Mikhail Istomin

Scalability of Machine to Machine systems and the Internet of Things on LTE mobile networks

Machine to Machine (M2M) systems are actively spreading, with mobile networks rapidly evolving to provide connectivity beyond smartphones and tablets. With billions of embedded devices expected to join cellular networks over the next few years, novel applications are emerging and contributing to the Internet of Things (IoT) paradigm. The new generation of mobile networks, the Long Term Evolution (LTE), has been designed to provide enhanced capacity for a large number of mobile devices and is expected to be the main enabler of the emergence of the IoT. In this context, there is growing interest in the industry and standardization bodies on understanding the potential impact of the scalability of M2M systems on LTE networks. The highly heterogeneous traffic patterns of most M2M systems, very different from those of smartphones and other mobile devices, and the surge of M2M connected devices over the next few years, present a great challenge for the network. This paper presents the first insights and answers on the scalability of the IoT on LTE networks, determining to what extent mobile networks could be overwhelmed by the large amount of devices attempting to communicate. Based on a detailed analysis with a custom-built, standards-compliant, large-scale LTE simulation testbed, we determine the main potential congestion points and bottlenecks, and determine which types of M2M traffic present a larger challenge. To do so, the simulation testbed implements realistic statistical M2M traffic models derived from fully anonymized real LTE traces of six popular M2M systems from one of the main tier-1 operators in the United States.

Firecycle: A scalable test bed for large-scale LTE security research

LTE (Long Term Evolution) is the latest cellular communications standard to provide advanced mobile services that go beyond traditional voice and short messaging traffic. Mobility networks are experiencing a drastic evolution with the advent of Machine to Machine (M2M) systems and the Internet of Things (IoT), which is expected to result in billions of connected devices in the near future. In parallel, the security threat landscape against communication networks has rapidly evolved over the last few years, with major Distributed Denial of Service (DDoS) attacks and the substantial spread of mobile malware. In this paper we introduce Firecycle, a new modeling and simulation platform for next-generation LTE mobility network security research. This standards compliant platform is suitable for large-scale security analysis of threats against a real LTE mobile network. It is designed with the ability to be distributed over the cloud, with an arbitrary number of virtual machines running different portions of the network, thus allowing simulation and testing of a full-scale LTE mobility network with millions of connected devices. Moreover, the mobile traffic generated by the platform is modeled from real data traffic observations from one of the major tier-1 operators in the US.

Dandelion - Revealing Malicious Groups of Interest in Large Mobile Networks

There are an enormous number of security anomalies that occur across the Internet on a daily basis. These anomalies are typically viewed as individual security events that are manually analyzed in order to detect an attack and take action. Important characteristics of an attack may go unnoticed due to limited manual resources. Mobile attacks introduce further complexity by typically traversing multiple types of networks making correlation and detection even more challenging. In this paper, we propose a system Dandelion, which aims to automatically correlate individual security anomalies together to reveal an entire mobile attack campaign. The system also identifies previously unknown malicious network entities that are highly correlated. Our prototype system correlates thousands of network anomalies across both the SMS and IP networks of a large US tier-1 mobile service provider, reducing them to approximately \(20\sim 30\) groups of interest a day. To demonstrate Dandelion’s value, we show how our system has provided the critical information necessary to human analysts in detecting and mitigating previously unknown mobile attacks.