cis 6930 cellular and mobile network security cellular
play

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking - PowerPoint PPT Presentation

Apr 03, 2023 •712 likes •1.13k views

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

  1. CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research

  2. The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute for Cybersecurity (FICS) Research 2

  3. Overview Evolution • Architecture • Air Interfaces • Network Protocols • Application: Messaging • Florida Institute for Cybersecurity (FICS) Research 3

  4. Cellular Systems Wireless Access • TDMA (IS-136, GSM) • CDMA (IS-95, CDMA2000) • WCDMA (UMTS) • Connection oriented networks for voice • PSTN (ISDN) • Packet overlay networks for data • General Packet Radio Service (GPRS) - GSM and UMTS • Enhanced Version Data “Optimized” (EVDO) - CDMA • Rebranded from “Data Only” • Signaling protocols • Signaling system number 7 (SS7) for voice and GPRS • IETF protocols for EVDO • Florida Institute for Cybersecurity (FICS) Research 4

  5. Wireless Standards Evolution to 4G 3G 4G Existing 1G 2G 700 MHz 2.5G 2.75G Spectrum Analog IS-95-A/ 
 IS-95-B/ 
 CDMA2000 1xRTT CDMA2000 AMPS cdmaOne cdmaOne 3x (5 MHz) (1.25 MHz) CDMA2000 1xEVDO (1.25 MHz) LTE (1.4, 3, 5, 10, 15, 20 MHz) IS-136 TDMA WiMAX TACS GSM GSM GPRS EDGE WCDMA GSM (UMTS) HSCSD Florida Institute for Cybersecurity (FICS) Research 5

  6. Reference Architecture VLR VLR BSC BSC MSC AuC HLR MS BSC BTS PSTN/ISDN MSC BTS BTS HLR Wireless MS: Mobile Subscriber/Station • MSC Network BTS: Base Transceiver Station • BSC: Base Station Controller • MSC: Mobile Switching Center • HLR: Home Location Register • AuC: Authentication Center • VLR: Visitor’s Location Register • Florida Institute for Cybersecurity (FICS) Research 6

  7. Basic Network Architecture MSC VLR VLR MSC SMSC MS BS Network HLR GMSC BS BS Gateway MSC receives incoming calls for phones. • Serving MSC assigned based on location • HLR: Permanent registry for service profiles, pointer to VLR • VLR: Temporary repository for profile information, pointer to SMSC. • Florida Institute for Cybersecurity (FICS) Research 7

  8. Cellular Services Automatic call delivery • find a user, deliver a call • IN-type services • e.g., call forwarding • Messaging • short message service • Connection oriented user data transfer • voice, fax, circuit-switched data • Packet Data • General Packet Radio Service (GPRS) - GSM and UMTS • Enhanced Version Data “Optimized” (EVDO) - CDMA • Florida Institute for Cybersecurity (FICS) Research 8

  9. High Level Call Flow Mobile User Registers • Power up/down • Movement • Periodic • Call recipient located • Call routed to gateway or home MSC • Gateway MSC searches for called mobile (via HLRs and VLRs) • Mobile user is paged (determines current base station) • Call delivered • Uses standard SS7 procedures • Florida Institute for Cybersecurity (FICS) Research 9

  10. Delivering a Call MSC GMSC 2. 404-894-2000 BS maps to HLR X 8. Call to 999-xxx 7. 999-xxx 4. How do I deliver call VLR 5. 999-xxx to User 222? 9. Page 10. Call Network HLR SMS 3. How do I deliver call MS BS 6. 999-xxx to User 222? 1. 404-894-2000 BS Florida Institute for Cybersecurity (FICS) Research 10

  11. Protocols of Note MSC Mobility Management Protocols GSM-MAP , ANSI41-MAP VLR HLR MSC MS SS7 BS PSTN/ISDN Air Interfaces GSM , IS136, IS-95, UMTS BS BS Florida Institute for Cybersecurity (FICS) Research 11

  12. Mobile Registration - High Level Old Old HLR VLR MSC BS VLR SMSC Update Location Cancel Location OK Florida Institute for Cybersecurity (FICS) Research 12

  13. Mobile Call Delivery - High Level Gateway HLR VLR MSC BS MSC Call Request Request Routing Info Routing Number Call SS7 Call Delivery Request Page Connect Florida Institute for Cybersecurity (FICS) Research 13

  14. Security Moment - Location Granularity Commonly heard assertion: “The phone company knows exactly where all • of their customers are located at every moment.” 
 Virtually all phones are equipped with some type of GPS resolution. 
 • Is this true? • What are the security implications? • What services could be enabled? • Florida Institute for Cybersecurity (FICS) Research 14

  15. Hierarchy of Location Information VLR Registration HLR VLR Registration Phone Temporary Number Routing # SMSC MSC MSC GMSC Paging Florida Institute for Cybersecurity (FICS) Research 15

  16. E911 Enhanced 911 (E911) transmits your GPS location to the nearest Public Safety • Answering Point (PSAP). This is how you always get the nearest 911 call center, regardless of where • you are traveling in North America. But what about the “Location On” vs. “E911 Only” options available on most • phones? “Location On” does not allow the phone company to constantly track you. • It instead allows services within the network to use your GPS data when you initiate them (e.g., Verizon Navigator, Family Locator). The phone company simply can not keep track 
 • of all the changes in location information at 
 every moment! Florida Institute for Cybersecurity (FICS) Research 16

  17. Voice Path VLR HLR MSC MS BS PSTN/ISDN Coded Voice Full rate voice (64 Kbps) This is under the assumption that the underlying network 
 • supports digital voice. What does that mean? • Florida Institute for Cybersecurity (FICS) Research 17

  18. Analog vs Digital Phone systems are generally classified as either analog or digital. • What exactly does that mean? 
 • This is all about how data is represented and delivered through the network. 
 • Analog is the translation of voice/sound into electrical impulses. • Pure waveform representations of sounds. 
 • Digital is an approximation of this waveform, 
 • represented in 0s and 1s. Florida Institute for Cybersecurity (FICS) Research 18

  19. Analog vs Digital - Tradeoffs Analog • Inexpensive - think cheap home phones • Bandwidth constrained - very limited amount of data can be sent. • Security thoughts? • Noise - every link introduces noise, reduces clarity. • Digital • Expensive - relatively speaking • Improved voice clarity - signal arrives exactly as approximated. • What about quality? • Higher bandwidth - compression of data. • Florida Institute for Cybersecurity (FICS) Research 19

  20. Voice Encoding - GSM-FR/PCM/G.711 Pulse Code Modulation (PCM) is the basis for GSM Full-Rate (GSM-FR) • voice encoding. 8 kHz samples (64 kbps) reduced to 13.2 kbps using Regular Pulse • Excitation - Long Term Prediction (RPE-LTP). Converted back to 64 kbps at MSC prior to Release 4. • Changes in the core towards “TrFO” for all IP . • ... ... ... ... 20 msec 20 msec 160 Samples 160 Samples 260-bit frame RTP-LTP RTP-LTP Encoder Decoder Sender Receiver Florida Institute for Cybersecurity (FICS) Research 20

  21. Air Interface Functions Control • read system parameters • authenticate • update location • receive and originate calls • manage handoffs • Dedicated traffic • voice, data • Shared Traffic • Messaging, data, signaling • Florida Institute for Cybersecurity (FICS) Research 21

  22. Wireless Access Basics Frequency Division Multiple Access (FDMA): • Analog cellular - 1G 
 • Time Division Multiple Access (TDMA): • IS-54, IS-136, FSM - 2G • GPRS - 2.5G 
 • Code Division Multiple Access (CDMA): • IS-95 (cdmaOne) - 2G • IS-2000 (CDMA2000), WCDMA - 3G • Florida Institute for Cybersecurity (FICS) Research 22

  23. FDD/TDD modes for Forward/Reverse Channels Frequency Division Duplex (FDD) • Two distinct bands of frequency for each user (forward and reverse). • Frequency separation between forward and reverse constant for all channels. • Reverse channel typically lower frequency than forward channel (so that the • mobile device can transmit at lower power). Time Division Duplex (TDD) • Each duplex channel has a forward timeslot and reverse timesolt for bidirectional • communication. Simplifies subscriber equipment. • Rigid timing required for time-slotting. • Florida Institute for Cybersecurity (FICS) Research 23

  24. Background - AMPS Advanced Mobile Phone System • Analog Channels • Frequency Modulation (FM) • 1 channel per carrier (1 conversation) • f c Florida Institute for Cybersecurity (FICS) Research 24

  25. Background - TDMA Combination of FDMA and TDMA • System operated within certain frequency bands • Within system bands: • many carrier frequencies are defined • each carrier is divided into timeslots • a channel is defined by a set of time slots on a carrier frequency • Forward (downlink) and Reverse (uplink) channels use different carriers. • Information is digitally coded. • Florida Institute for Cybersecurity (FICS) Research 25

  26. TDMA Overview One Carrier/ One Slot One User Channel Co-channel Interference • Inter-symbol Interference • A M D T Capacity limited by • number of carriers, slots. System Bandwidth FDMA Florida Institute for Cybersecurity (FICS) Research 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

337 views • 22 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and analyze a cellular network, we need to clearly define what we identify as a node and what we represent with an edge. The nodes and edges have to

680 views • 41 slides
3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless Network Evolution First Generation : Analog AMPS: Advance Mobile Phone Systems Residential cordless phones Second Generation : Digital

584 views • 40 slides
CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor 10/23/18 Florida Institute for Cybersecurity (FICS) Research Packet-Switched Mobile Data Florida Institute for Cybersecurity (FICS) Research 2

805 views • 21 slides
Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second

Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second

CMPE 477 Wireless and Mobile Networks Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second Generation TDMA, GSM System Architecture Radio Interface Localization and Calling Handover

715 views • 50 slides
Lecture 3 Cellular Systems I-Hsiang Wang ihwang@ntu.edu.tw 3/13, 2014 Cellular

Lecture 3 Cellular Systems I-Hsiang Wang ihwang@ntu.edu.tw 3/13, 2014 Cellular

Lecture 3 Cellular Systems I-Hsiang Wang ihwang@ntu.edu.tw 3/13, 2014 Cellular Systems: Additional Challenges So far: focus on point-to-point communication In a cellular system (network), additional issues arise:

463 views • 44 slides
Recent Developments on TTCN-3 Ina Schieferdecker, Axel Rennoch , TAROT Summer School, Schlo

Recent Developments on TTCN-3 Ina Schieferdecker, Axel Rennoch , TAROT Summer School, Schlo

Competence Center MOTION Fraunhofer FOKUS Recent Developments on TTCN-3 Ina Schieferdecker, Axel Rennoch , TAROT Summer School, Schlo Laubegg, 25 th June 2010 TAROT2010, Slide 1 Competence Center MOTION Fraunhofer FOKUS Contents Contents

1.01k views • 61 slides
Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol SURFnet Ronald.vanderPol@SURFnet.nl GLIF, 17 January 2013, Honolulu, USA Dis2nguish between:

575 views • 8 slides
3G WCDMA 3G WCDMA Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute

3G WCDMA 3G WCDMA Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute

3G WCDMA 3G WCDMA Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver MOOC on M4D 2013 Multiple Access Technologies Multiple Access Technologies CDMA Code

576 views • 32 slides
14: e.g., PCMCIA card, Ethernet card Ethernet, Hubs, Bridges, typically includes: RAM, DSP

14: e.g., PCMCIA card, Ethernet card Ethernet, Hubs, Bridges, typically includes: RAM, DSP

Link Layer: Implementation Typically, implemented in adapter 14: e.g., PCMCIA card, Ethernet card Ethernet, Hubs, Bridges, typically includes: RAM, DSP chips, host bus interface, and link interface Switches, Other Technologies

533 views • 14 slides
CompSci 356: Computer Network Architectures Lecture 4: Link layer: Encoding, Framing, and Error

CompSci 356: Computer Network Architectures Lecture 4: Link layer: Encoding, Framing, and Error

CompSci 356: Computer Network Architectures Lecture 4: Link layer: Encoding, Framing, and Error Detection Ref. Chap 2.2, 2.3,2.4 Xiaowei Yang xwy@cs.duke.edu Overview Review: link/network performance metrics Bandwidth Latency /

664 views • 45 slides
Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Software Testing Covering Arrays Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and Computer Science University of Ottawa lucia@eecs.uottawa.ca Winter 2017 Combinatorial Testing and

569 views • 19 slides
Digital Video Compression Digital Video Compression Digital Video Compression and H.261

Digital Video Compression Digital Video Compression Digital Video Compression and H.261

Digital Video Compression Digital Video Compression Digital Video Compression and H.261 Recommendation and H.261 Recommendation and H.261 Recommendation Fernando Pereira Fernando Pereira Fernando Pereira Klagenfurt, Austria, October 2008

988 views • 73 slides
Tutorial @WWW2016 About Us Philipp Florian P. Singer, F. Lemmerich: Analyzing Sequential User

Tutorial @WWW2016 About Us Philipp Florian P. Singer, F. Lemmerich: Analyzing Sequential User

Analyzing Sequential User Behavior on the Web Tutorial @WWW2016 About Us Philipp Florian P. Singer, F. Lemmerich: Analyzing Sequential User Behavior on the Web 2 Tutorial Website and Material Website: sequenceanalysis.github.io

952 views • 30 slides

More recommend