An increasing interest in wireless network security, in particular within certain communities, has led to a wider spread of knowledge on how such systems work and to “hackers” working on manipulation of wireless communication devices, and further to the emergence of open source code usable to program devices for accessing some types of cellular wireless networks. This in turn introduces new threats over the wireless network air interface, in contrast to the communication devices previously having generally been trusted not to behave maliciously.
Much of this trust can be derived from the fact that network vendors, so far, largely have trusted manufacturers of the communication devices, and detailed knowledge of the technology has been limited to these communities. Nevertheless, communication devices have been known to misbehave in ways that has caused problems in the mobile network, for example communication devices sending messages causing software related issues in the wireless network. Such misbehavior has generally been attributed to misunderstandings of the technical specifications or unintentional implementation mistakes made by the manufacturers. In cases where this has happened, the network vendors have dealt with the problem by making modifications to network elements in order to deal with the problem; for instance by accommodating also the abnormal behavior. However, to do this in a timely fashion may require quick and market specific code modifications to wireless network element products. In other cases, resolution of the problem will have to wait for the next release of the product.
When addressing such security issues attention must also be paid to how attacks are to be prevented in order to maintain a proper and consistent working state of the wireless network. This is particularly an issue for a control plane of the wireless network, since manipulations to control plane signaling messages could potentially have highly undesirable effects if not handled carefully. For instance, in order to stop an attack certain malicious messages may have to be prevented from reaching a network function, and to simply remove the malicious messages could potentially have undesired effects. A simple example of this is the case where an underlying transport layer incorporates reliable transmission, e.g., using retransmission in order to ensure data to be reconstructed even in case of packet losses. In such case, removing the message would cause retransmissions on the transport layer and might thus interfere with all communications between the end points.
Published document WO2013/135320A1 addresses the above issue of communication devices sending large numbers of specific signaling messages. A mechanism is described integrated into a Serving GPRS Support Node/Mobility Management Entity (SGSN/MME) node for detecting when a communication device is stuck in a loop of transmitting certain request messages and receiving reject messages, and signaling to the communication device to abort such loop. In particular, the SGSN/MME node monitors results of interactions with communication devices that lead to reject messages, counts the reject messages and if the count exceeds a configurable threshold, it sends a message to the communication device to cease.
However, such a mechanism does not protect message interpretation logic of the network node itself against malformed traffic and is limited to the protocol layers terminated in one particular node. Moreover, attacks or otherwise harmful traffic may come in many forms, necessitating flexibility. The need for flexible protection measures has been recognized in, e.g., Transmission Control Protocol/Internet Protocol (TCP/IP) networks. For instance, typical Internet firewalls, Network Intrusion Prevention Systems (NIPS), SIP Border Gateway Controllers, or Web Application Firewalls (WAF), provide rule-based mechanisms to protect against network attacks. However, the requirements for such TCP/IP networks differ from the requirements for wireless networks, e.g., due to other protocols being used and also since mobile-specific node behavior needs to be taken into account in order to maintain system consistency. Principles found in these types of systems are thus not directly applicable for security issues in the wireless networks air interface signaling protocols, if applicable at all.
In cases of intentional attacks it is important to be able to respond very quickly, which is rendered difficult when analysis of the impact of product modifications has to be performed, as well as designing of a modification, testing, and then releasing the product. Therefore, it would be desirable to be able to quickly deploy protection of wireless networks in a flexible manner, in particular for different types of issues that may arise, such as, e.g., various malicious attacks but also other anomalies that may occur. The mentioned patent publication provides a well-functioning solution for the particular problem addressed, but there is a desire and need for increased flexibility and protection of the signaling mechanisms interacting with the communication device.