Denial of Service (DOS) attacks or Distributed Denial of Service (DDOS) attacks are characterized by an explicit attempt by attackers to prevent legitimate users of a mobile service from using that service. Such attacks can be directed at any device in the mobile network. Although a network itself is not so vulnerable for such attacks, the individual mobile end-terminals are, as nowadays such devices allow all kinds of software to be downloaded and to be executed via the operating system of the mobile device.
On the mobile device level, a DOS attack may be realized by malicious software, e.g. a virus or the like, which is designed to block access to the mobile services. Typically the attack is targeted to block or lock the mobile device and/or the removable smart-card, which may be located in the mobile device.
Mobile devices use smart cards for authentication purposes. The smart card may e.g. comprise a Subscriber Identity Module (SIM) holding a service-subscriber key (Ki) for authentication to a GSM-type network and/or a Universal Subscriber Identity Module (USIM) also holding a service-subscriber key (Ki) for authentication to a UMTS-type network. Further, the smart card may allow the mobile device to authenticate the user. To that end the mobile device requires the user to enter his or her Personal Identification Number (PIN) and subsequently sends an authentication command comprising the PIN to the (U)SIM. If the wrong PIN is entered more than three times, either the (U)SIM, the mobile device or both become locked.
A possible DOS attack could consist of malicious software (malware) which sends authentication commands with random data instead of the correct PIN to the (U)SIM. After the third time the (U)SIM is blocked for further access, making the mobile device at least temporarily useless. Using a further authentication code, the Personal Unblocking Code (PUC), the (U)SIM may be unblocked. A subsequent DOS attack on the basis of the PUC code would make the U(SIM) permanently useless as entering the wrong PUC ten times in a row unrecoverably blocks the (U)SIM. In that case a new smart card is required.
Hence, large distribution of such malware could result in a serious DOS attack which would take a significant number of mobile devices either temporarily or permanently out of order. Therefore, measures to protect mobile devices from such DOS attacks are needed.
One way of preventing DOS attacks is to improve the channel assignment in the GSM standard. In the article by Bocan et al (V. Bocan and V. Cretu, “Mitigating Denial of Service Threats in GSM Networks”, Proceedings of ARES 2006, The First International Conference on Availability, Reliability and Security, Vienna 2006, pp. 523-528) an improved DOS-resistant GSM channel assignment process is proposed by adding pre-authentication information in the GSM channel assignment protocol. This technique however requires changes in the existing GSM networks and thus will be difficult to implement.
Another way of preventing DOS attacks is known from WO2004/038652. In this method a mobile device is blocked for a requested service after a predetermined number of failures to pass an authentication test. After each failure the user has to wait a predetermined time before the user is allowed to proceed with a subsequent authentication step. The introduction of such delay generates a temporary denial of services. The requested services will be blocked for a predefined time period which is long enough for the user to notice that something is wrong with the mobile device.
One disadvantage of this method is that if the user accidentally enters a wrong PIN, the device will be blocked for a considerable time before the user may enter the PIN for a second time. Further, this method only delays the DOS attack. Measures should be taken by an administrator or another capable person in order to deactivate the malicious code which executes the DOS attack. In many situations this may not be possible. If the temporarily denial of service caused by the delay is not timely noticed by the user, the mobile device will be blocked by the DOS attack.
A way of removing malware from the mobile device is known from U.S. 2005/0064859. In this method copies of various stages of the operating system of the mobile device are stored on a backup server in the network. If, by scanning the copies in the network with an up-to-date virusscanner, it is detected that malware is present on the mobile device, the backup server downloads an uninfected old version of the operating system to the mobile device to replace the newer infected version. In fact the use of this prior art method ensures that the network always has the most recent and most sophisticated version of the up-to-date virusscanner available. However, this method does not prevent malware that has reached the mobile device, from rendering the (U)SIM useless, as the mobile device itself is not able to detect the malware and act accordingly. If the (U)SIM is not operating any more, it is in most cases not even possible to download a new operating system to the mobile device. Even if a new operating system has been downloaded, the mobile device is still unusable because the (U)SIM is out of order.
U.S. patent application publication 2006/0010314 describes running multiple operating systems on a mobile device, while preserving the original one. The method provides solutions to ensure that newer parts of the operating system, called ‘guest OS’, do not erase the original OS, called ‘host OS’. U.S. patent application publication 2006/0010314, however, does not give any teaching how to detect the presence of malware in either the host OS or the guest OS nor does it teach how to act in situations where the mobile device is infected with malware. The U.S. patent application publication 2006/0010314 in fact does not make any hint to malware or other third party operating systems into the device. Moreover the multiple operating systems as disclosed in U.S. patent application publication 2006/0010314 are running independently one of another without any interaction therebetween, other than preserving the original running operating system and other than to run a guest OS or application from within the host OS in a mobile device.