MobiDeke Fuzzing the GSM Protocol Stack
MobiDeke: Fuzzing the GSM Protocol Stack
MobiDeke: Fuzzing the GSM Protocol Stack
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Introduction<strong>Fuzzing</strong> over-<strong>the</strong>-airThe <strong>MobiDeke</strong> FrameworkConclusionTestcases generation and mutationMonitoringReportFuture enhancementCheck <strong>the</strong> reserved channel: ’over-<strong>the</strong>-air’Motivations• OpenBTS crashes a lot! During that time your fuzzer continues to sendpayloads...• Is <strong>the</strong> reserved channel stable enough?• Is <strong>the</strong> baseband ready to receive <strong>the</strong> next payload?• Did <strong>the</strong> baseband crash?Solutions• Check <strong>the</strong> radio channel state regularly ⇒ Transaction entries, paging statesin OpenBTS.• Send ‘ping’ requests to <strong>the</strong> baseband ‘over-<strong>the</strong>-air’• Send a IDENTITY REQUEST, <strong>the</strong> mobile will respond with an IDENTITYRESPONSE<strong>MobiDeke</strong>: <strong>Fuzzing</strong> <strong>the</strong> <strong>GSM</strong> <strong>Protocol</strong> <strong>Stack</strong> 25/38