Signaling security by design and reducing the attack surface
In telecommunications, signaling protocols are critical in routing mobile network-related traffic. These protocols are efficient and scalable however they come with their security issues. Mobile operators still support the legacy versions of these protocols and if they are kept in mobile networks they contribute to great security risk and widen the attack surface.
These articles will highlight the problems of legacy signaling protocols and propose solutions to replace them and provide better security in 2G,3G,4G, IMS, and 5G.
GPRS Tunneling Protocol Control(GTP-C)
It is a protocol used within the mobile network infrastructure to establish communication between data network nodes such as SGSN, GGN, PGW, and SGW. The protocol has 3 versions: GTP-C version 0, 1, and 2. The legacy version zero is only used for 2G and 3G mobile networks via the GGSN and SGSN.
Problem
The GTP-C version zero has inherited a security flaw because it fails to randomize TID. In short, the TID is generated predictably and cybercriminals can guess or brute force it easily.
