Study on the Femtocell Vulnerability Analysis Using Threat Modeling

위협 모델링 기법을 이용한 펨토셀 취약점 분석에 대한 연구

  • 김재기 (고려대학교 정보보호대학원 정보보호학과) ;
  • 신정훈 (국방과학연구소) ;
  • 김승주 (고려대학교 사이버국방학과/정보보호대학원)
  • Received : 2016.06.15
  • Accepted : 2016.07.26
  • Published : 2016.08.31


Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.


Grant : 자율주행 스마트자동 차용 이상징후 탐지 핵심기술개발

Supported by : 정보통신기술진흥센터


  1. K. S. Lee, W. H. Seok, Y. K. Song (ETRI), "The Current Status and Prospect of the Femtocell Market," 2012.
  2. IT donga, "Jammed data traffic fixer, Femtocell," 2012 [Internet],
  3. Borgaonkar, Ravishankar, Kevin Redon, and Jean-Pierre Seifert, "Security analysis of a femtocell device," Proceedings of the 4th International Conference on Security of Information and Networks, ACM, 2011.
  4. Alexey Osipov and Alexander Zaitsev, "ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN," Black Hat Las Vegas (2015).
  5. Shostack, Adam, "Threat modeling: Designing for security," John Wiley & Sons, 2014.
  6. Loren Kohnfelder and Praerit Garg, "The threats to our products," 1999 [Internet],
  7. Microsoft, "The STRIDE Threat Model," 2005 [Internet],
  8. Carnegie Mellon University Software Engineering Institute, "Octave," 2001 [Internet],
  9. Schiffman Mike, et al., "The Common Vulnerability Scoring System," National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup (2004).
  10. Brenda Larcom and Eleanor Saitta, "Trike" [Internet],
  11. STANDARDS NEW ZEALNAD, "AS/NZS ISO 31000:2009," 2009 [Internet],
  12. Tony UcedaVelez, Marco M. Morana. "Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis," John Wiley, 2015.
  13. Klockwork, "Threat Modeling for Secure Embedded Software," Security Innovation & Klockwork, White Paper, 2011.
  14. M. Deng, K. Wuyts et al., "A Privacy Threat Analysis Framework: Supporting the Elicitation and Fulfillment of Privacy Requirements," Journal of Requirements Engineering, Springer-Verlag, 2011.
  15. D. Parker, "Our Excessively Simplistic Information Security Model and How to Fix It," ISSA Journal, pp.12-21, July, 2010.
  16. Microsoft, "Evaluating Security Threats" [Internet],
  17. DistriNet Research Group, "LINDDUN privacy threat modeling," 2014 [Internet],
  18. Deng, Mina et al. "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements," Requirements Engineering, Vol.16, No.1 pp.3-32, 2011.
  19. Klocwork, "Threat Modeling for Secure Embedded Software," 2014 [Internet],
  20. CISCO, "Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update 2014-2019 White Paper," 2015 [Internet],
  21. I. S. Hwang, "Ultra-compact smart solutions led by evolution wireless network 'Femtocell'," NETWORK TIMES, 2011.07.
  22. GSM Association, "Security Issues in HNB Deployment," Technical report, July, 2008.
  23. 3GPP, "Security of Home Node B (HNB) / Home evolved Node B (HeNB)," 3GPP TS 33.320 v9.5.0, Mar., 2011.
  24. R. Rajavelsamy, Jicheol Lee, and Sungho Choi, "Towards security architecture for Home (evolved) NodeB: challenges, requirements, and solutions," in Security and Communication Networks, pp.471-481, April, 2011, John Wiley & Sons Ltd.
  25. Chan-Kyu Han, Hyoung-Kee Choi, and In-Hwan Kim, "Building Femtocell More Secure with Improved Proxy Signature," in Proceedings of Global Telecommunications Conference, GLOBECOM 2009. IEEE, November, 2009.
  26. Borgaonkar, Ravishankar, and Kevin Redon, "Femtocell Security," 2010.
  27. Borgaonkar, Ravishankar, Kevin Redon, and Jean-pierre Seifert, "Experimental Analysis of the Femtocell Location Verification Techniques," in Proceedings of the 15th Nordic Conference in Secure IT Systems, (NordSec. 2010.).
  28. Borgaonkar, Ravishankar, Nico Golde, and Kevin Redon, "Femtocells: a Poisonous Needle in the Operator's Hay Stack," Black Hat Las Vegas, 2011.
  29. Golde Nico, Kevin Redon, and Ravishankar Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications," NDSS, 2012.
  30. Faisal Bin Ubaid and Adil Yasin, "Brief Overview on Femtocell Architecture & its Threats," Journal of Information & Communication Technology, Vol.6, No.2, pp.27-32, Fall, 2012.
  31. Tom Ritter, Doug DePerry, and Andrew Rahimi, "I Can Hear You Now: Traffic Interception & Remote Mobile Phone Cloning," Black Hat Las Vegas, 2013.
  32. Alexey Osipov and Alexander Zaitsev, "ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN," Black Hat Las Vegas, 2015.
  33. Yuwei Zheng and Haoqi Shan, "Build a free cellular traffic capture tool with a vxworks based femoto," DEFCON, 2015.
  34. Netmanias, "LTE Network Architecture," 2011 [Internet],
  35. Netmanias, "Network Architecture for LTE and Wi-Fi Interworking," 2012 [Internet],
  36. Information and communications technology glossary, "HO Hand-Off, Handoff, Handover," 2011 [Internet],
  37. Hansol Inticube, "IPLS" [Internet],
  38. CRESTEL, "Crestel CGF - Charging Gateway Function -Overview," [Internet],
  39. Information and communications technology glossary, "IMS (IP Multimedia Subsystem)" [Internet],
  40. Daniel Miessler, "IoT Attack Surfaces," DEFCON, 2015.
  41. Common Vulnerabilities and Exposures, "CVE-2013-2270" [Internet],
  42. Brassil, Jack, et al., "Authenticating Location with Femtocells," submitted for publication, 2012.
  43. Arapinis, Myrto, et al., "New privacy issues in mobile telephony: fix and verification," Proceedings of the 2012 ACM Conference on Computer and Communications Security, ACM, 2012.
  44. The MITRE Corporation, "CAPEC CATEGORY: Software" [Internet],
  45. The MITRE Corporation, "CAPEC CATEGORY: Hardware" [Internet],
  46. OWASP, "OWASP Internet of Things Project" [Internet],
  47. The MITRE Corporation, "CAPEC CATEGORY: Physical Security" [Internet],
  48. OWASP, "OWASP Top Ten Cheat Sheet" [Internet],
  49. SANS, "CWE/SANS TOP 25 Most Dangerous Software Errors" [Internet],
  50. 3GPP, "Service requirements for Home Node B (HNB) and Home eNode B (HeNB) TS 22.220 v13.0.0," 2016.
  51. 3GPP, "Security of Home Node B (HNB) / Home evolved Node B (HeNB). Technical Speci cation, TS 33.320 v12.1.0," 2014.
  52. 3GPP, "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security of H(e)NB (Release 8), 3GPP TR 33.820 v8.3.0," 2009.
  53. 3GPP, "Architecture aspects of Home Node B (HNB) / Home enhanced Node B (HeNB) TR 23.830 v9.0.0," 2009.