Upload
james-ferguson
View
219
Download
0
Embed Size (px)
Citation preview
8/13/2019 Schneider-2011!03!15 GSM Overview
1/34
8/13/2019 Schneider-2011!03!15 GSM Overview
2/34
!'()(!! GSM Research 2
Overview
!( GSM *nfrastructure
2( Analysis of GSM
)( +ur o,n GSM net,or%
-( Security
-(! .ocali&ation
-(2 *MS*/Catcher
-() 0ncryption A'1!
8/13/2019 Schneider-2011!03!15 GSM Overview
3/34
!'()(!! GSM Research )
1. GSM Infrastructure
GSM is a cellular net,or%
.argest mobile net,or% ,orld ,ide
Subscriber vie,
/ Mobile Station3 Cell phone
3 S*M card
/ 4ase Station 5ransceiver 645S7
3 8rovides access to the net,or%over the air interface
3 Different fre9uency bands
GSM :'# 0GSM ;# DCS !:# 8CS !;
8/13/2019 Schneider-2011!03!15 GSM Overview
4/34
!'()(!! GSM Research -
1. GSM Infrastructure
+perator 1
8/13/2019 Schneider-2011!03!15 GSM Overview
5/34
!'()(!! GSM Research '
Overview
!( GSM *nfrastructure
2( Analysis of GSM
)( +ur o,n GSM net,or%
-( Security
-(! .ocali&ation
-(2 *MS*/Catcher
-() 0ncryption A'1!
8/13/2019 Schneider-2011!03!15 GSM Overview
6/34
!'()(!! GSM Research =
2. GSM Analysis
Analysis from the subscriber point of vie,/ 2?
3 Fle@ible soft,are radio
3 GSM signals can be captured(3 Data processing is done ,ith
airprobe(>)?
Nokia 3310
Universal Software Radio Peripheral (USRP)
[1] Gamm! http!""wamm#e"$amm"[%] USRP from &tts Resear'h! http!""www#etts#'om
[3] airproe! https!""svn#erlin#'''#de"proe'ts"airproe"
http://wammu.eu/gammu/http://www.ettus.com/https://svn.berlin.ccc.de/projects/airprobe/https://svn.berlin.ccc.de/projects/airprobe/http://www.ettus.com/http://wammu.eu/gammu/8/13/2019 Schneider-2011!03!15 GSM Overview
7/34!'()(!! GSM Research
2. GSM Analysis
8/13/2019 Schneider-2011!03!15 GSM Overview
8/34!'()(!! GSM Research :
2. GSM Analysis
Analysis from the provider point of vie,/ Access to a real/,orld GSM net,or% is hard to get(
/ 5herefore ,e have set up our o,n GSM net,or%
called RB/GSM(
/ Research net,or% for3 8laying ,ith the GSM topic in a meaningful ,ay
3 Statistics about user behavior ,ithin the net,or%
3 8ositioning of Mobile Station
3 GSM encryption A'1!
3 "hat information can1,ill be gathered by the
providerE
3 o, to protect the user in a GSM net,or%E
8/13/2019 Schneider-2011!03!15 GSM Overview
9/34!'()(!! GSM Research ;
Overview
!( GSM *nfrastructure
2( Analysis of GSM
)( +ur o,n GSM net,or%
-( Security
-(! .ocali&ation
-(2 *MS*/Catcher
-() 0ncryption A'1!
8/13/2019 Schneider-2011!03!15 GSM Overview
10/34!'()(!! GSM Research !
3. Our own GSM network
GSM net,or% RB/GSM/ Soft,are
3 +pen4SC>!?
+pen/Source soft,are implementation of a GSM
4ase Station Controller3 .CR>2?
3 Asteris%>)?
oice communication server for routing the calls
/ ard,are3 ip(access
8/13/2019 Schneider-2011!03!15 GSM Overview
11/34!'()(!! GSM Research !!
3. Our own GSM network
GSM net,or% RB/GSM
Some facts
) 45S
! 4SCMSC HI Asteris%
Databases HI SJ.
Connection to
/ S*8
/ *SD!?
[1] /smo'om--! http!""#osmo'om#or$" ,otorola 1%3
http://bb.osmocom.org/http://bb.osmocom.org/8/13/2019 Schneider-2011!03!15 GSM Overview
33/34
!'()(!! GSM Research ))
4.3 Encry"tion A)*1
Rainbo, 5ables/ Si&e !( 54
/ Calculated ,ith A5* graphic cards(
/ Available on the *nternet via bittorrent(
Attac% is based on %no,n plainte@t
/ Some signaling messages are %no,n both
unencrypted and encrypted(
/Session %ey $
ccan be calculated in seconds(
/ 8rivate %ey $ican not be calculated ,ith this
attac%( 4ut this is not necessary to decode the
encrypted data(
8/13/2019 Schneider-2011!03!15 GSM Overview
34/34
4.3 Encry"tion A)*1
GSM encryption is no longer secure BUT:More and more devices are using GSM
to transmit data(
/ Mobile 5A< for online ban%ing
5A< transmitted via SMS
/ ending machines
*nformation about the fill level
/ Rail,ay GSM
*nformation about the status of the train
/ Smart meter
*nformation about the electricity consumption
*s this really a good ideaE