Evaluating the possibility to perpetrate tunneling attacks exploiting short-message-service

In the cyber-security context, tunneling systems are exploited to bypass network restrictions to com-municate outside of the targeted perimeter, without being detected. Such attacks represent a serious threat for the victim network, as they exploit legitimate protocols, encapsulating malicious payloads. In this paper, we design a tunneling architecture based on Short-Message-Service (SMS) and evaluate the possibility to adopt such communication medium for tunneling purposes. In order to evaluate the feasibility to set up an efficient SMS tunneling system, we perform some simulations, by varying both the payload size (from 10 Bytes to 1 MegaByte) and the SMS sending rate (up to 60 SMSs per minute). Results allow us to model the performance of a tunneling system, in terms of sending time. We derive indeed the underlying reference model through a mathematical analysis on the collected data. Results show that overall performance increases for an SMS sending rate greater or equal to 10 SMSs per minute, regardless of the message size.