skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Title: Unveiling the Insecurity of Operational Cellular Emergency Services (911): Vulnerabilities, Attacks, and Countermeasures

The cellular network offers a ubiquitous emergency call service with its pervasive coverage. In the United States, it can be consumed by dialing 911 for cellular users, and the emergency call is forwarded to the public safety answer point (PSAP), which handles emergency service requests. According to regulatory authority requirements [1,2,3] for cellular emergency services, anonymous user equipment (UE) is allowed to access them without a SIM (Subscriber Identity Module) card, a valid mobile subscription, or a roaming agreement with the visited cellular network. Such support of the cellular emergency services requires different operations from conventional cellular services, thereby increasing the attack surface of the cellular infrastructure.

 
more » « less
Award ID(s):
1815636 1814551
PAR ID:
10481257
Author(s) / Creator(s):
; ; ; ; ; ; ; ; ; ;
Publisher / Repository:
ACM
Date Published:
Journal Name:
GetMobile: Mobile Computing and Communications
Volume:
27
Issue:
1
ISSN:
2375-0529
Page Range / eLocation ID:
39 to 43
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities. 
    more » « less
  2. The importance to our society of emergency network communications cannot be underestimated. The loss of communication and network systems in a state of emergency denies victims of disaster and city emergency response teams critical information about the crisis. It is essential to restore communication systems and service in order to ensure continuous and efficient emergency operations. This paper presents a cloud-based cost-effective emergency network management system to provide dynamic network services. We have developed a network application to enable users to access the Internet during an emergency. The application is ready to immediately restore lost connectivity through economical embedded systems and UAVs. We implement our prototypes based on Resin.io, a framework that utilizes Linux containers on IoT(Internet of Things) devices to deploy applications. We evaluate our systems on Raspberry Pi, a popular embedded system. We demonstrate the feasibility of our proposed system, showing that it is an economical infrastructure that it can successfully be used for an emergency network to replace a demolished network infrastructure. 
    more » « less
  3. We revisit the long-standing problem of providing network QoS to applications, and propose the concept of judicious QoS -- combining the cheaper, best effort IP service with the cloud, which offers a highly reliable infrastructure and the ability to add in-network services, albeit at higher cost. Our proposed J-QoS framework offers a range of reliability services with different cost vs. delay trade-offs, including: i) a forwarding service that forwards packets over the cloud overlay, ii) a caching service, which stores packets inside the cloud and allows them to be pulled in case of packet loss or disruption on the Internet, and iii) a novel coding service that provides the least expensive packet recovery option by combining packets of multiple application streams and sending a small number of coded packets across the more expensive cloud paths. We demonstrate the feasibility of these services using measurements from RIPE Atlas and a live deployment on PlanetLab. We also consider case studies on how J-QoS works with services up and down the network stack, including Skype video conferencing, TCP-based web transfers and cellular access networks. 
    more » « less
  4. The New York City (NYC) youth shelter system provides housing, counseling, and other support services to runaway and homeless youth and young adults (RHY). These resources reduce RHY's vulnerability to human trafficking, yet most shelters are unable to meet demand. This paper presents a Discrete Event Simulation (DES) model of a crisis-emergency and drop-in center for LGBTQ+ youth in NYC, which aims to analyze the current operations and test potential capacity expansion interventions. The model uses data from publicly available resources and interviews with service providers and key stakeholders. The simulated shelter has 66 crisis-emergency beds, offers five different support services, and serves on average 1,399 LGBTQ+ RHY per year. The capacity expansion interventions examined in this paper are adding crisis-emergency beds and psychiatric therapists. This application of DES serves as a tool to communicate with policymakers, funders, and service providers-potentially having a strong humanitarian impact. 
    more » « less
  5. null (Ed.)
    Orange County, Florida is intimately familiar with impacts of natural disasters because of the yearly threat of hurricanes in the southeastern United States. One of the tools that has aided them in their efforts to monitor and manage such disasters is their 311 non-emergency call system, through which local residents can issue requests to the municipality for disaster-related information or other services. This paper provides a preliminary examination of the potential for the Orange County 311 system to provide actionable information to them in support of their efforts to manage a different type of disaster: the COVID-19 pandemic. The potential of the system to support the County in this context is illustrated through several preliminary analyses of the complete set of service requests that were registered in the first ten months of 2020. 
    more » « less