The document discusses mobile communication technologies and security issues in GSM. It provides an overview of the evolution of mobile communication from 1G to 2G technologies such as GSM. It describes the GSM architecture including components like the SIM card, authentication and encryption schemes, and GSM channels. It also outlines the basic call sequences for mobile-to-land and land-to-mobile calls. Finally, it discusses some security issues in the GSM network like vulnerabilities to sniffing and man-in-the-middle attacks.
Full rate => Used for speech at 13 Kbits/s
or sending data at 9.6 Kbits/s
Half rate => Used for speech at 6.5 Kbits/s
or sending data at 4.8 Kbits/s
Enhanced Full rate => Used for speech at 13 Kbits/s
or sending data at 9.6 Kbits/s but
with almost Land line quality
FCCH = FREQUENCY CORRECTION CHANNEL
=> To tell the Mobile that this is the BCCH carrier
=> To able the Mobile to synchronize to the frequency
(Downlink only)
SCH = SYNCHRONISATION CHANNEL
=> Used for sending BSIC (Base station Identity Code)
=> Give TDMA frame number to the Mobile.
(Downlink only)
BCCH = BROADCAST CONTROL CHANNEL
=> Used for sending information to the mobile like
CGI (Cell Global identity), LAI (Location Area Identity),
BCCH carriers of the neighboring cells,
maximum output power allowed in the cell and other
broadcast messages like barred cell. (Downlink only)
PCH = PAGING CHANNEL
=> Used for paging the Mobile. (Downlink only)
Reason could be an incoming call or an incoming Short Message.
RACH = RANDOM ACCESS CHANNEL
=> Used for responding to the paging (terminating), Location updating
or to make call access (originating) by asking for a signaling channel.
(Uplink only)
AGCH = ACCESS GRANT CHANNEL
=> Used to allocate SDCCH to the mobile.
(Downlink only)
Full rate => Used for speech at 13 Kbits/s
or sending data at 9.6 Kbits/s
Half rate => Used for speech at 6.5 Kbits/s
or sending data at 4.8 Kbits/s
Enhanced Full rate => Used for speech at 13 Kbits/s
or sending data at 9.6 Kbits/s but
with almost Land line quality
FCCH = FREQUENCY CORRECTION CHANNEL
=> To tell the Mobile that this is the BCCH carrier
=> To able the Mobile to synchronize to the frequency
(Downlink only)
SCH = SYNCHRONISATION CHANNEL
=> Used for sending BSIC (Base station Identity Code)
=> Give TDMA frame number to the Mobile.
(Downlink only)
BCCH = BROADCAST CONTROL CHANNEL
=> Used for sending information to the mobile like
CGI (Cell Global identity), LAI (Location Area Identity),
BCCH carriers of the neighboring cells,
maximum output power allowed in the cell and other
broadcast messages like barred cell. (Downlink only)
PCH = PAGING CHANNEL
=> Used for paging the Mobile. (Downlink only)
Reason could be an incoming call or an incoming Short Message.
RACH = RANDOM ACCESS CHANNEL
=> Used for responding to the paging (terminating), Location updating
or to make call access (originating) by asking for a signaling channel.
(Uplink only)
AGCH = ACCESS GRANT CHANNEL
=> Used to allocate SDCCH to the mobile.
(Downlink only)
• -How the channel concept is used on the radio interface
• -Different burst formats in the radio interface
• -The hierarchical frame structure
• -The content sent in different logical channels
• -The mapping of the logical channels
• -Superframe and Hyperframe
• -MOBILE STATIONS ISDN NUMBER (MSISDN)
• INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI)
• TEMPORARY MOBILE SUBSCRIBER IDENTITY (TMSI)
• LOCATION AREA IDENTITY (LAI)
• CELL GLOBAL IDENTITY (CGI)
• BASE STATION IDENTITY CODE (BSIC)
• PIN management
• -How the channel concept is used on the radio interface
• -Different burst formats in the radio interface
• -The hierarchical frame structure
• -The content sent in different logical channels
• -The mapping of the logical channels
• -Superframe and Hyperframe
• -MOBILE STATIONS ISDN NUMBER (MSISDN)
• INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI)
• TEMPORARY MOBILE SUBSCRIBER IDENTITY (TMSI)
• LOCATION AREA IDENTITY (LAI)
• CELL GLOBAL IDENTITY (CGI)
• BASE STATION IDENTITY CODE (BSIC)
• PIN management
Mobile Networks Architecture and Security (2G to 5G)
+ Mobile Networks History 2G/3G/4G/LTE/5G
+ CS/PS/EPC/5GC Core Network Elements Overview
+ Mobile Networks Basic Scenarios
+ Mobile Network Security
+ Authentication / Ciphering
VoLTE Flows and legacy CS network. Basic call routing to and from CS network using BGCF, MGCF, MGW. ENUM role in routing. IMS Cetralized Services (IMC) and SRVCC scenarios.
Similar to Kumar gunjan 20160213 mobile communication security (20)
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. Agenda
•evolution of mobile communication
•1G technology
•2G technology
•GSM architecture
•GSM channels
•SIM
•Sharing Spectrum
•Authentication and Encryption Scheme
•GSM calling sequence
•GSM called sequence
•Security issues
3. Evolution of Mobile Comm
Ancient time: light for comm... eg ship,becon..
150 BC: smoke signals...color/strength
1794: optical telegraphy
1877: First wireline telephone
1895: wireless telegraphy
1915: wireless voice
transmission(AM)
1928: TV broadcast
1933: FM patented.. radios in 1950s
4. Evolution of Mobile Comm
1946: Mobile Telephone was introduced
System:MTS,
Device wt:36KG
In Bell System, used in St. Louis
Setup by operator,
Only 3 channels for whole metro
5. 1960: Bell Labs -> Celular concept
1970: Mobile User M<=>PSTN
System: IMTS(improved mobile tele service)
Reduced size and wt
Eliminate setup by operator
32 channels across 3 bands
450-470MHz
6. Other wireless systems:
Push to talk(PTT)
AMTS-Advance Mobile tele system
Etc
These were also called
mobile radio systems
7. 1G technology
=>Deployed in early 1990s
1.AMPS-Advanced Mobile Phone System
Developed and deployed in USA
2.NMT-Nordic mobile Tele System
developed and deployed in Scandinavian
countries
3.TACS-Total Access Communication System
developed in UK, Deployed in Europe
.
8. 1G technology
All analog
FDMA + FM
Only voice
Poor Voice quality
Poor battery life
Large phone size
Poor handoff reliability
No Roaming—
even between two same technology
9. 1G technology
No security
Analog Signals does not allow advance encryption methods
hence there is no security
FM receivers can be used to listen in on any conversation
Anyone could collect a large database of identity etc by driving
around and go into business by reprogramming stolen phones
and reselling them.
Airtime thefts were also reported
10. 2G technology
Deployed in early 90s
Three popular systems: GSM, D-AMPS and CDMA One/IS-95
Digital systems
SMS
MMS-Multi Media Messages
Data Service-GPRS-64kbps
Roaming
Voice encryption provision
Better security
11. GSM
GSM is the most popular 2G Technology
Developed in Europe and has European standards
Low data rate: 9.6 kbps
Higher data rates using 2G:
GPRS: General Packet Radio Service
2.5G
171kbps(50kbps)
EDGE: Enhanced Data Rates for GSM Evolution
2.75G
473.6kbps(100kbps)
12. GSM
New network elements required to achieve higher data rate:
Serving GPRS Support Node (SGSN),
The SGSN handles all packet switched data within the network and is
responsible for the authentication and tracking of the users. The SGSN performs
the same functions as the MSC for voice traffic
Gateway GPRS Support Node (GGSN).
The GGSN is the interface from the GSM/GPRS network to external networks.
The GGSN is also responsible for the allocation of IP-addresses.
24. 31
Subscriber Identification Module (SIM)
Smart Card – a single chip computer containing
OS, File System, Applications
Protected by PIN
Owned by operator (i.e. trusted)
SIM applications can be written with SIM Toolkit
Contains PIN, Ki and Kc
Contains A3, A5 and A8 algos
25. 32
Authentication and Encryption Scheme
A3
Mobile Station Radio Link GSM Operator
A8
A5
A3
A8
A5
Ki Ki
Challenge RAND 128bit
KcKc 64 bit
mi Encrypted Data mi
SIM
Signed response (SRES32 bit)
SRESSRES
Fn Fn
Authentication: are SRES
values equal?
26. Authentication and Encryption Scheme
* A3 Input: 128-bit RAND random challenge, Ki 128- bit private key
• A3 Output: 32-bit SRES signed response
• A8 Input: 128-bit RAND random challenge, Ki 128-bit private key
• A8 Output: 64-bit Kc Cipher Key, used for A5
27.
28. GSM Basic Call Sequence
The process for calling MS and called MS are
two independent flow. The calling party begins
with channel request and ends with TCH
assignment competition. In general, the calling
party includes following several stages: access
process, authentication and ciphering process,
TCH assignment process. So, we take the
sequence from mobile to land as example, in this
sequence, we mainly devote to the calling party.
29. Mobile to Land Sequence
MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
SIGNALING LINK
ESTABLISHED
PSTN
30. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
PSTN
Mobile to Land Sequence
31. Mobile to Land Sequence
MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
SIGNALING LINK
ESTABLISHED
PSTN
32. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
PSTN
Mobile to Land Sequence
33. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
PSTN
Mobile to Land Sequence
34. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
PSTN
SFOC
Mobile to Land Sequence
35. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
5 EQUIP. ID REQ.
PSTN
SFOC
Mobile to Land Sequence
36. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
5 EQUIP. ID REQ.
6 COMPLETE CALL
CALL PROCEEDING
<SDCCH>
PSTN
SFOC
Mobile to Land Sequence
37. Mobile to Land Sequence
7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
circuit<FACCH>
MS BSS MSC VLR HLR PSTN
38. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
circuit<FACCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
MS BSS MSC VLR HLR PSTN
Mobile to Land Sequence
39. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
<FACCH>
9 Answer (ANS)Connect
circuit<FACCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
Ring tone
stops
MS BSS MSC VLR HLR PSTN
Mobile to Land Sequence
40. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
<FACCH>
9 Answer (ANS)Connect
10 Connect Acknowledge
<FACCH>
circuit<FACCH>
<TCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
Ring tone
stops
HELLO!
MS BSS MSC VLR HLR PSTN
BILLING STARTS
Mobile to Land Sequence
41. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
PSTN
Mobile to Land Sequence
42. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
PSTN
SFOC
Mobile to Land Sequence
43. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
5 EQUIP. ID REQ.
PSTN
SFOC
Mobile to Land Sequence
44. MS BSS MSC VLR HLR
1 CHANNEL REQUEST <RACH>
<AGCH>DCCH ASSIGN
<SDCCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
Call Info
5 EQUIP. ID REQ.
6 COMPLETE CALL
CALL PROCEEDING
<SDCCH>
PSTN
SFOC
Mobile to Land Sequence
45. Mobile to Land Sequence
7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
circuit<FACCH>
MS BSS MSC VLR HLR PSTN
46. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
circuit<FACCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
MS BSS MSC VLR HLR PSTN
Mobile to Land Sequence
47. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
<FACCH>
9 Answer (ANS)Connect
circuit<FACCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
Ring tone
stops
MS BSS MSC VLR HLR PSTN
Mobile to Land Sequence
48. 7 ASSIG. COMMAND
<SDCCH>
ASSIG. COMPLETE
Address Complete(ACM)
Alerting
<FACCH>
9 Answer (ANS)Connect
10 Connect Acknowledge
<FACCH>
circuit<FACCH>
<TCH>
Initial and Final Address
8 Message (IFAM)
MS hears ring
tone from land
phone
<FACCH>
Ring tone
stops
HELLO!
MS BSS MSC VLR HLR PSTN
BILLING STARTS
Mobile to Land Sequence
49. GSM Basic Call Sequence
For the called party, the flow for the called party
begins when MSC sends paging command to the
called party, ends when two party start talk. In
general, this call flow includes several stages:
access process, authentication and ciphering
process, TCH assignment process, talk process,
release process.
50. MS BSS MSC VLR HLR GMSC
(MSISDN)
(MSISDN)(IMSI)
(MSRN)
(MSRN)
(LAI & TMSI)
(TMSI)(TMSI)
Initial and Final
1 Address Message
PSTN
(MSRN) (MSRN)
2 Send Routing Info
3 Routing Info Ack
Initial and Final
Address Message
4 Send Info For I/C
Call Setup
5 Page
Paging Request
<PCH>
Land to Mobile Sequence