The 911 emergency service belongs to one of the 16 critical infrastructure sectors in the United States. Distributed denial of service (DDoS) attacks launched from a mobile phone botnet pose a significant threat to the availability of this vital service. In this paper we show how attackers can launch several types of DDoS attacks from mobile phone botnets. In one of the attacks, which we demonstrate, the attacker has the botnet randomize all cellular identifiers while issuing emergency calls repeatedly. Since there exists legitimate unidentified emergency calls, and since the FCC requires such calls to be forwarded, the network and the emergency call centers cannot block these calls (technically and legally). To understand and verify the threat of DDoS attacks on 911, we explore the 911 infrastructure and implement different forms of the attack on a small cellular network. Finally, to quantify the threat, we simulate and analyze DDoS attacks on a model of current 911 infrastructure in the US. We found that with less than 6K bots (or $100K hardware), attackers can block emergency services in an entire state for days. We believe that this paper will assist the respective organizations in preventing possible 911-DDoS attacks in the future.
|Journal||IEEE Transactions on Dependable and Secure Computing|
|State||Published - 2020|