GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Similar documents
Chapter 3 GSM and Similar Architectures

Basics of GSM in depth

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

Communication Networks 2 Signaling 2 (Mobile)

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

GSM System Overview. Ph.D. Phone Lin.

Cellular Communication

Security of Cellular Networks: Man-in-the Middle Attacks

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

Information Technology Mobile Computing Module: GSM Handovers

Semi-Active GSM Monitoring System SCL-5020SE

Threat patterns in GSM system. Basic threat patterns:

Designing Authentication for Wireless Communication Security Protocol

Mobile Communications

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

Sniffer. J.DEEPTHI Associate Professor & HOD, Department of CSE,

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

Mobility and Security Management in the GSM System

GPRS security. Helsinki University of Technology S Security of Communication Protocols

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Integration of voice and data in an m-commerce situation

Security Management System of Cellular Communication: Case Study

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

Data and Voice Signal Intelligence Interception Over The GSM Um Interface

The GSM Standard (An overview of its security)

The GSM Standard (An overview of its security)

Please refer to the usage guidelines at or alternatively contact

3G TS V3.1.0 ( )

ETSI TS V7.1.0 ( )

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

Understanding Carrier Wireless Systems

Chapter 1 : Historical Background of Mobile Communications Early Systems (World War II)

GSM Open-source intelligence

EUROPEAN ETS TELECOMMUNICATION July 1998 STANDARD

Security functions in mobile communication systems

GPRS and UMTS T

Chapter 2 The 3G Mobile Communications

Mobile Security / /

GSM and Similar Architectures Lesson 13 GPRS

ETSI TS V6.4.0 ( )

GSM Mobility Management

E3-E4 (CM MODULE) CDMA x & EV-DO. For internal circulation of BSNL only

Signaling System 7 (SS7) By : Ali Mustafa

Security issues in mobile communications

WIRELESS SYSTEM AND NETWORKING

Talk 4: WLAN-GPRS Integration for Next-Generation Mobile Data Networks

GSM V8.0.0 ( )

Section 4 GSM Signaling BSSMAP

RF OPTIMIZATION FOR QUALITY IMPROVEMENT IN GSM NETWORK

Internal. GSM Fundamentals.

Last time?! Block 3: Lecture 1! Wireless networks! Ingredients 2: Antennas! Ingredients 1: Mobile Phones, PDAs & Co.! 20/05/14. Part 3: lecture 3!

Client Server Programming and GSM Networking Protocols (SS7 Signaling)

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

UMTS System Architecture and Protocol Architecture

ETSI ETR 341 TECHNICAL December 1996 REPORT

TELE4652 Mobile and Satellite Communication Systems

Mobile Security Fall 2013

DraftETSI EN V5.3.0 ( )

GSM Security Overview

JP-3GA (R99) Network Architecture

3G TS V3.6.0 ( )

ETSI TS V3.2.0 ( )

Short Message Service (SMS)

GSM & GPRS. Antti Siitonen. Head of Department, MSc (EE) T Telecommunications architectures

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Wireless and Mobile Network Architecture

City Research Online. Permanent City Research Online URL:

GSM and Mobile Telephony Trends

Remote Control of Devices by Means of GSM Network

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks

Publication of specifications for the mobile network interfaces offered by Wind

ETSI TS V1.1.1 ( )

General Packet Radio Service (GPRS) 13 年 5 月 17 日星期五

ETSI TS V6.2.0 ( )

EUROPEAN ETS TELECOMMUNICATION September 1994 STANDARD

Evolution from GSM to UMTS

Circuit switched network

Chapter 10: Wireless Networking. School of information science and Engineering, SDU

The Cellular Interceptor CC2800 Series

GSM System Protocol Architecture

Hands-On Modern Mobile and Long Term Evolution LTE

Technical description of international mobile roaming May 2010

Wireless Communications

TS-3GA (R99)v3.6.0 Serving GPRS Support Node SGSN - Visitors Location Register (VLR); Gs Interface Layer 3 Specification

Mobile forensics. SMS (Short Message Service) EMS, MMS, CBS

Traffic Link Redundancy

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: Volume 1 Issue 6 (July 2014)

Mobility: vocabulary

ETSI TS V3.4.0 ( )

ETSI TS V6.0.0 ( )

Transcription:

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 1

SYLLABUS GSM General architecture and interfaces of cellular system and the PSTN and Internet networks: BTS, MSC, Internetworking, user registers etc. 2

GROWTH OF GSM 1. Global System for Mobile Communications (GSM) is the most popular mobile phone system in the world, accounting for 70% of the world s digital mobile phones. 2. By 2016, there were more than a billion GSM mobile phones in use in over 168 countries. 3. One of GSM s key strength is its international roaming capability, giving consumers a seamless service in over 168 countries. 3

BRIEF HISTORY OF GSM 1. 1982: The European Conference of Post and Telecommunications Administrations (CEPT) formed a group called Group Spéciale Mobile (GSM) to develop a pan-european cellular system to replace the many existing incompatible cellular systems. 2. 1987: The GSM Memorandum of Understanding (MoU) by prospective telecommunication operators, agreeing to implement cellular networks, based on the GSM specifications. 3. 1991: Group Spéciale Mobile (GSM) was renamed to Global System for Mobile Communications (GSM). 4. 1992: The first commercial GSM service was launched. 4

KEY FEATURES OF GSM 1. International Roaming using a single subscriber numbering systems worldwide (IMSDN ). 2. Superior speech quality better than AMPS and DAMPS. 3. High level of security - user s information and communication are safe and secure 4. Universal and Inexpensive Mobile handsets 5. Longer talk time 6. Handles higher volume of calls at any one time compared to analogue networks 7. Introduction of new services call waiting, call forwarding, Short Message Service (SMS), GSM Packet Radio Service (GPRS) 8. Digital compatibility - easily interfaces with other digital networks i.e. Integrated Services Digital Network (ISDN) 5

GSM ARCHITECTURE (1) Mobile Station (MS) Base Station Subsystem (BSS) Network Subsystem (NSS) Fixed Network 6

GSM ARCHITECTURE - INTERFACES GSM has 9 physical and logical interfaces as follows: 1. Um: Connects the MS to the BTS 2. A-bis: Connects BTS to BSC 3. A: Connects BSC to MSC 4. B: Connects MSC to VLR 5. C : Connects MSC to HLR 6. D: Connects HLR to VLR 7. E: Connects MSC to other MSCs 8. H: Connects HLR to AUC 9. G: Connects VLR to other VLRs 7

BASE TRANSCEIVER STATION (BTS) 1. The Base Transceiver Station (BTS) manages the radio interface to the mobile station by performing functions such as: a) communication set-up and monitoring b) Channel Encryption; c) hand-over functions 2. The BTS is the radio equipment needed to service each cell in the network. 3. A group of BTSs are controlled by a single BSC. 8

BASE STATION CONTROLER (BSC) 1. Base Station Controller (BSC) provides the control functions and physical links between the MSC and BTS. 2. It is a high-capacity switch that provides functions such as a) handover, b) cell configuration, and c) Control of radio frequency (RF) power levels in base transceiver stations. 3. A number of BSCs are served by an MSC. 9

POWER MANAGEMENT Power control and management is essential in all telecommunications installations because the public has to use telephone: a) At times of emergency; b) To report power outage; c) Base stations are usually unattended d) Base stations are sometimes located in remote locations without reliable electricity supply e) The mobile phone must conserve power 10

MOBILE SWITCHING CENTRE Functions of the MSC: 1. Switching of voice and data traffic including maintenance functions; 2. Billing functions required for the MSs located in an MSC area; 3. Handover functions; 4. internetworking functions to communicate with other networks such as PSTN and ISDN. Billing 11

SUBSCRIBER IDENTITY MODULE (SIM) 1. The Subscriber Identity Module (SIM) provides the mobile phone with a unique identity and store and process security information. 2. The SIM stores: a) Personal Identification Number (PIN) b) Personal phone numbers c) Short messages d) Logs of dialled, received and missed numbers e) Security related information: i. The A3 authentication algorithm, ii. The A8 ciphering key generating algorithm, iii. The authentication key (KI) iv. International Mobile Subscriber Identity (IMSI). 3. The mobile station stores the A5 ciphering algorithm. 12

SIM CARD SIZES A smart card comes in three physical sizes: 1. Credit-card sized 2. Standard 25x15mm 3. micro SIM format (12x15 mm). 13

COMPONENTS OF A SIM CARD RAM: Size ranges from few hundred bytes to several megabytes CPU: Older models were 8-bit e.g. Motorola 6805 or Intel 8051. Today the norm is 16-bit. Java Card 3 based generation use 32-bit RISC processors. VCC - 1.8v, 3v, 5v ROM: Contains the smart cards core operating system and support libraries. Sizes ranges from 6-300 kbytes. EEPROM: Stores the card s file system. Typically sizes are from 4-64k Clock: 5-20 Mhz. Resets card and initiates the ATR (Answer-On-Reset) protocol Input/Output: Serial halfduplex 9.6-115kbps 14

BASE STATION SUBSYSTEM (BSS) The Base Station Subsystem (BSS) connects the user on a mobile phone with other landline or mobile users. It consists of the: 1. The Base Transceiver Station (BTS) is responsible for managing the air interface to the mobile station. 2. The Base Station Controller (BSC): is responsible for the control of the several BTS. It monitors each call and decides when to handover the call from one BTS to another, as well as manage radio frequencies allocated for the calls through the BTS. 15

NETWORK SUBSYSTEM (NSS) NSS is a complete exchange, with the following functions 1. Co-ordinating setting up calls to and from GSM users, 2. Routing calls from a fixed network to the GSM system, 3. Interconnecting the cellular network with the Public Switched Telephone Network (PSTN). 16

MOBILE SUBSCRIBER IDENTITIES (1) - IMSI International Mobile Subscriber Identity (IMSI) is a unique identity allocated to each mobile subscriber in every GSM or UMTS system. Mobile Country Code Mobile Subscriber Identity Mobile Network Code 17

THE HOME LOCATION REGISTER (HLR) The Home Location Register (HLR) stores information of all subscribers belonging to an area served by a MSC. It stores 1. IMSI, 2. Services subscribed by the user, 3. MS location 4. Encryption Key, K I and some other temporary data. Valid User? Entitled to which Services? Number? Location-Which cell? Encryption Key? 18

THE VISITOR LOCATION REGISTER (VLR) a) The Visitor Location Register (VLR) contains relevant information for all mobiles currently served by a Mobile Switching Centre(MSC). b) The data stored in the VLR is also stored in the HLR. c) In addition, it also stores the Temporary Mobile Subscriber Identity (TMSI), which is used for limited intervals to prevent the transmission of the IMSI via the air interface. d) The VLR supports the MSC during call establishment and authentication. Valid User? Entitled to which Services? Number? Location-Which cell? Encryption Key? 19

MOBILE SUBSRIBER IDENTITIES (1) - TMSI 1. Temporary Mobile Subscriber Identity (TMSI) is generated by the VLR and is used during paging instead of IMSI to protect subscriber from being identified and also make life more difficult to radio interface eavesdroppers. 2. The TMSI consists of 4 octets since it is stored in the SIM. 3. TMSI is related to the time when it is created in order to avoid double allocation. 20

THE EQUIPMENT IDENTITY REGISTER (EIR) 1. The Equipment Identity Register (EIR) stores all the International Mobile Equipment Identities (IMEI) of mobile equipment and their rights on the network. 2. The EIR maintains three lists: a) White list are permitted on the network b) Black list are blocked from the network. c) Gray list consists of faulty equipment that may pose a problem on the network but are still permitted to participate on the network. 3. The IMEI reveals the serial number of the mobile station, manufacturer, type approval and country of production and can be accessed from any phone by entering: *#06# Is the MS Stolen? Is the MS malfunction ing? 21

COMPOSITION OF THE IMEI NUMBER 1. Type Allocation Code (TAC). 8 digits in length. Includes manufacturer ID and type of equipment; 2. Serial Number (SNR) is a 6 digit individual serial number uniquely identifying each equipment within the TAC. 3. Spare digit: Checksum of the entire string. Sample TAGs iphone 5: 01-332700 Samsung Galaxy S2: 35-853704 35944405-7513431/01 35944505-7513438/01 Software Version SUMSUM SMART PHONE 22

WHAT IS THE PURPOSE OF IMEI? 1. Prevents subscribers masquerading 2. Enables law-enforcement agents to trace phone and hence individual movements 3. Used by law-enforcement agencies to track movements of people and for wiretapping of suspected criminals. 4. Enables operators to block certain terminal equipment for the purpose of: (i) Preventing theft (ii) Preventing malfunctioning equipment from using the network 23

THE AUTHENTICATION CENTER (AUC) 1. The Authentication Centre (AuC) is a database that keeps the following parameters: a) The K I, b) The A3 authentication algorithm, c) The A5 ciphering algorithm d) The A8 ciphering key generating algorithm. 2. AUC is responsible for creating the sets of triplets: a) Random numbers (RAND), b) Signed Response (SRES) and c) The Cipher key (K C ) 24

SECURITY MECHANISMS IN GSM The security mechanisms of GSM are implemented in Mobile Station, SIM card and Network as follows: 1. The Subscriber Identity Module (SIM) contains a) Personal Identification Number (PIN) b) The International Mobile Subscriber Identity (IMSI) c) the Individual Subscriber Authentication Key (K i ), d) the Cipher Key Generating Algorithm (A8), e) the Authentication Algorithm (A3), 2. The GSM handset (or MS) contains a) Ciphering Algorithm (A5) 3. The GSM network contains a) Encryption algorithms (A3, A5, A8) b) IMSI, c) Temporary Mobile Subscriber Identity (TMSI) d) Location Area Identity (LAI), e) Individual subscriber authentication key (K i ) PIN, IMSI Ki A3, A8 A5 A5, TMSI, Kc A3, A8, IMSI, Ki Set of Triplets (RAND, SRES, Kc) Sets of Triplets (RAND, SRES, K c ) 25

PURPOSE OF AUTHENTICATION 1. The GSM offers a mechanism for the authentication of subscriber identity. 2. The purpose of authentication, is to protect the network against unauthorized use. 3. It also protects GSM subscribers, by making it practically impossible for intruders to impersonate authorized users. 26

GSM NETWORK (MSC) MOBILE STATION SIM CARD GSM AUTHENTICATION (GENERAL) 1. The GSM network authenticates the identity of the subscriber through the use of a challenge-response mechanism. 2. The aim is to establish that the Ki stored in the AUC when first registering the subscriber is the same as that stored in the SIM card. 3. The process is as follows: 1. A 128-bit random number (RAND) is generated by the AUC and sent to the MS. 2. The MS computes the 32-bit signed response (SRES) based on the encryption of the random number (RAND) with the authentication algorithm (A3) using the individual subscriber authentication key (K i ). 3. The SIM card responds with signed response (SRES) and Cypher Key (K c ) 4. SRES is then transmitted to the network. 5. Upon receiving the signed response (SRES) from the subscriber, the GSM network repeats the calculation to verify the identity of the subscriber. MS sends Request For service 1. Authentication Request (RAND) 4. Authentication Response(SRES) RAND A3 Ki SRES, Kc 2. Run A3(RAND) 3. Response (SRES, Kc) 27

FLOW-CHART FOR THE GENERATION OF SRES XOR XOR XOR XOR 28

EXAMPLE OF AUTHENTICATION CODE 29

MONITOERING THE AUTHENTICATION PROCESS 30

AUTHENTICATION OF ROAMING MOBILE STATION Step1: MS enters a new visiting area and requests for service, an authentication request is sent to MSC first, where the request includes TMSI and LAI. Step2: After receiving the request, the new MSC uses the received TMSI to get the IMSI from the old MSC and then sends IMSI to HLR and AUC. Step3: Then, AUC generates n distinct sets of authenticating parameters {SRES, R, K c } and sends them to HLR which transmits them to the MSC. Step4: After receiving the sets of authenticating parameters, MSC keeps them in its own database and selects one set of them to authenticate the mobile station in subsequent calls and sends the selected R to MS. Step5: Once MS receives R from MSC, it computes SRES = A3(R, K i ) and the temporary session key K c = A8(R, K i ), respectively, where K i is fetched from the SIM card. Then the SRES is sent back to MSC. Step 6: Upon receiving SRES from MS, the MSC compares it with the corresponding SRES kept in its own database. If they are not the same, the authentication is failure and the MS is locked out. MS MSC HLR AUC (1) Request(TMSI,LAI) (5) R (6) SRES (2) IMSI (4) N sets{sres, R, Kc} (2) IMSI (3) N sets{sres, R, Kc} Authentication of a Roaming Phone 31

SUBSCRIBER IDENTITY CONFIDENTIALITY 1. The Temporary Mobile Subscriber Identity (TMSI) is used to ensure subscriber identity confidentiality. 2. TMSI is sent to the MS after the authentication. 3. The mobile station responds by confirming reception of the TMSI. 4. The TMSI is valid in the location area in which it was issued. TMSI Re-allocation Process 32

ENCRYPTION OF VOICE AND DATA 1. Encryption is used in the GSM air interface (Um Interface) to protect the confidentiality of data and signalling on the air interface. 2. Two algorithms are essentially involved in the encryption process; i.e a) The ciphering algorithm (A5) implemented in the MS and at the BTS. b) The cipher key generation algorithm (A8) implemented in the AuC and the SIM. Telephone Eavesdropping 33

FLOW DIAGRAM OF THE GSM SECURITY PROCESS 1. After the user has been authenticated, the MS and the BTS can start using encryption by applying the cipher key Kc. 2. Kc is generated using the individual key K i and a RAND by applying the A8 algorithm. 3. The SIM and the network both create the same value K c based on the RAND. 4. The K c itself is never transmitted over the air interface. AUC

ENCRYPTION & DECRYPTION IN GSM NETWORKS 1. After authentication, the MSC passes the cypher key kc to the BTS. 2. The MS and the BTS can now encrypt and decrypt data using the A5 algorithm and the Kc. 3. Kc is a 64 bit key which is not very strong, but provides enough protection to stop simple eavesdropping.

WHERE DO YOU GET A3, A5, A8 SOFTWARE?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback