Security of Cellular Networks: Man-in-the Middle Attacks

Size: px
Start display at page:

Download "Security of Cellular Networks: Man-in-the Middle Attacks"

Transcription

1 Security of Cellular Networks: Man-in-the Middle Attacks Mario Čagalj University of Split 2013/2014. Security in the GSM system by Jeremy Quirke, 2004

2 Introduction Nowadays, mobile phones are used by 80-90% of the world s population (billion of users) Evolution 1G: analog cellular networks 2G:digital cellular networks with GSM (Global System for Mobile Communications) beign the most popular and the most widely used standard (circuit switching) other 2G: technologies IS-95 CDMA based (US), PDC (Japan), etc. 2.5G:GPRS (General Packet Radio Service) packet switching 2.75G: EDGE faster data service 3G: UMTS (CDMA based), HSPA for data traffic (e.g., 5-10 Mbps) other 3G: CDMA2000 (US, S. Korea) 4G: LTE (OFDM based), peak data rates of 100Mbps GSM security specifications 2

3 Cellular Network Architecture A high level view Databases (e.g., Home Location Register) Mobile Station Base Station Mobile Switching Center External Network Cellular Network EPFL, JPH 3

4 Cellular Network Architecture Registration Process Nr: 079/ EPFL, JPH Tune on the strongest signal 4

5 Cellular Network Architecture Service Request 079/ / / / EPFL, JPH 5

6 Cellular Network Architecture Paging Broadcast(locating a particular mobile station in case of mobile terminated call) 079/ ? 079/ ? 079/ ? 079/ ? EPFL, JPH Note: paging makessenseonlyover a small area 6

7 Cellular Network Architecture Response 079/ / EPFL, JPH 7

8 Cellular Network Architecture Channel Assignement Channel 47 Channel 47 Channel 68 Channel 68 EPFL, JPH 8

9 Cellular Network Architecture Conversation EPFL, JPH 9

10 Cellular Network Architecture Handover (or Handoff) EPFL, JPH 10

11 Cellular Network Architecture Message Sequence Chart Caller Base Station Switch Base Station Callee Periodic registration Periodic registration Service request Service request Paging broadcast Page request Page request Paging broadcast Paging response Paging response Tune to Ch.47 Assign Ch. 47 Assign Ch. 68 Tune to Ch. 68 Ring indication Stop ring indication EPFL, JPH Ring indication Stop ring indication User response Alert tone User response 11

12 GSM System Architecture Based on Mobile Communications: Wireless Telecommunication Systems

13 Architecture of the GSM system GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard within each country components MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register) subsystems RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network 13

14 Please check GSM: overview NSS with OSS OMC, EIR, AUC HLR GMSC fixed network VLR MSC VLR MSC BSC BSC RSS 14

15 GSM: system architecture radio subsystem network and switching subsystem fixed networks MS MS MSC ISDN PSTN BTS BTS BSC EIR SS7 HLR BTS BTS BSS BSC MSC IWF VLR ISDN PSTN PSPDN CSPDN 15

16 System architecture: radio subsystem radio subsystem MS BTS BTS MS BSC network and switching subsystem MSC Components MS(Mobile Station) BSS(Base Station Subsystem): consisting of BTS(Base Transceiver Station): sender and receiver BSC(Base Station Controller): controlling several transceivers BTS BTS BSS BSC MSC 16

17 Radio subsystem The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers Components Base Station Subsystem (BSS): Base Transceiver Station (BTS): radio components including sender, receiver, antenna -if directed antennas are used one BTS can cover several cells Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels onto terrestrial channels Mobile Stations (MS) 17

18 GSM: cellular network segmentation of the area into cells possible radio coverage of the cell cell idealized shape of the cell use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells handover of the connection to the neighbor cell 18

19 System architecture: network and switching subsystem MSC network subsystem EIR fixed partner networks ISDN PSTN Components MSC(Mobile Services Switching Center) IWF(Interworking Functions) ISDN(Integrated Services Digital Network) PSTN(Public Switched Telephone Network) PSPDN(Packet Switched Public Data Net.) CSPDN(Circuit Switched Public Data Net.) SS7 MSC IWF HLR VLR ISDN PSTN PSPDN CSPDN Databases HLR(Home Location Register) VLR(Visitor Location Register) EIR(Equipment Identity Register) 19

20 Network and switching subsystem NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks, system control Components Mobile Services Switching Center (MSC) controls all connections via a separated network to/from a mobile terminal within the domain of the MSC -several BSC can belong to a MSC Databases (important: scalability, high capacity, low delay) Home Location Register (HLR) central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs) Visitor Location Register (VLR) local database for a subset of user data, including data about all user currently in the domain of the VLR 20

21 Mobile Services Switching Center The MSC (mobile switching center) plays a central role in GSM switching functions additional functions for mobility support management of network resources interworking functions via Gateway MSC (GMSC) integration of several databases 21

22 Operation subsystem The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems Components Authentication Center (AUC) generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system Equipment Identity Register (EIR) registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized Operation and Maintenance Center (OMC) different control capabilities for the radio subsystem and the network subsystem 22

23 Mobile Terminated Call Please check 1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN (roaming number) from VLR 6: forward responsible MSC to GMSC 7: forward call to current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection calling station PSTN 1 2 BSS HLR 3 6 GMSC BSS MS VLR MSC BSS

24 Mobile Originated Call 1, 2: connection request 3, 4: security check 5-8: check resources (free circuit) VLR 9-10: set up call PSTN 6 5 GMSC MSC 2 9 MS 1 10 BSS 24

25 Mobile Terminated and Mobile Originated Calls MS MTC paging request BTS MS MOC BTS channel request channel request immediate assignment immediate assignment paging response service request authentication request authentication request authentication response authentication response ciphering command ciphering command ciphering complete ciphering complete setup setup call confirmed call confirmed assignment command assignment command assignment complete assignment complete alerting alerting connect connect connect acknowledge connect acknowledge data/speech exchange data/speech exchange 25

26 Security in GSM Based on: Security in the GSM system by Jeremy Quirke The GSM Standard (An overview of its security) by SANS Institute InfoSec Reading Room Mobile Communications: Wireless Telecommunication Systems

27 SecurityServices in GSM Access control/authentication user <--x--sim (Subscriber Identity Module): secret PIN (personal identification number) SIM <--x-- network: challenge response method Confidentiality voice and signaling encrypted on the wireless link (after successful authentication) Anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update(lup) encrypted transmission 27

28 SecurityServices in GSM Authentication SIM (Subscriber Identity Module) card smartcard inserted into a mobiel phone contains all necessary details to obtain access to an account unique IMSI (International Mobile Subscriber Identity) K i -the individual subscriber authentication key(128bit, used to generate all other encryption and authentication keying GSM material) highly protected the mobile phone never learns this key, mobile only forwards any required material to the SIM known only to the SIM and network AUC (Authentication Center) SIM unlocked using a PIN or PUK authentication (A3 algorithm) and key generation (A8 algorithm) is performed in the SIM SIM contains a microprocessor 28

29 SecurityServices in GSM Authentication mobile network SIM K i RAND RAND RAND K i AC 128 bit 128 bit 128 bit 128 bit A3 SRES* 32 bit A3 SRES 32 bit SIM MSC SRES* =? SRES SRES 32 bit SRES K i : individual subscriber authentication key SRES: signed response 29

30 SecurityServices in GSM Authentication K c : Session encryption key generated together with SRES 30

31 SecurityServices in GSM Encryption mobile network (BTS) MS with SIM K i RAND RAND RAND K i AC 128 bit 128 bit 128 bit 128 bit SIM A8 A8 cipher key BTS K c 64 bit A5 data encrypted data K c 64 bit SRES data A5 MS 31

32 SecurityServices in GSM Authentication and Encryption A3 and A8 algorithms are both run in SIM at the same time on the same input (RAND, K i ) A3A8 = COMP128v1, COMP128v2, COMP123v3 (serious weaknesses known) not used in UMTS Encryption algorithm A5 symmetric encryption algorithm voice/data encryption performed by a phone using generated encryption key K c 32

33 SecurityServices in GSM Encryption A5 algorithms A5/0 no encryption used A5/1 and A5/2 developed far from public domain and later found flawed stream ciphers based on linear feedback shift registers A5/2 completely broken (not used anymore in GSM) A5/1 is a bit stronger but also broken by many researchers A5/3 is a block cipher based on Kasumi encryption algorithm used in UMTS, GSM, and GPRS mobile communications systems public and reasonably secure (at least at the moment) 33

34 SecurityServices in GSM Summary 34

35 SecurityWeaknesess in GSM A mobile phone does not authenticate the base station! only mobile authenticate to BS (one-way authentication) fake BS and man-in-the middle attacks possible attacker does not have to know authentication key K i A5/0 -No Encryption algorithm is a valid choicein GSM for voice, SMS, GPRS, EDGE services Many weaknesses in A5 family of encryption algorithms 35

36 SecurityWeaknesess in GSM 36

37 SecurityServices in GSM Anonymity Preventing eavesdropper (listening attacker) from determining if a particular subscriber is/was in the given area location privacy thanks to long ranges a very powerful attack attacker uses IMSI (International Mobile Subscriber Identity) IMSI Catchers To preserve location privacy GSM defines TMSI (Temporary Mobile Subscriber Identity) when a phone turned on, IMSI from SIM transmitted in clear to the AUC after this TMSI is assigned to this user for location privacy after each location update or a predefined time out, a new TMSI is assigned to the mobile phone a new TMSI is sent encrypted (whenever possible) VLR database contains mapping TMSI to IMSI 37

38 SecurityServices in GSM Anonymity 38

39 SecurityServices in GSM Anonymity 39

40 SecurityWeaknesess in GSM Attack Against the Anonymity Service GSM provisions for situation when the network somhow loses track of a particular TMSI in this case the network must ask the subscriber its IMSI over the radio link using the IDENTITY REQUEST and IDENTITY RESPONSE mechanism however, the connection cannot be encrypted if the network does not know the IMSI and so the IMSI is sent in plain text the attacker can use this to map known TMSI and unknown and user-specific IMSI 40

41 Countermeasures: UMTS UMTS defines 2-way authentication and mandates the use of stronger encryption and authentication primitives prevents MITM attacks by a fake BS, but be cautious... Still many reasons to worry about most mobiles support < 3G standards (GPRS, EDGE) when signal is bad, hard to supprot UMTS rates mobile providers already invested a lot of money and do not give up upon old BSS equippment femtocells 41

42 Many Reason to Worry About Your Privacy bile_tracking/ (check also hat.com%2fbh-dc-11%2fperez-pico%2fblackhat_dc_2011_perez- Pico_Mobile_Attacks-Slides.pdf 42

Chapter 3 GSM and Similar Architectures

Chapter 3 GSM and Similar Architectures CSF645 Mobile Computing 行動計算 Chapter 3 GSM and Similar Architectures 吳俊興 國立高雄大學資訊工程學系 Chapter 3 GSM and Similar Architectures 3.1 GSM Services and System Architecture 3.2 Radio Interfaces 3.3 Protocols

More information

Cellular Communication

Cellular Communication Cellular Communication Cellular Communication Cellular communication is designed to provide communications between two moving units, or between one mobile unit and one stationary phone or land unit (PSTN).

More information

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture GSM Architecture 1 GSM NETWORK INFRASTRUCTURE...2 2 NETWORK SWITCHING SUBSYSTEM (NSS)...3 2.1 Home Location Register...4 2.2 Mobile Switching Center and Visitor Location Register...4 2.3 Authentication

More information

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 1 SYLLABUS GSM General architecture and interfaces of cellular system and the PSTN and Internet networks: BTS, MSC, Internetworking,

More information

Last time?! Block 3: Lecture 1! Wireless networks! Ingredients 2: Antennas! Ingredients 1: Mobile Phones, PDAs & Co.! 20/05/14. Part 3: lecture 3!

Last time?! Block 3: Lecture 1! Wireless networks! Ingredients 2: Antennas! Ingredients 1: Mobile Phones, PDAs & Co.! 20/05/14. Part 3: lecture 3! 20/05/14 Last time? WiFi Block 3: Lecture 1 Part 3: lecture 3 Wireless s Speed and ranges and channels Specifications DCF mechanisms WiMax Mobile s Ingredients 1: Mobile Phones, PDAs & Co. Ingredients

More information

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

Pertemuan 7 GSM Network. DAHLAN ABDULLAH Pertemuan 7 GSM Network DAHLAN ABDULLAH Email : dahlan.unimal@gmail.com Contents GSM-Introduction Architecture Technical Specification & Operation Frame Structure Channels Call Routing Security Characteristics

More information

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD EUROPEAN ETS 300 522 TELECOMMUNICATION November 1996 STANDARD Third Edition Source: ETSI TC-SMG Reference: RE/SMG-030302PR2 ICS: 33.020 Key words: Digital cellular telecommunications system, Global System

More information

Mobile Communications

Mobile Communications Mobile Communications 3GPP Public Land Mobile Networks: GSM, GPRS Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto 1 What is the architecture of the GSM network network elements, interfaces,

More information

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS GSM Example of a PLMN (Public Land Mobile Network) At present most successful cellular mobile system (over 200 million subscribers worldwide) Digital (2 nd Generation) cellular mobile system operating

More information

Information Technology Mobile Computing Module: GSM Handovers

Information Technology Mobile Computing Module: GSM Handovers Information Technology Mobile Computing Module: GSM Handovers Learning Objectives Recap of previous modules Basic functions of Network Sub System Entities that form NSS namely MSC,GMSC,HLR and VLR Functions

More information

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013 Advanced Computer Networks 263-3501-00 Exercise Session 4 Qin Yin Spring Semester 2013 1 Administration If you haven't received any email about your submission We got your solutions for A1 & A2 About solutions

More information

Basics of GSM in depth

Basics of GSM in depth This document will be helpful for the telecom engineers who deal with GSM as well as for the fresher /interested readers. This document has some advantages over other GSM texts in that it quickly gets

More information

Communication Networks 2 Signaling 2 (Mobile)

Communication Networks 2 Signaling 2 (Mobile) Communication Networks 2 Signaling 2 (Mobile) Gusztáv Adamis BME TMIT 2017 GSM signaling Signaling of GSM is based on the ISDN signaling systems SS7/DSS1 But, because of mobility, roaming, radio access

More information

GSM System Overview. Ph.D. Phone Lin.

GSM System Overview. Ph.D. Phone Lin. GSM System Overview Phone Lin Ph.D. Email: plin@csie.ntu.edu.tw 1 Outlines Introduction GSM Architecture Location Tracking and Call Setup Security GSM Data Services Unstructured Supplementary Service Data

More information

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: ) E2-E3: CONSUMER MOBILITY CHAPTER-5 CDMA 2000 1x OVERVIEW (Date of Creation: 01-04.2011) Page: 1 CDMA 2000 1X Overview Introduction CDMA (code division multiple access) is a mobile digital radio technology

More information

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase UNIT-5 GSM System Operations (Traffic Cases) Registration, call setup, and location updating Call setup Interrogation phase For the interrogation phase The initial address message comes outside the GSM

More information

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION The most important part of any project i.e., implementation. It describes the various functionalities step by step under each module with their outputs.

More information

ETSI TS V7.1.0 ( )

ETSI TS V7.1.0 ( ) TS 100 522 V7.1.0 (2000-02) Technical Specification Digital cellular telecommunications system (Phase 2+); Network architecture (GSM 03.02 version 7.1.0 Release 1998) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS

More information

Rab Nawaz Jadoon. Cellular Systems - II DCS. Assistant Professor. Department of Computer Science. COMSATS Institute of Information Technology

Rab Nawaz Jadoon. Cellular Systems - II DCS. Assistant Professor. Department of Computer Science. COMSATS Institute of Information Technology Cellular Systems - II Rab Nawaz Jadoon DCS Assistant Professor COMSATS IIT, Abbottabad Pakistan COMSATS Institute of Information Technology Mobile Communication UMTS Architecture A UMTS network consist

More information

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper Traffic Simulation System Intersystem Handover Simulation White Paper Notice Every effort has been made to ensure that the information in this document was accurate at the time of printing. However, the

More information

Understanding Carrier Wireless Systems

Understanding Carrier Wireless Systems Understanding Course Description This course provides a detailed scope of modern mobile and cellular network technologies used for second generation, 2G+, 3G and 4G networks. It provides an understanding

More information

Mobility: vocabulary

Mobility: vocabulary What is mobility? spectrum of mobility, from the perspective: no mobility high mobility mobile wireless user, using same access point mobile user, connecting/ disconnecting from using DHCP. mobile user,

More information

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh. Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh. A Abstract-The current scenario in mobile networks is that

More information

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography. Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography T K Mohanta 1, R K Samantaray 2, S Panda 3 1. Dept.of Electronics & Communication.Engg, Sudhananda Engg & Research

More information

Mobility and Security Management in the GSM System

Mobility and Security Management in the GSM System IOSR Journal of Engineering (IOSRJEN) ISSN: 2250-3021 ISBN: 2878-8719 PP 13-18 National Symposium on engineering and Research Mobility and Security Management in the GSM System 1 Mr. Yogesh S. Amle 2 Mr.

More information

GSM Open-source intelligence

GSM Open-source intelligence GSM Open-source intelligence Kenneth van Rijsbergen 1 1 MSc System and Network Engineering Faculty of Science University of Amsterdam 30 June 2016 Kenneth van Rijsbergen University of Amsterdam GSM OSINT

More information

Signaling System 7 (SS7) By : Ali Mustafa

Signaling System 7 (SS7) By : Ali Mustafa Signaling System 7 (SS7) By : Ali Mustafa Contents Types of Signaling SS7 Signaling SS7 Protocol Architecture SS7 Network Architecture Basic Call Setup SS7 Applications SS7/IP Inter-working VoIP Network

More information

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #3 Telecom Security from 1G to 4G Basics of Telecom Security Different players in the mobile ecosystem have different security concerns Security concerns

More information

Chapter 2 The 3G Mobile Communications

Chapter 2 The 3G Mobile Communications Chapter 2 The 3G Mobile Communications 2.1 The Vision for Third Generation (3G) Mobile Communication Systems: The vision for the emerging mobile and personal communication services for the new century

More information

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN 7 Location Management Strategies in Mobile Networks Vivek Kumar Department of Computer Science & Engineering Graphic Era University, Dehradun, INDIA vivekror7@gmail.com Narayan Chaturvedi Department of

More information

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL GSM Hacking Wireless Mobile Phone Communication 30 th January 2014 Labs.mwrinfosecurity.com MWR Labs 1 Labs.mwrinfosecurity.com MWR Labs Introduction to GSM June 2008 2.9 BILLION subscribers use GSM. Replaced

More information

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013 Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session

More information

E1-E2 UPGRADATION COURSE CONSUMER MOBILITY. 3G Concept

E1-E2 UPGRADATION COURSE CONSUMER MOBILITY. 3G Concept E1-E2 UPGRADATION COURSE CONSUMER MOBILITY 3G Concept Page 1 CHAPTER-TWO 3 G CONCEPT UMTS and the information society Rapid advancements in Information and Communications Technology (ICT) have already

More information

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations Mobile Telephony Networks 1 The Evolution of Mobile Telephony 1st Generation 2nd 3rd 4th Analogue Voice

More information

JP-3GA (R99) Network Architecture

JP-3GA (R99) Network Architecture JP-3GA-23.002(R99) Network Architecture Version 3 May 14, 2001 THE TELECOMMUNICATION TECHNOLOGY COMMITTEE JP-3GA-23.002(R99) Network Architecture Remarks 1. Application level of English description Application

More information

Threat patterns in GSM system. Basic threat patterns:

Threat patterns in GSM system. Basic threat patterns: Threat patterns in GSM system Usage of mobile devices in business simpli es, speeds up and optimizes business processes. However, it is necessary to understand that the more complicated the device is the

More information

Chapter 1 : Historical Background of Mobile Communications Early Systems (World War II)

Chapter 1 : Historical Background of Mobile Communications Early Systems (World War II) Chapter 1 : Historical Background of Mobile Communications... 5 1.1. Early Systems... 6 1.1.1. 1921... 6 1.1.2. 1939 1944 (World War II)... 6 1.1.3. 1946... 6 1.1.4. PMR & PAMR (Private Mobile Radio &

More information

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2 COMP327 Mobile Computing Session: 2016-2017 Lecture Set 5 - Wireless Communication Part 2 51 SIM (Subscriber Identity Modules) Smart cards that are inserted into the GSM phone to identify the user Stores

More information

GSM and Similar Architectures Lesson 13 GPRS

GSM and Similar Architectures Lesson 13 GPRS GSM and Similar Architectures Lesson 13 GPRS 1 Two switching modes Circuit Switching Packet switching 2 Circuit switching A connection first sets up Then the entire data transmits through the path that

More information

3G TS V3.6.0 ( )

3G TS V3.6.0 ( ) Technical Specification 3 rd Generation Partnership Project; Technical Specification Group Services and Systems Aspects; Network architecture (Release 1999) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS R The

More information

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning Getting paid Prevent (limit) subscriber fraud Ensure accurate clearing with other operators Reduce churn Ensure

More information

ETSI ETR 109 TECHNICAL October 1993 REPORT

ETSI ETR 109 TECHNICAL October 1993 REPORT ETSI ETR 109 TECHNICAL October 1993 REPORT Source: ETSI TC-SMG Reference: GSM 09.01 ICS: 33.060.30 Key words: European digital cellular telecommunications system, Global System for Mobile communications

More information

3G TS V3.1.0 ( )

3G TS V3.1.0 ( ) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Organization of subscriber data () The present document has been developed within the 3 rd Generation

More information

Hands-On Modern Mobile and Long Term Evolution LTE

Hands-On Modern Mobile and Long Term Evolution LTE Hands-On LTE Course Description With 3G mobile technologies already rolled out by over 200 operators in over 80 countries, standards bodies, manufacturers and operators are looking towards the next generation

More information

GPRS and UMTS T

GPRS and UMTS T GPRS and UMTS T-110.2100 Global Packet Radio Service GPRS uses the time slots not used for circuit switched services Data rate depends on the availability of free time slots GPRS uses the multislot technique,

More information

Mobile Security / /

Mobile Security / / Mobile Security 96-835 / 18-639 / 14-829 Patrick Tague 2 Sept 2010 Class #4 Overview of Mobile/Cellular Systems Agenda Overview of mobile cellular systems System architecture and overview 2G, 2.5G, 2.75G,

More information

Security functions in mobile communication systems

Security functions in mobile communication systems Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts

More information

UMTS System Architecture and Protocol Architecture

UMTS System Architecture and Protocol Architecture UMTS System Architecture and Protocol Architecture Overview on overall system architecture UMTS network architecture and elements Mobile station High-level functions UMTS domains and strata UMTS/GPRS protocol

More information

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm. Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm. Garba S. (1), Abdu-Aguye U.-F., Raubilu A.A., Ibrahim Y. Department of Electrical and Computer Engineering,

More information

Evolution from GSM to UMTS

Evolution from GSM to UMTS 2 Evolution from GSM to UMTS Evolution is one of the most common terms used in the context of UMTS. Generally it is understood to mean the technical evolution, i.e. how and what kind of equipment and in

More information

RF OPTIMIZATION FOR QUALITY IMPROVEMENT IN GSM NETWORK

RF OPTIMIZATION FOR QUALITY IMPROVEMENT IN GSM NETWORK International Journal of Electrical Engineering & Technology (IJEET) Volume 6, Issue 8, Sep-Oct, 2015, pp.53-62, Article ID: IJEET_06_08_006 Available online at http://www.iaeme.com/ijeetissues.asp?jtype=ijeet&vtype=6&itype=8

More information

Data and Voice Signal Intelligence Interception Over The GSM Um Interface

Data and Voice Signal Intelligence Interception Over The GSM Um Interface ISSN (Online): 2394-3858 ISSN (Print): 2394-3866 International Journal of Research and Innovations in Science & Technology, SAINTGITS College of Engineering, INDIA www.journals.saintgits.org Research paper

More information

ETSI TS V3.6.0 ( )

ETSI TS V3.6.0 ( ) TS 123 002 V3.6.0 (2002-09) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Network Architecture (3GPP TS 23.002 version

More information

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne UNIK4230: Mobile Communications Spring Semester, 2015 Per Hj. Lehne per-hjalmar.lehne@telenor.com 916 94 909 Network Architecture and Functionality 5 February 2015 Contents Network Architecture Protocol

More information

ETSI TS V1.1.1 ( )

ETSI TS V1.1.1 ( ) TS 101 377-3-2 V1.1.1 (2001-03) Technical Specification GEO-Mobile Radio Interface Specifications; Part 3: Network specifications; Sub-part 2: Network Architecture; GMR-2 03.002 2 TS 101 377-3-2 V1.1.1

More information

GPRS security. Helsinki University of Technology S Security of Communication Protocols

GPRS security. Helsinki University of Technology S Security of Communication Protocols GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting

More information

Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach

Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach Chapter 7 Wireless and Mobile Networks Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 7-1 Background: # wireless (mobile) phone subscribers

More information

GSM Mobility Management

GSM Mobility Management GSM Mobility Management Phone Lin Ph.D. Email: plin@csie.ntu.edu.tw 1 Outlines Introduction GSM Location Update Basic Call Origination and Termination Procedures Mobility Databases Failure Restoration

More information

Cellular Networks and Mobility

Cellular Networks and Mobility Cellular Networks and Mobility Daniel Zappala CS 460 Computer Networking Brigham Young University Cellular Networks GSM 2G/3G Architecture 3/20 2G Standard 4/20 GSM: combined FDM/TDM divide into 200 khz

More information

ETSI TS V6.4.0 ( )

ETSI TS V6.4.0 ( ) TS 100 526 V6.4.0 (2000-06) Technical Specification Digital cellular telecommunications system (Phase 2+); Organization of subscriber data (GSM 03.08 version 6.4.0 Release 1997) GLOBAL SYSTEM FOR MOBILE

More information

Semi-Active GSM Monitoring System SCL-5020SE

Semi-Active GSM Monitoring System SCL-5020SE Semi-Active GSM Monitoring System SCL-5020SE Technology Introduction: GSM networks are most popular and widespread wireless communication media across the world, having a wide customer base in Europe and

More information

CSC 401 Data and Computer Communications Networks

CSC 401 Data and Computer Communications Networks CSC 401 Data and Computer Communications Networks Wireless Networks Cellular & Mobility Sec 7.4 7.8 Lina Battestilli 7.1 Introduction Wireless Chapter 7 Outline Wireless and Mobile Networks 7.2 Wireless

More information

ETSI ETR 341 TECHNICAL December 1996 REPORT

ETSI ETR 341 TECHNICAL December 1996 REPORT ETSI ETR 341 TECHNICAL December 1996 REPORT Source: ETSI DECT Reference: DTR/RES-03058 ICS: 33.020 Key words: DECT, GSM, DSS1, ISDN Radio Equipment and Systems (RES); Digital Enhanced Cordless Telecommunications/

More information

INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel

INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO GSM Security MAC 5743 - Computação Móvel Damian Matuszewski NR USP 7956955 dimatusz@gmail.com 12/07/2012 Abstract: GSM is the most common

More information

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same Lecture 26 802.11: mobility within same subnet H1 remains in same IP subnet: IP address can remain same switch: which AP is associated with H1? self learning (Ch. 5): switch will see frame from H1 and

More information

Designing Authentication for Wireless Communication Security Protocol

Designing Authentication for Wireless Communication Security Protocol Designing Authentication for Wireless Communication Security Protocol Ms. Roshni Chandrawanshi, Prof. Ravi Mohan, Mr. Shiv Prakash Chandrawanshi Abstract Security is considered an important issue for mobile

More information

Wireless and Mobile Network Architecture

Wireless and Mobile Network Architecture Wireless and Mobile Network Architecture Chapter 8: GSM Mobility Management Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Nov. 2006 1 Outline

More information

Wireless Communications

Wireless Communications Wireless Communications Lecture 6: Mobility Management Module Representive: Prof. Dr.-Ing. Hans D. Schotten schotten@eit.uni-kl.de Lecturer: Dr.-Ing. Bin Han binhan@eit.uni-kl.de Institute of Wireless

More information

Short Message Service (SMS)

Short Message Service (SMS) TECQUI Ayra M.-B. Short Message Service (SMS) Introduction Short message service is a mechanism of delivery of short messages over the mobile networks. It is a store and forward way of transmitting messages

More information

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications Royal Holloway, University of London, IC3 Network Security, 13 November 2006 Contents GSM and UMTS Security Introduction to mobile telecommunications Second generation systems - GSM security Third generation

More information

Evolution from GSM to UMTS (IMT-2000)*

Evolution from GSM to UMTS (IMT-2000)* Evolution from GSM to UMTS (IMT-2000)* MARIO BAUMGARTEN Siemens Ltda ICN Sao Paulo - BRAZIL * This presentation is a draft submitted by the author and the final version will be available at: http://www.itu

More information

Wireless Security Background

Wireless Security Background Wireless Security Background Wireless Networks The need for mobile computing Laptops, PDAs, Bluetooth devices Smart phones Enabling technology Wireless communication Two important characteristics Wireless

More information

UMTS Addresses and Identities Mobility and Session Management

UMTS Addresses and Identities Mobility and Session Management UMTS Addresses and Identities Mobility and Session Management - Numbering, addressing and location identities - UE modes - Mobility management - Session management and QoS Numbering, Addressing and Location

More information

Please refer to the usage guidelines at or alternatively contact

Please refer to the usage guidelines at  or alternatively contact Irving, Philip and Ochang, Pascal A (2016) Evolutionary Analysis of GSM, UMTS and LTE Mobile Network Architectures. World Scientific News, 54. pp. 27-39. ISSN 2392-2192 Downloaded from: http://sure.sunderland.ac.uk/7512/

More information

Wireless and Mobile Network Architecture

Wireless and Mobile Network Architecture Wireless and Mobile Network Architecture Chapter 2: Mobility Management Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Sep. 2006 1 Outline Introduction

More information

GSM and Mobile Telephony Trends

GSM and Mobile Telephony Trends Review Article AJTL 2018,1:4 American Journal of Transportation and Logistics (DOI:10.28933/AJTL) GSM and Mobile Telephony Trends Damilola Fowora*, Oludele Awodele, Olakunle Olayinka and Oyebode Aduragbemi

More information

CSC 4900 Computer Networks: Mobility

CSC 4900 Computer Networks: Mobility CSC 4900 Computer Networks: Mobility Professor Henry Carter Fall 2017 Last Time What is the hidden terminal problem? How do CDMA networks use spectrum differently than TDMA systems? What is a chipping

More information

Communication Systems for the Mobile Information Society

Communication Systems for the Mobile Information Society Communication Systems for the Mobile Information Society Martin Sauter Nortel Networks, Germany John Wiley Si Sons, Ltd Contents Preface List of Figures List of Tables List of Abbreviations xi xiii xix

More information

Advanced Computer Networks. WLAN, Cellular Networks

Advanced Computer Networks. WLAN, Cellular Networks Advanced Computer Networks 263 3501 00 WLAN, Cellular Networks Patrick Stuedi Spring Semester 2013 Oriana Riva, Department of Computer Science ETH Zürich Last week Medium Access COPE Today Last week Short

More information

Technical description of international mobile roaming May 2010

Technical description of international mobile roaming May 2010 Technical description of international mobile roaming May 2010 Prepared by the Ministry of Economic Development of New Zealand and the Department of Broadband, Communications and the Digital Economy of

More information

Mobility Chapter 5 Ad Hoc a Hoc nd S ensor Net r works rks Roger W r a W ttenhofer fe r 5/1

Mobility Chapter 5 Ad Hoc a Hoc nd S ensor Net r works rks Roger W r a W ttenhofer fe r 5/1 Mobility Chapter 5 Ad Hoc and Sensor Networks Roger Wattenhofer 5/1 Rating Area maturity First steps Text book Practical importance No apps Mission critical Theoretical importance Not really Must have

More information

Telecommunication Services Engineering Lab

Telecommunication Services Engineering Lab Logistics Instructor Office: EV006-227, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Friday: 3 pm 5 pm Time: Friday, 17h45-20h15 Room

More information

Client Server Programming and GSM Networking Protocols (SS7 Signaling)

Client Server Programming and GSM Networking Protocols (SS7 Signaling) Client Server Programming and GSM Networking Protocols (SS7 Signaling) Synopsis Getting the Right Knowledge to the Right People at the Right Time Our interactive, accelerated learning experience teaches

More information

Section 4 GSM Signaling BSSMAP

Section 4 GSM Signaling BSSMAP Section 4 GSM Signaling BSSMAP BSS management messages (BSSMAP) between MSC and BSS (BSC/ BTS), which are necessary for resource management, handover control, paging order etc. The BSSMAP messages can

More information

Telecommunication Services Engineering Lab

Telecommunication Services Engineering Lab Logistics Instructor Office: EV007-647, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Tuesday: 3 pm 5 pm Time: Usually: Tuesday, 17h45-20h15

More information

University of Agder Department of Information and Communication Technology EXAM

University of Agder Department of Information and Communication Technology EXAM University of Agder Department of Information and Communication Technology EXAM Course code: IKT 444 Course title: Mobile Communication Networks Date: Tuesday, 6 th December 2016 Duration: 09:00 13:00

More information

Mobile and Sensor Systems

Mobile and Sensor Systems Mobile and Sensor Systems Lecture 2: Mobile Medium Access Control Protocols and Wireless Systems Dr Cecilia Mascolo In this lecture We will describe medium access control protocols and wireless systems

More information

Security issues in mobile communications

Security issues in mobile communications University of Wollongong Research Online University of Wollongong Thesis Collection 1954-2016 University of Wollongong Thesis Collections 1994 Security issues in mobile communications Chenthurvasan Duraiappan

More information

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015 Defeating IMSI Catchers Fabian van den Broek et al. CCS 2015 Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL ckground 3GPP 3GPP 3 rd Generation Partnership Project Encompasses: GSM and related 2G

More information

No lecture on Thurs. Last homework will be out this week (not due, covers wireless) Extra office hours for next week and the week after.

No lecture on Thurs. Last homework will be out this week (not due, covers wireless) Extra office hours for next week and the week after. Administrivia No lecture on Thurs. Last homework will be out this week (not due, covers wireless) Extra office hours for next week and the week after. 1 CSMA/CA: Recap Sensing in wireless medium is limited

More information

Chapter 3. 3G Operational Issues. For internal circulation of BSNL only Page 1

Chapter 3. 3G Operational Issues. For internal circulation of BSNL only Page 1 Chapter 3 3G Operational Issues For internal circulation of BSNL only Page 1 3G Operational Issues Introduction The Mobile communication networks has evolved from basic GSM to GPRS, EDGE and now to UMTS.

More information

Introduction to Mobile Computing

Introduction to Mobile Computing Unit-1 Introduction: Mobile Communications, Mobile Computing Paradigm, Promises/Novel Applications and Impediments and Architecture; Mobile and Handheld Devices, Limitations of Mobile and Handheld Devices.

More information

Internal. GSM Fundamentals.

Internal. GSM Fundamentals. Internal GSM Fundamentals www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Chapter 1 GSM System Overview Chapter 2 GSM Network Structure Chapter 3 Service Area and Number Planning Chapter

More information

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID. 3001_05_2001_c1 2001, Cisco Systems, Inc. All rights reserved. 1 Introduction to IP Mobility Session 3001_05_2001_c1 2001, Cisco Systems, Inc. All rights reserved. 3 Agenda IP Mobility Overview Terminology

More information

Input ports, switching fabric, output ports Switching via memory, bus, crossbar Queueing, head-of-line blocking

Input ports, switching fabric, output ports Switching via memory, bus, crossbar Queueing, head-of-line blocking Last time Router internals Input ports, switching fabric, output ports Switching via memory, bus, crossbar Queueing, head-of-line blocking Mobility Home, visited s Home, foreign agents Permanent, care-of

More information

E3-E4 (CM MODULE) CDMA x & EV-DO. For internal circulation of BSNL only

E3-E4 (CM MODULE) CDMA x & EV-DO. For internal circulation of BSNL only E3-E4 (CM MODULE) CDMA 2000 1x & EV-DO WELCOME This is a presentation for the E3-E4 Technical (CM- Module)fortheTopic:CDMA20001x&EV-DO Eligibility: Those who have got the upgradation frome3toe4. This presentation

More information

The GSM Standard (An overview of its security)

The GSM Standard (An overview of its security) Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written

More information

Wireless Communication

Wireless Communication Wireless Communication Hwajung Lee Key Reference: Prof. Jong-Moon Chung s Lecture Notes at Yonsei University Wireless Communications Bluetooth Wi-Fi Mobile Communications LTE LTE-Advanced Mobile Communications

More information

TELE COMMUNICATIONS Objective Introduction Global System for Mobile Communication (GSM):

TELE COMMUNICATIONS Objective Introduction Global System for Mobile Communication (GSM): TELE COMMUNICATIONS Objective This unit discusses the telecommunications systems which includes the GSM, the GPRS, DECT. The basics of the Satellite networks, the Parameters and Configuration and Capacity

More information