Pay as You Want: Bypassing Charging System in Operational Cellular Networks

  title={Pay as You Want: Bypassing Charging System in Operational Cellular Networks},
  author={Hyunwook Hong and Hongil Kim and Byeongdo Hong and Dongkwan Kim and Hyunwoo Choi and Eunkyu Lee and Yongdae Kim},
Accurate and fair data charging in cellular networks is an important issue because of its large impacts on profits of operators and bills for users. In this study, we analyze the data charging policies and mechanisms for protocols and applications. The analysis shows that all operators in South Korea did not charge the payload of Internet Control Message Protocol (ICMP) echo request/reply messages, as well as the payload attached to Transmission Control Protocol (TCP) SYN and TCP RST packets… 

Ghost calls from operational 4G call systems: IMS vulnerability, call DoS attack, and countermeasure

This work uncovers that the VoWi-Fi signaling session can be hijacked to maliciously manipulate the IMS call operation, and exploits a vulnerability of the 4G network infrastructure, call information leakage, which is explored using machine learning.



Mobile data charging: new attacks and countermeasures

This work has identified loopholes in both metered accounting architecture and application-specific charging policies by operators from the security perspective, and discovered two effective attacks exploiting the loopholes.

Insecurity of Voice Solution VoLTE in LTE Mobile Networks

This work conducts the first study on VoLTE security before its full rollout, discovering several vulnerabilities in both its control-plane and data-plane functions, which can be exploited to disrupt both data and voice in operational networks.

Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging

This work finds that all three can be breached in both design and practice, and identifies three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy.

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

In the process of unveiling the free data channels, this paper identifies a number of additional vulnerabilities of early VoLTE implementations, which lead to serious exploits, such as caller spoofing, over-billing, and denial-of-service attacks.

TCP fast open

The design, implementation, and deployment of the TCP Fast Open protocol is described, a new mechanism that enables data exchange during TCP's initial handshake that decreases application network latency by one full round-trip time, decreasing the delay experienced by such short TCP transfers.

Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission

It is found that TCP retransmissions can be easily abused to manipulate the current practice of cellular data accounting.

1 LTE Network Architecture and Protocols

GPRS (general packet radio system) and EDGE (enhanced data rates for global evolution) systems have been the evolution path of GSM.

IP Network Address Translator (NAT) Terminology and Considerations

This document attempts to describe the operation of NAT devices and the associated considerations in general, and to define the terminology used to identify various flavors of NAT.

Requirements for Internet Hosts - Communication Layers

This RFC is an official specification for the Internet community. It incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to hosts.

U.S. Smartphone Use in 2015

Key Themes of This Report 10% of Americans own a smartphone but do not have broadband at home, and 15% own a smartphone but say that they have a limited number of options for going online other than