Your SlideShare is downloading. ×
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Satellite Telephony Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Satellite Telephony Security

3,191

Published on

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully …

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable.

We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control Center), GW (Gateway), SCF (Satellite Control Facility) and CMIS (Customer Management Information System) for GMR-2 systems.

From there, we will discuss the security issues of GMR system as it shares similar vulnerabilities with GSM–GMR is derived from the terrestrial digital cellular standard GSM and support access to GSM core networks, along with some interesting demos.

Time permitting, a question and answer session at the end of the presentation will allow participants to cover any additional issues in satellite telephony system they’d like to discuss.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,191
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
158
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SatelliteTelephonySecurity
  • 2. DON’T PANIC
  • 3. “ WHEN TERRESTRIAL COMMUNICATION FAIL, WE PREVAIL! ” Arthur C. Clarke 1917-2008
  • 4. Satellite Communications Broadcast Video to Cable Headends Local ISPs Direct Broadcast TV Video Last-mile Broadband Contribution Corporate Data Networks Teleport PSTN (Interactive & Multicast) End Users Teleport Internet End Users
  • 5. Dan Veeneman Low Earth Orbit Satellites Dan Veeneman Future & Existing Satellite Systems Warezzman DVB Satellite Hacking Jim Geovedi, Raditya Iryandi, Hacking a Bird in the Sky: Hijacking VSAT Connection Jim Geovedi, Raditya Iryandi, Anthony Zboralski Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Adam Laurie $atellite Hacking for Fun & Pr0fit! Leonardo Nve Egea, Christian Martorella Playing in a Satellite Environment 1.2 Jim Geovedi, Raditya Iryandi Hacking Satellite: A New Universe to Discover Jim Geovedi, Raditya Iryandi, Raoul Chiesa Hacking a Bird in the Sky: The Revenge of Angry Birds Jim Geovedi Satellite Telephony Security: What Is and What Will Never Be1996 1998 2004 2006 2008 2009 2011
  • 6. Satellite Phone
  • 7. Satellite Phone Network
  • 8. Satellite Orbits average distance to moon: 384,400 km Medium Earth Orbit Altitude: 8,000-20,000 km EARTH Low Earth Orbit Altitude: 500-2,000 km Geostationary Orbit Altitude: 35,786 km Highly Elliptical Orbit Altitude: >35,786 km
  • 9. GEO (Geostationary Earth Orbit)Satellite OperatorsACeS, ICO, Inmarsat, SkyTerra, TerreStar, ThurayaLEO (Low Earth Orbit)Satellite OperatorsGlobalstar, Iridium
  • 10. LEO Communication Satellite Constellation System Return Link Forward Link LEO LEO Satellite i Satellite i+1 Intersatellite Link (ISL) Orbital Altitude Feeder Feeder Terminal Terminal Downlink Uplink Downlink Uplink Gateway End User Terminal PSTN Cellular
  • 11. Frequency Band Designations
  • 12. TDMA (Time Division Multiple Access) f1 Transponder f1 f1 f1 f1
  • 13. Timeframe Structure and Timeslots 1 hyperframe = 4,896 superframes = 19,584 multiframes = 313,344 TDMA frames (3h 28mn 53s 760ms) 0 1 2 3 4892 4893 4894 4895 1 superframe = 4 multiframes = 64 TDMA frames (2.56s) 0 1 2 3 1 multiframe = 16 TDMA frames (640 ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 TDMA frame = 24 timeslots (40ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 timeslot = 78 bit durations (5/3ms) 1 bit duration = 5/234ms
  • 14. CDMA (Code Division Multiple Access) ++++++++++++++++++++++++++++++++++++++++++ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx oooooooooooooooooooooooooooooooooooooooooo ------------------------------------------ Transponder f1 f1 f1 f1
  • 15. Coverage: Iridium
  • 16. Coverage: Inmarsat
  • 17. Coverage: Thuraya
  • 18. Spotbeams: Regional Coverage E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F DE A L A L A L A L A L A L D G C G C G C G C G C G CA L B K B K B K B K B K B K C H J H J H J H J H H J JB K I E I E I E I E I E I J F D F D F D F D F DI E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J A L A L A L A L I G C G C G C G C B K B K B K B K H J H J H J H J I I
  • 19. GMR (GEO-Mobile Radio Interface)
  • 20. GSM GMR Release 1 Extension to SatelliteGPRS GMR Release 2 Evolution Path3GPP GMR Release 3
  • 21. GMR-1
  • 22. GMR-1 System Elements Space segment Feeder links Gateway Station Spotbeam coverage at L-Band GS SOC PSTN Mobile Earth Stations Gateway Stations
  • 23. GMR-1 Protocol Architecture Satellite MES GSC + GTS + GSM MSC TCS GMR-1 Um-Interface CM CM GSM SIM MM MM RR RR BSSMAP BSSMAP GPS RECEIVER DLL DLL SCCP SCCP PHYS PHYS MTP MTP PHYS PHYS Spotbeams Feeder Link GSM/A-Interface L-Band Ku or C-Band (CCS7)
  • 24. GMR-1 Logical Channel Mapping onto Physical Channel DOWNLINK LOGICAL PHYSICAL PHYSICAL CONTROL ENTITIES CHANNELS CHANNELS RESOURCE USER CHANNELS MAPPING TCH Timeslot Frequency Traffic Number (RF Channels) TDMA Frame Sequence CCH Time Control and RF Channel (Timeslots) Signalling UPLINK MOBILE EARTH STATION SATELLITE
  • 25. GMR-1 (GSM-based) Services• Standard GSM-based services (Phase 2)• Roaming• Single number routing• Numbers and addressing• Authentication and privacy
  • 26. GMR-1 Extended Services• Single-hopped terminal-to-terminal calls• Optimal routing• High penetration alerting• Position based services
  • 27. GMR-2
  • 28. GMR-2 System Elements Traffic GEO Satellite Signalling C-Band L-Band Gateway 1 C-Band C-Band C-Band PSTN User Terminals PN Gateway 2 PLMN Satellite Control Facility PSTN Gateway 3 PN Network Control Centre PLMN PSTN PN Customer Management Information System PLMN
  • 29. C-band Regional Coverage for Signalling & Communication C-Band Traffic Signalling
  • 30. L-band Spotbeams for MSS Users E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F DE A L A L A L A L A L A L D G C G C G C G C G C G CA L B K B K B K B K B K B K C H J H J H J H J H H J JB K I E I E I E I E I E I J F D F D F D F D F DI E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J Traffic A L A L A L A L I G C G C G C G C Signalling B K B K B K B K H J H J H J H J I I
  • 31. GMR-2 Gateway Internal Structure Databases HLR & VLR GA RF/IF TCE GSC MSC PSTN GA Gateway Antenna TCE Traffic Channel Equipment PN GSC Gateway Station Controller MSC Mobile Switching Center GSM
  • 32. GMR Satellite Monitoring System Intercept ing
  • 33. Satellite Phone Interception• Law-enforcements require tapping• Test equipment• Limited use of encryption• Modifiable phone equipment
  • 34. Tactical InterceptionReceives L-band from satellite and line-of-sight from handsetStrategic InterceptionReceives L-band from satellite and C-bandfrom satellite
  • 35. Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz UP 3.5 GHz MES DOWN Gateway
  • 36. Tactical Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 1.6 GHz RADIO LINE-OF-SIGHT Gateway Monitoring Agent
  • 37. Tactical Satellite Interception Operation Satellite antenna Downconverter IF Channel 1 Channel 2 Uplink antenna
  • 38. Call Analysis• Spotbeam IDs, GPS co- • TMSI called by MES. ordinates, operating frequency. • Mobile or Fixed Originated Call (Voice, Fax, Data or SMS).• Date, time and duration of call. • Terminal type.• MES IMSI. • Ciphering key sequence• GPS co-ordinates of MES. number.• Random Reference Number • RAND and SRES. (CallerID). • Encryption Algorithm
  • 39. Strategic Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 3.5 GHz DOWN Gateway Monitoring Centre
  • 40. FAQ
  • 41. What’s next?
  • 42. @geovedihttp://www.slideshare.net/geovedi/presentations

×