Security Testing OpenGGSN: A Case Study

Esa Tikkala, Mikko Rapeli, Kaarina Karppinen, Hannu Honkanen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

As systems today are more and more reliant on the communication between different systems and their co-operation, network security is crucial for the overall security of the whole system. Although protocols themselves can be theoretically proven secure, it is the implementations and complete systems built upon them where the most security bugs reside. Traditional testing is not so effective in finding the security problems and checking the implementations for security problems requires a lot of effort and expertise. Security bugs are often found by doing unexpected things and looking for changes in system and environment behavior and additional side effects. These negative side effects are the main cause that prevents companies from running these tests in their real networks - requiring massive investments in parallel test networks. As security can never be absolute - not even with vigorous testing - additional precautions are advisable. A set of different testing tools will provide a better coverage of the tested system. System should be made more rugged and more difficult for the crackers and malicious programs to take advantage of. Adopting some metrics also helps in evaluation the security of the system and the testing coverage achieved. In this paper we illustrate the experiences of security testing OpenGGSN, an open source implementation of a Gateway GPRS Support Node (GGSN) that uses the GPRS tunneling protocol (GTP).
Original languageEnglish
Title of host publicationProceedings of the 6th Annual Security Conference
Place of PublicationWashington, DC
Pages50.1-50.10
Publication statusPublished - 2007
MoE publication typeA4 Article in a conference publication
Event6th Annual Security Conference 2007 - Las Vegas, NV, United States
Duration: 11 Apr 200712 Apr 2007

Conference

Conference6th Annual Security Conference 2007
Country/TerritoryUnited States
CityLas Vegas, NV
Period11/04/0712/04/07

Keywords

  • information security
  • security testing
  • OpenGGSN
  • GTP

Fingerprint

Dive into the research topics of 'Security Testing OpenGGSN: A Case Study'. Together they form a unique fingerprint.

Cite this