Since various mobile applications have been introduced, the use of cellular data networks has been dramatically increased. As a consequence, cellular network carriers have started to face difficult challenges to provide high quality services while protecting their networks and clients. In order to cope with these issues, cellular network carriers have deployed middleboxes in their networks. The middleboxes are network devices which can be used to inspects, filters, and forwards traffics to improve security and overall performance. However, even these middleboxes can be targeted by adversaries, and therefore, if insecure polices are applied on these middleboxes, a lot of attacks could be occur.
In this thesis, middleboxes policies of three major cellular carriers in Korea are systematically evaluated. Among various types of middleboxes, we focus on NAT and Firewall as they are keys to improve security. As the experiment results show that two carriers allowed IP spoofing which encounters the overbilling and battery drain attack. Moreover, one carrier did not block incoming and outgoing unsolicited packets which allow SYN flooding attack through established connections.
In addition to middleboxes, we evaluate whether GTP attacks are well protected by Korean cellular carriers. In this thesis, we demonstrate that GTP attacks are possible on Korean cellular network which can be used to identify core components in cellular networks. Once the core components are identified, DoS attack could be launched by taking down these components.