cis 6930 cellular and mobile network security cdma umts
play

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air - PowerPoint PPT Presentation

Jan 20, 2023 •109 likes •337 views

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

  1. CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research

  2. UMTS and CDMA 3G technology - major change from GSM (TDMA) • Based on techniques originally employed by Verizon (IS-95) • Signal is encoded so that it can be recovered from “noise” (other signals) • Florida Institute for Cybersecurity (FICS) Research 2

  3. New Considerations Technology differences • Power control • Frequency re-use & handoffs • Number of users • Modulation (Phase Shift Keying) • Traffic differences • What is the primary difference between 2G and 3G? • Florida Institute for Cybersecurity (FICS) Research 3

  4. Code Division Multiple Access • used in several wireless broadcast channels (cellular, satellite, etc) standards • unique “code” assigned to each user; i.e., code set partitioning • all users share same frequency, but each user has own “chipping” sequence (i.e., code) to encode data • encoded signal = (original data) X (chipping sequence) • decoding: inner-product of encoded signal and chipping sequence • allows multiple users to “coexist” and transmit simultaneously with minimal interference (if codes are “orthogonal”) • What does it mean for two vectors to be orthogonal? Florida Institute for Cybersecurity (FICS) Research 4

  5. CDMA Encode/Decode channel output Z i,m Z i,m = d i . c m d 0 = 1 data 1 1 1 1 1 1 1 1 bits d 1 = -1 - - 1 - - - - - - 1 1 1 1 1 1 1 sender 1 1 1 slot 0 1 1 1 1 slot 1 1 channel channel code - output - - - 1 1 1 1 - output - - - 1 1 1 1 slot 1 slot 0 M D i = Σ Z i,m . c m m=1 M 1 1 1 1 1 1 1 1 received d 0 = 1 input - - 1 - - - - - - 1 1 1 1 1 1 1 d 1 = -1 1 1 1 1 1 1 1 1 slot 0 slot 1 channel channel code - - - - 1 - 1 1 1 - 1 - 1 - 1 1 output output receiver slot 1 slot 0 Florida Institute for Cybersecurity (FICS) Research 5

  6. CDMA: two-sender interface Florida Institute for Cybersecurity (FICS) Research 6

  7. CDMA Benefits Higher capacity • interference limited = high efficiency • uses voice activity detection to reduce transmission bandwidth • Improved quality • soft handoff • CDMA has frequency, spatial, and time diversity to adapt to errors • Ease of deployment • no frequency planning; frequency reuse = 1 • Increased talk time • power control ensures that the UE transmits at optimum power, resulting in longer battery life. • Florida Institute for Cybersecurity (FICS) Research 7

  8. CDMA Privacy Given that all signals look like noise unless you have the despreading • sequence, what sort of privacy does CDMA offer? Ideally, you should get a 2 N search space... • Zhang et al. show that the IS-95 long code of 42 bits can be cracked by • capturing 42 frames and solving 42 linear equations Break takes approximately 840 ms. • What is the security implication? • Florida Institute for Cybersecurity (FICS) Research 8

  9. Universal Mobile Telecommunications System: UMTS Specifications: • Frequencies: 700, 850, 900, 1700, 1900, 2100 MHz (5 MHz channels) • worldwide; FDD Chipping codes: up to 512 bits • Power control: up to1500x per second • Time division: 10 ms frames, 1 frame = 15 time slots • Borrows extensively from GSM protocols • Major changes: • CDMA Technology: Channel structure/handoffs/power control • Security -- increased use of cryptographic constructions • Data infrastructure • Florida Institute for Cybersecurity (FICS) Research 9

  10. Entities: New names, old faces UE = User Equipment • Node-B • RNC = Radio Network Controller • BSC RNC MS BTS UE Node-B BTS BTS Node-B Node-B Florida Institute for Cybersecurity (FICS) Research 10

  11. Channels: Old & New GSM UMTS BCCH BCCH PCH PCH AGCH AICH SDCCH DCCH TCH DTCH RACH RACH SCH SCH CCCH CCCH Florida Institute for Cybersecurity (FICS) Research 11

  12. Channel Types Logical: defines a logical task or use in the network • Transport: defines the way logical data is prepared • Physical: defines the actual channel (i.e. chipping code) used to transmit data • Florida Institute for Cybersecurity (FICS) Research 12

  13. Logical Channels Broadcast Control Channel (BCCH): Provides • common information about the cell to UEs. Paging Control Channel (PCCH): Provides • information about incoming calls and how to listen for them. Dedicated Control Channel (DCCH): A two- • way assigned channel that carries control information to and from a single UE. Common Control Channel (CCCH): A two- • way shared channel that carries control information. Dedicated Traffic Channel (DTCH): A two- • way assigned channel that carries traffic to and from a single UE. Florida Institute for Cybersecurity (FICS) Research 13

  14. Transport Channels Dedicated Transport Channel (DCH): carries data to and from a specific UE • Broadcast Channel (BCH): Broadcasts network and cell information • Forward Access Channel (FACH): Carries control information to UEs for shared channels. • Random Access Channel (RACH): Carries channel requests to the network from the UE. • Paging Channel (PCH): Carries incoming call alerts. • Uplink Common Packet Channel (CPCH): 
 • Carries packet data to the network. Downlink Shared Channel (DSCH): Carries 
 • packet data to the UE. Florida Institute for Cybersecurity (FICS) Research 14

  15. Physical Channels: Signaling Forward (to UE): • Primary Common Control Physical Channel (PCCPCH): Carries the BCH • Secondary Common Control Physical Channel (SCCPCH): Carries the FACH and the PCH • Synchronization Channel (SCH): Synchronizes time with the network • Common Pilot Channel (CPICH): Informs the user of the Primary Scrambling Code (PSC) • Acquisition Indicator Channel (AICH): Used to carry dedicated channel assignments to UEs • Paging Indication Channel (PICH): Provides the UE with information about how pages are sent. This • informs the UE how often to wake up and listen for pages. Reverse (to Node-B): • Physical Random Access Channel (PRACH): Carries the RACH • Florida Institute for Cybersecurity (FICS) Research 15

  16. Physical Channels: Traffic Bi-Directional: • Dedicated Physical Data Channel (DPDCH): Carries a DCH • Dedicated Physical Control Channel (DPCCH): Carries control information (e.g., identifiers, power • control) Forward (to UE): • Physical Downlink Shared Channel (PDSCH): carries packet data to a UE. • CPCH Status Indication Channel (CSICH): Indicates the status of the CPCH • Collision Detection/Channel Assignment Indication Channel 
 • (CD/CA-ICH): Indicates if data sent over the CPCH has been successfully received or if a collision occurred. Reverse (to Node-B): • Physical Common Packet Channel (PCPCH): Carries the CPCH • Florida Institute for Cybersecurity (FICS) Research 16

  17. How a connection is made SCH • CPICH • PCCPCH • Synchronize Time (SCH) Acquire PSC (CPICH) Acquire cell information (PCCPCH) Node-B UE Florida Institute for Cybersecurity (FICS) Research 17

  18. How a call is sent/received DPDCH (DCCH & DTCH) + DPCCH • Page sent over PCH (SCCPCH) Page response over RACH (PRACH) Chipping & scrambling code assigned (AICH) Authentication over DCCH (DPDCH + DPCCH) Call connect over DTCH (DPDCH + DPCCH) Node-B UE Florida Institute for Cybersecurity (FICS) Research 18

  19. Mappings Source: http://www.authorstream.com/Presentation/3627946-387767-wcdma-air-interface-fundamentals-science-technology-ppt-powerpoint/ • Florida Institute for Cybersecurity (FICS) Research 19

  20. Spreading Codes Orthogonal Variable Spreading Factor (OVSF) vs scrambling codes • OVSF codes are typical chipping/spreading codes • Scrambling codes can be multiplied into OSVF codes to provide more • user channels Long vs. short codes • Uplink: code lengths up to 256 (+ 16.8 M scrambling codes) • Downlink: code lengths up to 512 • Why are these numbers different? • Florida Institute for Cybersecurity (FICS) Research 20

  21. Power Control CDMA provides optimal performance when all signals are received at • approximately the same strength. When a DTCH is assigned, the Node-B sends reports of the RSS (received • signal strength) to the UE, alerting it at what power to transmit. Power control commands sent up to 1500 times per second • Florida Institute for Cybersecurity (FICS) Research 21

  22. Handoffs 4 types: hard, soft, softer, network (2G 3G) • Soft handoff overview: • Frequency reuse = 1 • UE will receive signal from multiple 
 • Node-Bs. Extract signals of old and new tower 
 • simultaneously using different chipping 
 codes. Remain connected to old Node-B until re-registered with new Node-B • Florida Institute for Cybersecurity (FICS) Research 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

1.13k views • 40 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
Optimizing base station location and configuration in 3G cellular (UMTS) networks Edoardo Amaldi

Optimizing base station location and configuration in 3G cellular (UMTS) networks Edoardo Amaldi

Optimizing base station location and configuration in 3G cellular (UMTS) networks Edoardo Amaldi Antonio Capone Dipartimento di Elettronica e Informazione Federico Malucelli Outline 1) Network planning for UMTS systems with CDMA interface

457 views • 30 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 16

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 16

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 16 March 2020 1 WHAT IS UMTS? /01 1. The U niversal M obile T elecommunications S ystem (UMTS) is a third generation mobile cellular system for networks

688 views • 13 slides
192620010 Mobile & Wireless Networking Lecture 5: Cellular Systems (UMTS / LTE) (1/2)

192620010 Mobile & Wireless Networking Lecture 5: Cellular Systems (UMTS / LTE) (1/2)

192620010 Mobile & Wireless Networking Lecture 5: Cellular Systems (UMTS / LTE) (1/2) [Schiller, Section 4.4] Geert Heijenk Mobile and Wireless Networking 2013 / 2014 Outline of Lecture 5 Cellular Systems (UMTS / LTE) (1/2) q

660 views • 33 slides
3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless Network Evolution First Generation : Analog AMPS: Advance Mobile Phone Systems Residential cordless phones Second Generation : Digital

584 views • 40 slides
TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 04 June 2018 1 WHAT

TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 04 June 2018 1 WHAT

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM (UMTS) ECE 2526 MOBILE COMMUNICATION Monday, 04 June 2018 1 WHAT IS UMTS? 1. The U niversal M obile T elecommunications S ystem (UMTS) is a third generation mobile cellular system for networks

162 views • 12 slides
Cellular Protocols for Mobile Internet GPRS, EDGE, UMTS, HSPA demystified Harald Welte

Cellular Protocols for Mobile Internet GPRS, EDGE, UMTS, HSPA demystified Harald Welte

Evolution of cellular networks GSM / GPRS / EDGE UMTS / HSDPA / HSUPA Cellular Protocols for Mobile Internet GPRS, EDGE, UMTS, HSPA demystified Harald Welte <laforge@gnumonks.org> gnumonks.org OpenBSC OsmocomBB hmw-consulting.de

496 views • 36 slides
192620010 Mobile & Wireless Networking Lecture 6: Cellular Systems (UMTS / LTE) (2/2) &

192620010 Mobile & Wireless Networking Lecture 6: Cellular Systems (UMTS / LTE) (2/2) &

192620010 Mobile & Wireless Networking Lecture 6: Cellular Systems (UMTS / LTE) (2/2) & Other systems [Reader, Part 5] [Optional: Schiller, Section 4.2, 4.3, 5, 6] Geert Heijenk Mobile and Wireless Networking 2013 / 2014 Outline of

511 views • 27 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
UMTS ARCHITECTURE ECE 2526 MOBILE COMMUNICATIONS Monday, 16 March 2020 1 REVIEW - BLOCK

UMTS ARCHITECTURE ECE 2526 MOBILE COMMUNICATIONS Monday, 16 March 2020 1 REVIEW - BLOCK

UMTS ARCHITECTURE ECE 2526 MOBILE COMMUNICATIONS Monday, 16 March 2020 1 REVIEW - BLOCK DIAGRAM OF GSM MOBILE STATION UMTS ARCHITECTURE CORE NETWORK (CN) USER EQUIPMENT (UE) 1.HLR RADIO NETWORK SUBSYSTEM (RNS) OR 2.VLR 1.

566 views • 27 slides
Distributed Scalar Quantizers for Subband Allocation John MacLaren Walsh Bradford D. Boyle

Distributed Scalar Quantizers for Subband Allocation John MacLaren Walsh Bradford D. Boyle

Distributed Scalar Quantizers for Subband Allocation John MacLaren Walsh Bradford D. Boyle Steven Weber jwalsh@coe.drexel.edu bradford@drexel.edu sweber@coe.drexel.edu odeling Modeling & Analysis of Networks Laboratory &

506 views • 25 slides
Refinements for Session-typed Concurrency Josh Acay & Frank Pfenning May 4, 2016 1

Refinements for Session-typed Concurrency Josh Acay & Frank Pfenning May 4, 2016 1

Refinements for Session-typed Concurrency Josh Acay & Frank Pfenning May 4, 2016 1 Message-passing Concurrency Processes represented as nodes Channels between processes as edges Each channel is provided by a specific

777 views • 22 slides
Wireless Networks In-the-Loop gr-winelo A GNU Radio Network Emulator Nico Otterbach and

Wireless Networks In-the-Loop gr-winelo A GNU Radio Network Emulator Nico Otterbach and

The Idea Basic Principles and Implementation Channel Models Outlook Wireless Networks In-the-Loop gr-winelo A GNU Radio Network Emulator Nico Otterbach and Gerald Baier Nico Otterbach and Gerald Baier Wireless Networks In-the-Loop The

1.1k views • 26 slides
Opportunistic Secret Communication Zang Li Advisors: Wade Trappe, Roy Yates WINLAB Research

Opportunistic Secret Communication Zang Li Advisors: Wade Trappe, Roy Yates WINLAB Research

Opportunistic Secret Communication Zang Li Advisors: Wade Trappe, Roy Yates WINLAB Research Review, Rutgers University May19, 2009 1 Wireless New Security Challenges Open medium: eavesdropping & jamming Traditional approach:

746 views • 27 slides
Auctioning based Coordinated TV White Space Spectrum Sharing for Home Networks Saravana

Auctioning based Coordinated TV White Space Spectrum Sharing for Home Networks Saravana

Auctioning based Coordinated TV White Space Spectrum Sharing for Home Networks Saravana Manickam, Mahesh K. Marina Sofia Pediaditaki Maziar Nekovee University of Edinburgh Intel Labs Samsung Thursday, 11 July 13 1 TV White

307 views • 20 slides
Wild Card ATLAS Haichen Wang University of California, Berkeley Lawrence Berkeley National

Wild Card ATLAS Haichen Wang University of California, Berkeley Lawrence Berkeley National

Wild Card ATLAS Haichen Wang University of California, Berkeley Lawrence Berkeley National Laboratory On behalf of the ATLAS Collaboration 54 th Rencontres de Moriond Electroweak Interactions and Unified Theories 17 March 2019 Measurement of

523 views • 25 slides
RELEASING TIME TO CARE TEAMS CALL WEDNESDAY, MAY 14, 2014 What Well Cover Today 1)

RELEASING TIME TO CARE TEAMS CALL WEDNESDAY, MAY 14, 2014 What Well Cover Today 1)

RELEASING TIME TO CARE TEAMS CALL WEDNESDAY, MAY 14, 2014 What Well Cover Today 1) Introduction to WebEx 2) Roles & responsibilities 3) Setting up a Steering Committee 4) Developing your communications plan 5) Getting ready 6) Planning

563 views • 11 slides
Scan Matching Overview Problem statement: n Given a scan and a map, or a scan and a scan, or a

Scan Matching Overview Problem statement: n Given a scan and a map, or a scan and a scan, or a

Scan Matching Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Scan Matching Overview Problem statement: n Given a scan and a map, or a scan and a scan, or a map and a map, find the

831 views • 50 slides

More recommend