fix bugs and full update

README.md

@@ -36,3 +36,55 @@
   ```
   https://github.com/tsgates/die
   ```
+
+### Index
+Abstract
+
+1. Introduction
+
+2. Overview of VoLTE
+  1. Cellular network architecture
+  2. Voice service over LTE network
+    - Signaling flow in LTE network, Bearer concept
+    - Call session mangaement (Register, INVITE flow )
+    - Dual stack implementation of VoLTE in devices (AP, CP)
+
+  3. VoLTE accounting policy
+    - Time-based charging.
+    - Unlimited talk within same operator network
+
+3. Problems in current VoLTE service
+  1. Analysis of VoLTE call
+    1. Analysis of call flow
+    2. Analysis of media channel
+  2. Hidden data channels
+    1. Direct communication
+    2. SIP tunneling
+    3. Media tunneling
+  3. Other threats
+    - UE
+    - P-GW
+    - IMS
+  4. Goal & Threat model
+    - Goal
+    - Threat model
+
+4. Exploiting hidden data channels
+  2. Implementation
+    1. Sending module
+    2. Receiving module
+  3. Measurement (Evaluation)
+    - channel measurement result
+
+5. Exploiting VoLTE mis-implementation
+  1. Vulnerability in UE
+    1. Permission model mismatch
+      - Denial of Call
+      - Overbilling
+  2. Vulnerability in P-GW
+    1. Direct Communication
+      - Free Video Call
+      - Call Spoofing
+  2. Vulnerability in IMS
+    1. No Authentication
+      - Call Spoofing

abstract.tex

@@ -7,6 +7,22 @@
 and infrastructure perspectives. We find that this dramatic shift opens up a
 number of new attack surfaces that have not been previously explored. To call
 attention to this matter, this paper presents a systematic security analysis.
+
+Unlike the traditional call setup, the VoLTE call setup is controlled and
+performed at the Application Processor (AP), using the SIP over IP. A legitimate
+user who has control over the AP can potentially control and exploit the call
+setup process to establish a VoLTE channel. This combined with the legacy
+accounting policy (e.g., unlimited voice and the separation of data and voice)
+leads to a number of free data channels. In the process of unveiling the free
+data channels, we identify a number of additional security problems of VoLTE
+implementations, which lead to serious exploits, such as caller spoofing,
+over-billing, and denial-of-service attacks. We identify the nature of these
+vulnerabilities and concrete exploits that directly result from the adoption of
+VoLTE. We also propose immediate countermeasures that can be employed to
+alleviate the problems. However, we believe that the nature of the problem calls
+for a more comprehensive solution that eliminates the root causes at mobile
+devices, mobile platforms, and the core network.
+%Finally, we present two fundamental solutions to the security issues of VoLTE.
 \\
 \\
 \\