Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2010: Security and Privacy in Communication Networks pp 125–143Cite as

Characterizing the Security Implications of Third-Party Emergency Alert Systems over Cellular Text Messaging Services

  • Conference paper

Abstract

Cellular text messaging services are increasingly being relied upon to disseminate critical information during emergencies. Accordingly, a wide range of organizations including colleges, universities and large metropolises now partner with third-party providers that promise to improve physical security by rapidly delivering such messages. Unfortunately, these products do not work as advertised due to limitations of cellular infrastructure and therefore provide a false sense of security to their users. In this paper, we perform the first extensive investigation and characterization of the limitations of an Emergency Alert System (EAS) using text messages as a security incident response and recovery mechanism. Through the use of modeling and simulation based on configuration information from major US carriers, we show emergency alert systems built on text messaging not only can not meet the 10 minute delivery requirement mandated by the WARN Act, but also potentially cause other legitimate voice and SMS traffic to be blocked at rates upwards of 80%. We then show that our results are representative of reality by comparing them to a number of documented but not previously understood failures. Finally, we discuss the causes of the mismatch of expectations and operational ability and suggest a number of techniques to improve the reliability of these systems. We demonstrate that this piece of deployed security infrastructure simply does not achieve its stated requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andersen, D.: Mayday: Distributed Filtering for Internet Services. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS) (2003)

    Google Scholar 

  2. Anderson, T., Roscoe, T., Wetherall, D.: Preventing Internet Denial of Service with Capabilities. In: Proceedings of ACM HotNets (2003)

    Google Scholar 

  3. Argyraki, K., Cheriton, D.R.: Scalable Network-layer Defense Against Internet Bandwidth-Flooding Attacks. ACM/IEEE Transactions on Networking (TON) (2009)

    Google Scholar 

  4. Blons, S.: Emergency team aids efforts (2007), http://graphic.pepperdine.edu/special/2007-10-24-emergencyteam.htm

  5. Casado, M., Cao, P., Akella, A., Provos, N.: Flow Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks. In: Proceedings of the International Workshop on Quality of Service, IWQoS (2006)

    Google Scholar 

  6. Christensen, T.: Ga. Tech Building Cleared After Blast (2007), http://www.11alive.com/news/article_news.aspx?storyid=106112

  7. CollegeSafetyNet. Campus Alert, Campus Security, Emergency Warning, college safety Crisis notification, Reverse 911, Mass emergency notification, Emergency Alert System, Cell phone alerts, Email alerts, Text Message Alerts, Student warning system, Student notification, campus notification, and Mass notification at CollegeSafetyNet.com (2008), http://www.collegesafetynet.com/

  8. Courant.com. University Emergency SMS service doesn’t deliver, http://www.courant.com (November 13, 2007).

  9. Daly, B.K.: Wireless Alert & Warning Workshop, http://www.oes.ca.gov/WebPage/oeswebsite.nsf/ClientOESFileLibrary/Wireless%20Alert%20and%20Warning/file/ATT-OES-2

  10. e2Campus. Mass Notification Systems for College, University & Higher Education Schools by e2Campus: Info On The Go! (2008), http://www.e2campus.com/

  11. Elliott, A.-M.: Texters to experience 6 hour delays on New Year’s Eve (2007), http://www.pocket-lint.co.uk/news/news.phtml/11895/12919/palm-new-years-text-delay.phtml

  12. European Telecommunications Standards Institute. Analysis of the Short Message Service (SMS) and Cell Broadcast Service (CBS) for Emergency Messaging applications; Emergency Messaging; SMS and CBS. Technical Report ETSI TR 102 444 V1.1.1

    Google Scholar 

  13. Fall, K.: A Delay-Tolerant Network Architecture for Challenged Internets. In: Proceedings of the Conference on Applications, Technologies, Architectures and Protocols for Computer Communications, COMM (2003)

    Google Scholar 

  14. Ganosellis, L.: UF to test texting alerts after LSU glitch (2008), http://www.alligator.org/articles/2008/01/08/news/uf_administration/lsu.txt

  15. Geer, D.: Wireless victories. Wireless Business & Technology, 2005 (September 11, 2001)

    Google Scholar 

  16. Hedden, J.: Math::Random::MT::Auto - Auto-seeded Mersenne Twister PRNGs. Version 5.01, http://search.cpan.org/~jdhedden/Math-Random-MT-Auto-5.01/lib/Math/Random/MT/Auto.pm

  17. HTC Corporation. HTC Tattoo Specifications (2009) http://www.htc.com/europe/product/tattoo/specification.html

  18. Inspiron Logistics. Inspiron Logistics Corporation WENS - Wireless Emergency Notification System for Emergency Mobile Alerts (2008), http://www.inspironlogistics.com/

  19. Jain, S., Fall, K., Patra, R.: Routing in a Delay Tolerant Network. In: Proceedings of the Conference on Applications, Technologies, Architectures and Protocols for Computer Communications, COMM (2004)

    Google Scholar 

  20. Jaramillo, E.: UT director: Text alerts effective (2008), http://www.dailytexanonline.com/1.752094

  21. Keromytis, A., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proceedings of ACM SIGCOMM (2002)

    Google Scholar 

  22. Luders, C., Haferbeck, R.: The Performance of the GSM Random Access Procedure. In: Vehicular Technology Conference (VTC), pp. 1165–1169 (June 1994)

    Google Scholar 

  23. Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. Computer Communications Review 32(3), 62–73 (2002)

    Article  Google Scholar 

  24. Mahimkar, A., Dange, J., Shmatikov, V., Vin, H., Zhang, Y.: dFence: Transparent Network-based Denial of Service Mitigation. In: Proceedings of USENIX Networked Systems Design and Implementation (NSDI) (2007)

    Google Scholar 

  25. Maney, K.: Surge in text messaging makes cell operators, http://www.usatoday.com/money/2005-07-27-text-messaging_x.htm (July 27, 2005)

  26. McAdams, J.: SMS does SOS (2006), http://www.fcw.com/print/12_11/news/92790-1.html

  27. Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2), 39–53 (2004)

    Article  Google Scholar 

  28. National Communications System. SMS over SS7. Technical Report Technical Information Bulletin 03-2 (NCS TIB 03-2) (December 2003)

    Google Scholar 

  29. National Notification Network (3n). 3n InstaCom Campus Alert - Mass Notification for Colleges and Universities (2008), http://www.3nonline.com/campus-alert

  30. Nettles, C.: iPhone 3 to have Broadcom BCM4329, 802.11N/5GHzWireless, FM transmitter/receiver (2009), http://www.9to5mac.com/broadcom-BCM4329-iphone-802.11n-FM

  31. Nizza, M.: This is only a (text messaging) test (2007), http://thelede.blogs.nytimes.com/2007/09/25/this-is-only-a-text-messaging-test/?scp=5-sq=Emergency%20Text%20Messaging-st=cse

  32. Nyquetek, Inc. Wireless Priority Service for National Security (2002), http://wireless.fcc.gov/releases/da051650PublicUse.pdf

  33. Parno, B., Wendlandt, D., Shi, E., Perrig, A., Maggs, B.: Portcullis: Protecting Connection Setup from Denial of Capability Attacks. In: Proceedings of ACM SIGCOMM (2007)

    Google Scholar 

  34. Reverse 911. Reverse 911 - The only COMPLETE notification system for public safety (2008), http://www.reverse911.com/index.php

  35. Roam Secure (2008), http://www.roamsecure.net/

  36. shelbinator.com. Evacuate! Or Not (2007), http://shelbinator.com/2007/11/08/evacuate-or-not/

  37. Simon Fraser University. Special Report on the April 9th Test of SFU Alerts (2008), http://www.sfu.ca/sfualerts/april08_report.html

  38. Stavrou, A., Cook, D.L., Morein, W.G., Keromytis, A.D., Misra, V., Rubenstein, D.: WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks. Journal of Computer Networks, special issue on Web and Network Security 48(5), 781–807 (2005)

    Google Scholar 

  39. Stavrou, A., Keromytis, A.: Countering DOS Attacks With Stateless Multipath Overlays. In: Proceedings of ACM Conference on Computer and Communications Security (CCS) (2005)

    Google Scholar 

  40. The 109th Senate of the United States of America. Warning, Alert, and Response Network Act (2005), http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.1753:

  41. Traynor, P., Enck, W., McDaniel, P., La Porta, T.: Exploiting Open Functionality in SMS-Capable Cellular Networks. Journal of Computer Security (JCS) (2008)

    Google Scholar 

  42. Traynor, P., Enck, W., McDaniel, P., La Porta, T.: Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. IEEE/ACM Transactions on Networking (TON) 17 (2009)

    Google Scholar 

  43. Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., La Porta, T., McDaniel, P.: On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2009)

    Google Scholar 

  44. Traynor, P., McDaniel, P., La Porta, T.: On Attack Causality in Internet-Connected Cellular Networks. In: Proceedings of the USENIX Security Symposium (2007)

    Google Scholar 

  45. TXTLaunchPad. TXTLaunchPad provides Bulk SMS text message alerts to businesses, schools, and advertisers (2007), http://www.txtlaunchpad.com/

  46. Voice Shot. automated emergency alert notification call - VoiceShot (2008), http://www.voiceshot.com/public/urgentalert.asp?ref=uaemergencyalert

  47. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenkar, S.: DDoS Offense by Offense. In: Proceedings of ACM SIGCOMM (2006)

    Google Scholar 

  48. Wikipedia. Virginia Polytechnic Institute and State University (2008), http://en.wikipedia.org/wiki/Virginia_Tech

  49. Yang, X., Wetherall, D., Anderson, T.: TVA: A DoS-limiting Network Architecture. IEEE/ACM Transactions on Networking (TON) (2009)

    Google Scholar 

  50. Zho, W., Ammar, M., Zegura, E.: A message ferrying approach for data delivery in sparse mobile ad hoc networks. In: Proceedings of the International Symposium on Mobile Ad Hoc Networking & Computing, MOBIHOC (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Georgia Institute of Technology, USA

    Patrick Traynor

Authors
  1. Patrick Traynor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Institute for Infocomm Research, 1 Fusionopolis Way, 21-01 Connexis, 138632, South Tower, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Traynor, P. (2010). Characterizing the Security Implications of Third-Party Emergency Alert Systems over Cellular Text Messaging Services. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation