cs 8803 cellular and mobile network security
play

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail - PowerPoint PPT Presentation

Oct 05, 2022 •428 likes •831 views

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

  1. CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research

  2. Cellular Telecommunications Architecture • Background • Air Interfaces • Network Protocols • Application: Messaging • Research • Florida Institute for Cybersecurity (FICS) Research 2

  3. GSM The Global System for Mobile Communications (GSM) is the de facto • standard for wireless communications with well over 5 billion users. As a comparison, there are approximately 1.5 billion Internet users. 
 • The architectures of other network are similar, so knowing how to “speak • GSM” will get you a long way in this space. 
 Florida Institute for Cybersecurity (FICS) Research 3

  4. Wireless Signaling and Control in GSM Common Control Channel • Structure • Broadcast Channels • Channel Access from Mobile • Procedures and Messages for Call Control 
 • Traffic Channel • Structure Handoffs • Florida Institute for Cybersecurity (FICS) Research 4

  5. GSM Control Functions Read System Parameters • Register • Receive and Originate Calls • Manage Handoffs • Florida Institute for Cybersecurity (FICS) Research 5

  6. GSM Structure Traffic Channel (per user in a call) Common Control Channel (CCCH) TCH (13 KBps) Common Control Channel (CCCH) • Used for control information: registration, paging, call origination/termination. • Traffic Channel (TCH) • Information transfer • in-call control (fast/slow associated control channels) • Florida Institute for Cybersecurity (FICS) Research 6

  7. 
 
 GSM TDMA Frames TDMA Frame: 
 • Slot 7 Frame: 4.615 msec Slot 0 Slot 1 Slot 2 Slot 3 Slot 4 Slot 5 Slot 6 51 Multiframe: Frame 0 Frame 1 Frame 2 ... Frame 50 235.365 msec Florida Institute for Cybersecurity (FICS) Research 7

  8. From Frames to Channels 26 Multiframe: 120.00 ms 7 } 0 1 2 3 Frame: 4 4.615ms 5 6 Florida Institute for Cybersecurity (FICS) Research 8

  9. GSM CCCH Reverse Forward Forward Forward Forward (MS BS) (BS MS) (BS MS) (BS MS) (BS MS) Random Access Paging and Synchronization Broadcast Frequency Control Channel Access Grant Channel Control Correction (RACH) Channel (PAGCH) (SCH) Channel Channel (BCCH) (FCCH) PCH AGCH Florida Institute for Cybersecurity (FICS) Research 9

  10. 
 
 
 
 
 
 
 
 GSM CCCH Structure TDMA Frame: 
 • Slot 7 Frame: 4.615 msec Slot 0 Slot 1 Slot 2 Slot 3 Slot 4 Slot 5 Slot 6 51 Multiframe: Frame 0 Frame 1 Frame 2 ... Frame 50 235.365 msec Uplink: Channel Name (Frame #) Downlink 
 • RACH (0) ... RACH (50) FCCH (0) SCH (1) BCCH (2-5) PAGCH (6-9) FCCH (10) SCH (11) PAGCH (12-19) FCCH (20) SCH (21) PAGCH (22-29) PAGCH (11) FCCH (30) SCH (31) PAGCH (32-39) FCCH (40) SCH (41) PAGCH (42-49) I (50) CCCH/RACH always uses Slot 0 of each frame; other seven slots for TCH • TCH: 26 multi-frame repeats every 120 msec (13th and 16th frames are used by Slow Associated Control Channel (SACCH) or is idle • Florida Institute for Cybersecurity (FICS) Research 10

  11. GSM: BCCH Broadcast to all users on the CCCH • No addressing • Used to acquire system parameters, so mobile may operate with the system. • Key parameters (contained in RR SYSTEM INFORMATION MESSAGES ): • RACH control parameters • cell channel descriptions (frequencies) • neighbor cells (frequencies) • cell id • Location Area ID (LAI) • Control Channel description • Florida Institute for Cybersecurity (FICS) Research 11

  12. GSM: FCCH and SCH Keeps system synchronization • What do you mean, synchronization? • Broadcasts Basestation ID • Why is this useful information? • Florida Institute for Cybersecurity (FICS) Research 12

  13. GSM: Mobile Channel Access Procedures (RACH) MS Communicates with BS over RACH • Only initially and must compete for this shared resource. • Feedback provided with AGCH • Points the user to a dedicated channel for real exchanges. • Functions: • Responses to paging messages • Location update (registration) • Call Origination • Florida Institute for Cybersecurity (FICS) Research 13

  14. GSM: Paging Channel (PCH) Used to send pages to mobile devices. • Notifications of incoming services (e.g., voice, data, SMS) • Done at regular intervals • Mobiles belong to a paging class • Allows the device to sleep, conserve power • More than 1 mobile paged at a time. • Florida Institute for Cybersecurity (FICS) Research 14

  15. GSM: RACH and Slotted ALOHA (Layer 2) Slotted ALOHA • Operation Assumptions • when node obtains fresh frame, it transmits in next slot • all frames same size • no collision, node successfully • time is divided into equal size transmitted the frame slots, time to transmit 1 frame • if collision, node retransmits • frame in each subsequent slot nodes start to transmit with prob. p until success frames only at beginning of slots • clocks are synchronized • if 2 or more nodes transmit in slot, all nodes detect collision Florida Institute for Cybersecurity (FICS) Research 15

  16. GSM: More Slotted ALOHA Pros • single active node can continuously transmit at full rate of channel • highly decentralized: only slots in nodes need to be in sync • simple Cons • collisions, wasting slots • idle slots • nodes may be able to detect collision in less than time to transmit packet • clock synchronization Florida Institute for Cybersecurity (FICS) Research 16

  17. GSM: Slotted ALOHA Efficiency • For max efficiency with N Efficiency is the long-run 
 nodes, find p* that fraction of successful slots 
 maximizes 
 when there are many nodes, each with many frames to send Np(1-p) N-1 • For many nodes, take • Suppose N nodes with many frames to send, limit of Np*(1-p*) N-1 as N each transmits in slot with probability p goes to infinity, gives 1/e = .37 • prob that node 1 has success in a slot 
 = p(1-p) N-1 At best: channel • prob that any node has a success = Np(1-p) N-1 has maximum throughput of 37%! Florida Institute for Cybersecurity (FICS) Research 17

  18. GSM: RACH Procedures (Layer 2) Mobile • sends assignment request with information • Basestation • sends back assignment with information echoed • Creates Radio Resource (RR) connection • “Standalone Dedicated Control Channel” • May be a physical channel • May be a traffic channel in signaling-only mode • May eventually be bandwidth stolen from TCH (associated control channel). • Florida Institute for Cybersecurity (FICS) Research 18

  19. Basic Flow on Air Interface Alert phone of incoming activity Request dedicated signaling channel Signal Release signaling channel Florida Institute for Cybersecurity (FICS) Research 19

  20. GSM Signaling Signaling in GSM occurs over the Radio Interface Layer 3 (RIL-3). • Technically layer 3, but debatable from OSI perspective as application- • esque things happen here. 
 Control messages are handled by protocol control processes and include • Call Control (CC), Mobility Management (MM), Radio Resource management (RR), Short Messaging Service management (SMS) and Supplementary Services management (SS). Florida Institute for Cybersecurity (FICS) Research 20

  21. GSM Signaling (cont) CC • Call establishment, in-call signaling, tone signaling • MM (uses RR) • common: temporary ID maintenance (TMSI), authentication, 
 • de-registration RR • Paging, handoffs, cipher mode • SMS • Text Messages • SS • Call waiting, call forwarding, group call • Florida Institute for Cybersecurity (FICS) Research 21

  22. Time Out: Privacy? With all of this signaling going over well-known channels, isn’t there a risk • of user tracking/profiling? Think about the PCH... what is transmitted here? 
 • Florida Institute for Cybersecurity (FICS) Research 22

  23. GSM Registration Types • Power up and down • Location Area changes (mobility) • Periodic • User Privacy • Mobile device may transmit real address: International Mobile Subscriber Identity • (IMSI) Get back temporary id (TMSI) • Unique to a local area • Subsequent registrations use TMSI • Florida Institute for Cybersecurity (FICS) Research 23

  24. GSM: Registration, High Level Get SDCCH RR connection established Authenticate Cipher UpdateLocation Release RR connection Florida Institute for Cybersecurity (FICS) Research 24

  25. GSM Registration: Gory Details More details on this “authentication” procedure soon... • Get SDCCH RR connection established LOC UPD RQST Authentication Request (RAND) Authentication Response (SRES) Cipher Mode Cipher Mode Complete LOC UPD ACC (TMSI Assigned) TMSI RE-ALLOC Complete Release RR connection Florida Institute for Cybersecurity (FICS) Research 25

  26. GSM: Call Termination (Receive a Call) Page Request (TMSI) Get SDCCH Channel Request Channel Assignment RR connection established SABM(Page Response) UA(Page Response) Authentication and Ciphering SETUP Call Confirmed Alert Assignment Command Assignment Complete Connect Connect ACK Florida Institute for Cybersecurity (FICS) Research 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor 10/23/18 Florida Institute for Cybersecurity (FICS) Research Packet-Switched Mobile Data Florida Institute for Cybersecurity (FICS) Research 2

805 views • 21 slides
CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

1.13k views • 40 slides
CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

337 views • 22 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
8803 - Mobile Manipulation: Force Control Mike Stilman Robotics & Intelligent

8803 - Mobile Manipulation: Force Control Mike Stilman Robotics & Intelligent

8803 - Mobile Manipulation: Force Control Mike Stilman Robotics & Intelligent Machines @ GT Georgia Institute of Technology Atlanta, GA 30332-0760 February 19, 2008 1 Mike Stilman (RIM@GT) 8803 Lecture 14

374 views • 18 slides
8803 - Mobile Manipulation: Control Mike Stilman Robotics & Intelligent Machines @

8803 - Mobile Manipulation: Control Mike Stilman Robotics & Intelligent Machines @

8803 - Mobile Manipulation: Control Mike Stilman Robotics & Intelligent Machines @ GT Georgia Institute of Technology Atlanta, GA 30332-0760 February 19, 2008 1 Mike Stilman (RIM@GT) 8803 Lecture 13 How

205 views • 17 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
Replica method: a statistical mechanics approach to probability-based information processing

Replica method: a statistical mechanics approach to probability-based information processing

bg=black!2 Introduction Limiting eigenvalue distribution of random matrices Digital communication Bibliography Replica method: a statistical mechanics approach to probability-based information processing Toshiyuki Tanaka tt@i.kyoto-u.ac.jp

1.14k views • 41 slides
Mobile Devices Villanova University Department of Computing Sciences D. Justin Price

Mobile Devices Villanova University Department of Computing Sciences D. Justin Price

Mobile Devices Villanova University Department of Computing Sciences D. Justin Price Fall 2014 INTRODUCTION The field of computer forensics has long been centered on traditional media like hard drives. This is rapidly changing as

1.01k views • 34 slides
Lecture no: 9 Multiple access and cellular systems Ove Edfors, Department of Electrical and

Lecture no: 9 Multiple access and cellular systems Ove Edfors, Department of Electrical and

RADIO SYSTEMS ETIN15 Lecture no: 9 Multiple access and cellular systems Ove Edfors, Department of Electrical and Information Technology Ove.Edfors@eit.lth.se 2012-05-02 Ove Edfors - ETIN15 1 Contents Background Interference and

519 views • 40 slides
Multiplexing ITS323: Introduction to Data Communications CSS331: Fundamentals of Data

Multiplexing ITS323: Introduction to Data Communications CSS331: Fundamentals of Data

ITS323/CSS331 Multiplexing Multiplexing Multiple Access Multiplexing ITS323: Introduction to Data Communications CSS331: Fundamentals of Data Communications Sirindhorn International Institute of Technology Thammasat University Prepared by

471 views • 16 slides
Contents Contents Mobile Phones Generations Hardware Requirements for Hardware Requirements

Contents Contents Mobile Phones Generations Hardware Requirements for Hardware Requirements

Contents Contents Mobile Phones Generations Hardware Requirements for Hardware Requirements for Common Hardware Backbone Hardware Requirements for Actual Cellular Cellular Processors Cellular Processors Processors The Ideal

745 views • 4 slides
1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

Outline Outline What is wireless? Overview Wireless parameters Cellular architecture Wireless Networks Wireless Networks Media multiple access Wireless LAN 802.11 MANET Mobile Ad-hoc NETworks Amnon Jonas

525 views • 13 slides
Information Theory Lecture 10 Network Information Theory (CT15); a focus on channel capacity

Information Theory Lecture 10 Network Information Theory (CT15); a focus on channel capacity

Information Theory Lecture 10 Network Information Theory (CT15); a focus on channel capacity results The (two-user) multiple access channel (15.3) The (two-user) broadcast channel (15.6) The relay channel (15.7) Some remarks on

598 views • 13 slides
GLONASS current status and update programme Roman Muravyev, head of the GLONASS General Desigher

GLONASS current status and update programme Roman Muravyev, head of the GLONASS General Desigher

GLONASS current status and update programme Roman Muravyev, head of the GLONASS General Desigher administration. Information and analysis centre for PNT CONTENTS NATIONAL SATELLITE NAVIGATION POLICY GLONASS STATUS GLONASS

676 views • 13 slides

More recommend