of the target user comprises a temporary mobile user identification code of the target user;
otherwise, the RCC connection establishment request of the target user does not include the temporary mobile user identification code of the target user;
repeating the steps, and reducing the range of the international mobile subscriber identity of the target subscriber to 15;
re-acquiring the temporary mobile user identification code of the target user, re-releasing the user to the normal network, allocating a TMSI to the target user by the normal network, and recording the TMSI as the TMSI2
Respectively constructing 15 paging messages by using 15 international mobile subscriber identities of target users, wherein each paging message comprises two paging records, the identifier of the first paging record is one of the 15 guessed international mobile subscriber identities of the target users, and the identifier of the second paging record is a temporary mobile subscriber identity of the current target user;
if the target user comprises the temporary mobile user identification code of the current target user in the RCC connection establishment request, the international mobile user identification code of the target user in the paging message is incorrect;
and if the target user does not include the current temporary mobile user identification code of the target user in the RCC connection establishment request, the target user international mobile user identification code in the paging message is correct.
5. A hidden DoS attack system based on brute force cracking is characterized by comprising a malicious base station, a data acquisition module, an international mobile subscriber identity acquisition module and a DoS attack module, wherein:
the malicious base station is used for sending a paging message to a target user;
the data acquisition module is used for acquiring data of a target user by a user;
the international mobile subscriber identity obtaining module is used for obtaining the international mobile subscriber identity of the target price user according to the data of the target user;
and the DoS attack module is used for carrying out DoS attack on the user according to the international mobile subscriber identity of the user.
6. The brute force attack-based covert DoS attack system of claim 1, wherein the international mobile subscriber identity acquisition module comprises a coarse range acquisition module, a first fine range acquisition module, and an accurate acquisition module, wherein:
the rough range acquisition module is used for acquiring all possible international mobile subscriber identification codes of a target subscriber according to the information of the subscriber;
the accurate range acquisition module is used for constructing paging messages and reducing the range of the international mobile subscriber identity to 15;
and the accurate acquisition module is used for acquiring the international mobile subscriber identity of the target subscriber.
7. The system of claim 1, wherein the coarse range acquisition module acquires all possible international mobile subscriber identities of the target users by:
according to the international mobile subscriber identification code including 15 binary coded decimal digits, the first three digits identify the country area code of the mobile equipment, the next 2 or 3 digits represent the network code of the mobile equipment, the rest 10 or 9 decimal digits are the mobile subscriber identification number, and then according to the maximum value and the minimum value of the international mobile subscriber identification code, a target user international mobile subscriber identification code range is obtained.
8. The hidden DoS attack system based on brute force cracking of claim 1, wherein the process of narrowing the range of the international mobile subscriber identity to 15 pieces by the accurate range obtaining module comprises:
if the target user receives the paging message and the identifiers of the first 15 paging records in the paging message are all incorrect, the RCC connection establishment request of the target user comprises a temporary mobile user identification code of the target user;
otherwise, the RCC connection establishment request of the target user does not include the temporary mobile user identification code of the target user;
repeating the above steps, and reducing the range of the target user international mobile subscriber identity to 15.
9. The hidden DoS attack system based on brute force cracking as claimed in claim 1, wherein the process of accurately obtaining module to obtain target user international mobile subscriber identity comprises:
re-acquiring the temporary mobile user identification code of the target user, re-releasing the user to the normal network, allocating a TMSI to the target user by the normal network, and recording the TMSI as the TMSI2
Respectively constructing 15 paging messages by using 15 international mobile subscriber identities of target users, wherein each paging message comprises two paging records, the identifier of the first paging record is one of the 15 guessed international mobile subscriber identities of the target users, and the identifier of the second paging record is a temporary mobile subscriber identity of the current target user;
if the target user comprises the temporary mobile user identification code of the current target user in the RCC connection establishment request, the international mobile user identification code of the target user in the paging message is incorrect;
and if the target user does not include the current temporary mobile user identification code of the target user in the RCC connection establishment request, the target user international mobile user identification code in the paging message is correct.
CN201911220499.6A 2019-12-03 2019-12-03 Hidden DoS attack method and system based on brute force cracking Pending CN110995704A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911220499.6A CN110995704A (en) 2019-12-03 2019-12-03 Hidden DoS attack method and system based on brute force cracking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911220499.6A CN110995704A (en) 2019-12-03 2019-12-03 Hidden DoS attack method and system based on brute force cracking

Publications (1)

Publication Number Publication Date
CN110995704A true CN110995704A (en) 2020-04-10

Family

ID=70089508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911220499.6A Pending CN110995704A (en) 2019-12-03 2019-12-03 Hidden DoS attack method and system based on brute force cracking

Country Status (1)

Country Link
CN (1) CN110995704A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113316152A (en) * 2021-05-21 2021-08-27 重庆邮电大学 DoS attack detection method and defense method for terminal in LTE system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113316152A (en) * 2021-05-21 2021-08-27 重庆邮电大学 DoS attack detection method and defense method for terminal in LTE system

Similar Documents

Publication Publication Date Title
US10034324B2 (en) Optimization of power consumption in dual SIM mobiles in connected mode in a wireless network
KR101048560B1 (en) Network device, user equipment, and computer readable media for generating protection keys in next generation mobile networks
Jover LTE security, protocol exploits and location tracking experimentation with low-cost software radio
US9241261B2 (en) Method, system and device for negotiating security capability when terminal moves
US11877149B2 (en) Protection of initial non-access stratum protocol message in 5G systems
US20220007182A1 (en) Protection of Initial Non-Access Stratum Protocol Message in 5G Systems
CN111869182B (en) Method for authenticating equipment, communication system and communication equipment
KR20170102864A (en) Mutual authentication between user equipment and an evolved packet core
CN110169029B (en) Method and network node for paging in a wireless communication system
KR101059794B1 (en) Method for restricting illegal use of terminal and system for same
CN102396203A (en) Emergency call handling in accordance with authentication procedure in communication network
EP2874367A1 (en) Call authentication method, device, and system
EP3146740A1 (en) Cellular network authentication
US20150026787A1 (en) Authentication method, device and system for user equipment
CN110995704A (en) Hidden DoS attack method and system based on brute force cracking
JP2022530955A (en) Methods and processes for validating multi-SIM devices and subscription information
CN109219049B (en) Pseudo base station identification method, pseudo base station identification device and computer readable storage medium
CN110830421B (en) Data transmission method and device
CN113973293B (en) Interception method and device
CN101909368B (en) Wireless network security solution method and equipment
KR101434750B1 (en) Geography-based pre-authentication for wlan data offloading in umts-wlan networks
CN101772019A (en) Method of handling inter-system handover security and related communication device
Zhou Investigation of LTE Privacy Attacks by Exploiting the Paging Mechanism
US20220132309A1 (en) Wireless network verification using fingerprints
WO2017028031A1 (en) Mobile network security processing method, warning method and user terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200410