SlideShare a Scribd company logo

Kumar gunjan 20160213 mobile communication security

Download as PPTX, PDF
N
nullowaspmumbai

The document discusses mobile communication technologies and security issues in GSM. It provides an overview of the evolution of mobile communication from 1G to 2G technologies such as GSM. It describes the GSM architecture including components like the SIM card, authentication and encryption schemes, and GSM channels. It also outlines the basic call sequences for mobile-to-land and land-to-mobile calls. Finally, it discusses some security issues in the GSM network like vulnerabilities to sniffing and man-in-the-middle attacks.

Technology
1 of 53
Mobile Communication and its Security Analysis by K Gunjan
Agenda •evolution of mobile communication •1G technology •2G technology •GSM architecture •GSM channels •SIM •Sharing Spectrum •Authentication and Encryption Scheme •GSM calling sequence •GSM called sequence •Security issues
Evolution of Mobile Comm Ancient time: light for comm... eg ship,becon.. 150 BC: smoke signals...color/strength 1794: optical telegraphy 1877: First wireline telephone 1895: wireless telegraphy 1915: wireless voice transmission(AM) 1928: TV broadcast 1933: FM patented.. radios in 1950s
Evolution of Mobile Comm 1946: Mobile Telephone was introduced System:MTS, Device wt:36KG In Bell System, used in St. Louis Setup by operator, Only 3 channels for whole metro
1960: Bell Labs -> Celular concept 1970: Mobile User M<=>PSTN System: IMTS(improved mobile tele service) Reduced size and wt Eliminate setup by operator 32 channels across 3 bands 450-470MHz
Other wireless systems: Push to talk(PTT) AMTS-Advance Mobile tele system Etc These were also called mobile radio systems
1G technology =>Deployed in early 1990s 1.AMPS-Advanced Mobile Phone System Developed and deployed in USA 2.NMT-Nordic mobile Tele System developed and deployed in Scandinavian countries 3.TACS-Total Access Communication System developed in UK, Deployed in Europe .
1G technology All analog FDMA + FM Only voice Poor Voice quality Poor battery life Large phone size Poor handoff reliability No Roaming— even between two same technology
1G technology No security  Analog Signals does not allow advance encryption methods hence there is no security  FM receivers can be used to listen in on any conversation  Anyone could collect a large database of identity etc by driving around and go into business by reprogramming stolen phones and reselling them.  Airtime thefts were also reported
2G technology Deployed in early 90s Three popular systems: GSM, D-AMPS and CDMA One/IS-95 Digital systems SMS MMS-Multi Media Messages Data Service-GPRS-64kbps Roaming Voice encryption provision Better security
GSM GSM is the most popular 2G Technology Developed in Europe and has European standards Low data rate: 9.6 kbps Higher data rates using 2G: GPRS: General Packet Radio Service 2.5G 171kbps(50kbps) EDGE: Enhanced Data Rates for GSM Evolution 2.75G 473.6kbps(100kbps)
GSM New network elements required to achieve higher data rate: Serving GPRS Support Node (SGSN), The SGSN handles all packet switched data within the network and is responsible for the authentication and tracking of the users. The SGSN performs the same functions as the MSC for voice traffic Gateway GPRS Support Node (GGSN). The GGSN is the interface from the GSM/GPRS network to external networks. The GGSN is also responsible for the allocation of IP-addresses.
GSM ARCHITECHTURE Service Provisioning & billing/CRM CDR archive CRBT system USSD gateways STPMNP D/B USAU SMP Voucher Centers OMC
Architecture form network perspective MPLS, Routers E1s STP
GSM Links
Motivation Understand it & Look for CIA
GSM ARCHITECHTURE
GSM Protocol stack
GSM Protocol stack
Sharing Spectrum GSM uses TDMA & FDMA
Sharing Spectrum
GSM channels
GSM channels
31 Subscriber Identification Module (SIM) Smart Card – a single chip computer containing OS, File System, Applications Protected by PIN Owned by operator (i.e. trusted) SIM applications can be written with SIM Toolkit Contains PIN, Ki and Kc Contains A3, A5 and A8 algos
32 Authentication and Encryption Scheme A3 Mobile Station Radio Link GSM Operator A8 A5 A3 A8 A5 Ki Ki Challenge RAND 128bit KcKc 64 bit mi Encrypted Data mi SIM Signed response (SRES32 bit) SRESSRES Fn Fn Authentication: are SRES values equal?
Authentication and Encryption Scheme * A3 Input: 128-bit RAND random challenge, Ki 128- bit private key • A3 Output: 32-bit SRES signed response • A8 Input: 128-bit RAND random challenge, Ki 128-bit private key • A8 Output: 64-bit Kc Cipher Key, used for A5
GSM Basic Call Sequence The process for calling MS and called MS are two independent flow. The calling party begins with channel request and ends with TCH assignment competition. In general, the calling party includes following several stages: access process, authentication and ciphering process, TCH assignment process. So, we take the sequence from mobile to land as example, in this sequence, we mainly devote to the calling party.
Mobile to Land Sequence MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN SIGNALING LINK ESTABLISHED PSTN
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC PSTN Mobile to Land Sequence
Mobile to Land Sequence MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN SIGNALING LINK ESTABLISHED PSTN
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC PSTN Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE PSTN Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info PSTN SFOC Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. PSTN SFOC Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. 6 COMPLETE CALL CALL PROCEEDING <SDCCH> PSTN SFOC Mobile to Land Sequence
Mobile to Land Sequence 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE circuit<FACCH> MS BSS MSC VLR HLR PSTN
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect 10 Connect Acknowledge <FACCH> circuit<FACCH> <TCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops HELLO! MS BSS MSC VLR HLR PSTN BILLING STARTS Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE PSTN Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info PSTN SFOC Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. PSTN SFOC Mobile to Land Sequence
MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. 6 COMPLETE CALL CALL PROCEEDING <SDCCH> PSTN SFOC Mobile to Land Sequence
Mobile to Land Sequence 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE circuit<FACCH> MS BSS MSC VLR HLR PSTN
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect 10 Connect Acknowledge <FACCH> circuit<FACCH> <TCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops HELLO! MS BSS MSC VLR HLR PSTN BILLING STARTS Mobile to Land Sequence
GSM Basic Call Sequence For the called party, the flow for the called party begins when MSC sends paging command to the called party, ends when two party start talk. In general, this call flow includes several stages: access process, authentication and ciphering process, TCH assignment process, talk process, release process.
MS BSS MSC VLR HLR GMSC (MSISDN) (MSISDN)(IMSI) (MSRN) (MSRN) (LAI & TMSI) (TMSI)(TMSI) Initial and Final 1 Address Message PSTN (MSRN) (MSRN) 2 Send Routing Info 3 Routing Info Ack Initial and Final Address Message 4 Send Info For I/C Call Setup 5 Page Paging Request <PCH> Land to Mobile Sequence
<FACCH> (channel) (circuit) <FACCH> 9 Assignment Command Assignment Complete Alert <TCH> <FACCH>10 Connect Connect ACK ANS <TCH> Hello... Address Complete MS BSS MSC VLR HLR GMSC PSTN Billing starts Ring Tone at the land phone Ringing stops at land phoneSubscriber picks up Land to Mobile Sequence
Attacks on GSM OSMOCOMBB sniffing MIMT attack on call MIMT attack on SMS Attack using data card ……… ….. … .. .
Twitter: @Gunjan_cn Gunjan.cn@gmail.com

Recommended

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowEricsson Saudi
 
Gsm Overview
Gsm OverviewGsm Overview
Gsm Overviewtijeel
 
Gsm fundamental-uku
Gsm fundamental-ukuGsm fundamental-uku
Gsm fundamental-ukusivakumar D
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flow
Mohd Nazir Shakeel
 
Gsm architecture, gsm network identities, network cases, cell planning, and c...
Gsm architecture, gsm network identities, network cases, cell planning, and c...Gsm architecture, gsm network identities, network cases, cell planning, and c...
Gsm architecture, gsm network identities, network cases, cell planning, and c...
Zorays Solar Pakistan
 
Fullgsm overviewmodified-111004024904-phpapp01
Fullgsm overviewmodified-111004024904-phpapp01Fullgsm overviewmodified-111004024904-phpapp01
Fullgsm overviewmodified-111004024904-phpapp01
Ram Prasath
 
BASIC GSM
BASIC GSMBASIC GSM
BASIC GSM
Tempus Telcosys
 
Gprs
GprsGprs
Gprsneeraj bari
 

Recommended

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowEricsson Saudi
 
Gsm Overview
Gsm OverviewGsm Overview
Gsm Overviewtijeel
 
Gsm fundamental-uku
Gsm fundamental-ukuGsm fundamental-uku
Gsm fundamental-ukusivakumar D
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flow
Mohd Nazir Shakeel
 
Gsm architecture, gsm network identities, network cases, cell planning, and c...
Gsm architecture, gsm network identities, network cases, cell planning, and c...Gsm architecture, gsm network identities, network cases, cell planning, and c...
Gsm architecture, gsm network identities, network cases, cell planning, and c...
Zorays Solar Pakistan
 
Fullgsm overviewmodified-111004024904-phpapp01
Fullgsm overviewmodified-111004024904-phpapp01Fullgsm overviewmodified-111004024904-phpapp01
Fullgsm overviewmodified-111004024904-phpapp01
Ram Prasath
 
BASIC GSM
BASIC GSMBASIC GSM
BASIC GSM
Tempus Telcosys
 
Gprs
GprsGprs
Gprsneeraj bari
 
Introduction to gsm
Introduction to gsmIntroduction to gsm
Introduction to gsmsivakumar D
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemo
toha ardi nugraha
 
GSM - The Network Layer
GSM - The Network LayerGSM - The Network Layer
GSM - The Network Layer
Yubraj C.
 
Umts call-flows
Umts call-flowsUmts call-flows
Umts call-flows
sivakumar D
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flows
emyl97
 
Bss par
Bss parBss par
Bss par
Rakesh Solanki
 
Gsm call routing
Gsm call routingGsm call routing
Gsm call routing
Ramakrishna Pulikonda
 
Call flow
Call flowCall flow
Call flow
Amritpal Singh Bhinder
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)
Hamidreza Bolhasani
 
Gsm architecture with gmsk
Gsm architecture with gmsk Gsm architecture with gmsk
Gsm architecture with gmsk Bilal Waheed
 
GSM Architecture
GSM ArchitectureGSM Architecture
GSM ArchitecturePratik Gupta
 
Gsm channels concept
Gsm channels conceptGsm channels concept
Gsm channels concept
Telebeansolutions
 
Srvcc overview
Srvcc overviewSrvcc overview
Srvcc overview
Yau Boon
 
01 introduction to umt snew
01 introduction to umt snew01 introduction to umt snew
01 introduction to umt snew
sivakumar D
 
Seminar gprs
Seminar gprsSeminar gprs
Seminar gprs
Ankit Anand
 
GSM Channel Concept
GSM Channel ConceptGSM Channel Concept
GSM Channel Concept
Md Mustafizur Rahman
 
04 umts traffic managementnew
04 umts traffic managementnew04 umts traffic managementnew
04 umts traffic managementnew
sivakumar D
 
Nokia dictionary
Nokia dictionaryNokia dictionary
Nokia dictionaryJetal Patel
 
Coral gsm cdma gateway
Coral gsm cdma gatewayCoral gsm cdma gateway
Coral gsm cdma gatewayMohd Arif
 
6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In Chandigarh6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In ChandigarhArcadian Learning
 
Basic of teleom gsm
Basic of teleom gsmBasic of teleom gsm
Basic of teleom gsm
Kartik Kalpande Patil
 
Full gsm overview (modified)
Full gsm overview (modified)Full gsm overview (modified)
Full gsm overview (modified)
Advanced group of Institutions
 

More Related Content

What's hot

Introduction to gsm
Introduction to gsmIntroduction to gsm
Introduction to gsmsivakumar D
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemo
toha ardi nugraha
 
GSM - The Network Layer
GSM - The Network LayerGSM - The Network Layer
GSM - The Network Layer
Yubraj C.
 
Umts call-flows
Umts call-flowsUmts call-flows
Umts call-flows
sivakumar D
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flows
emyl97
 
Bss par
Bss parBss par
Bss par
Rakesh Solanki
 
Gsm call routing
Gsm call routingGsm call routing
Gsm call routing
Ramakrishna Pulikonda
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)
Hamidreza Bolhasani
 
Gsm architecture with gmsk
Gsm architecture with gmsk Gsm architecture with gmsk
Gsm architecture with gmsk Bilal Waheed
 
Gsm channels concept
Gsm channels conceptGsm channels concept
Gsm channels concept
Telebeansolutions
 
Srvcc overview
Srvcc overviewSrvcc overview
Srvcc overview
Yau Boon
 
01 introduction to umt snew
01 introduction to umt snew01 introduction to umt snew
01 introduction to umt snew
sivakumar D
 
Seminar gprs
Seminar gprsSeminar gprs
Seminar gprs
Ankit Anand
 
GSM Channel Concept
GSM Channel ConceptGSM Channel Concept
GSM Channel Concept
Md Mustafizur Rahman
 
04 umts traffic managementnew
04 umts traffic managementnew04 umts traffic managementnew
04 umts traffic managementnew
sivakumar D
 
Nokia dictionary
Nokia dictionaryNokia dictionary
Nokia dictionaryJetal Patel
 
Coral gsm cdma gateway
Coral gsm cdma gatewayCoral gsm cdma gateway
Coral gsm cdma gatewayMohd Arif
 
6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In Chandigarh6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In ChandigarhArcadian Learning
 

What's hot (20)

Introduction to gsm
Introduction to gsmIntroduction to gsm
Introduction to gsm
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemo
 
GSM - The Network Layer
GSM - The Network LayerGSM - The Network Layer
GSM - The Network Layer
 
Umts call-flows
Umts call-flowsUmts call-flows
Umts call-flows
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flows
 
Bss par
Bss parBss par
Bss par
 
Gsm call routing
Gsm call routingGsm call routing
Gsm call routing
 
Call flow
Call flowCall flow
Call flow
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)
 
Gsm architecture with gmsk
Gsm architecture with gmsk Gsm architecture with gmsk
Gsm architecture with gmsk
 
GSM Architecture
GSM ArchitectureGSM Architecture
GSM Architecture
 
Gsm channels concept
Gsm channels conceptGsm channels concept
Gsm channels concept
 
Srvcc overview
Srvcc overviewSrvcc overview
Srvcc overview
 
01 introduction to umt snew
01 introduction to umt snew01 introduction to umt snew
01 introduction to umt snew
 
Seminar gprs
Seminar gprsSeminar gprs
Seminar gprs
 
GSM Channel Concept
GSM Channel ConceptGSM Channel Concept
GSM Channel Concept
 
04 umts traffic managementnew
04 umts traffic managementnew04 umts traffic managementnew
04 umts traffic managementnew
 
Nokia dictionary
Nokia dictionaryNokia dictionary
Nokia dictionary
 
Coral gsm cdma gateway
Coral gsm cdma gatewayCoral gsm cdma gateway
Coral gsm cdma gateway
 
6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In Chandigarh6 Weeks Industrial Training In Telecom In Chandigarh
6 Weeks Industrial Training In Telecom In Chandigarh
 

Similar to Kumar gunjan 20160213 mobile communication security

Basic of teleom gsm
Basic of teleom gsmBasic of teleom gsm
Basic of teleom gsm
Kartik Kalpande Patil
 
Full gsm overview (modified)
Full gsm overview (modified)Full gsm overview (modified)
Full gsm overview (modified)
Advanced group of Institutions
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprs
Chyon Ju
 
Wireless networking
Wireless networkingWireless networking
Wireless networking
METHODIST COLLEGE OF ENGG & TECH
 
Switching systems lecture7
Switching systems lecture7Switching systems lecture7
Switching systems lecture7
Jumaan Ally Mohamed
 
Gsm
GsmGsm
Gsm
Bala V
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
HazemElabed2
 
IMS Standards
IMS StandardsIMS Standards
IMS Standards
Marie-Paule Odini
 
Gsm
GsmGsm
Gsm
Inocentshuja Ahmad
 
VoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedVoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedAmit Deshmukh
 
Gsm training
Gsm trainingGsm training
Gsm training
gernaz55
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)
Hamidreza Bolhasani
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principlesSupper Mario
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
Hamidreza Bolhasani
 
GSM dan GPRS basic
GSM dan GPRS basicGSM dan GPRS basic
GSM dan GPRS basic
Roy Tri Afandi
 
Wireless_Communication_UNIT_4.pdf
Wireless_Communication_UNIT_4.pdfWireless_Communication_UNIT_4.pdf
Wireless_Communication_UNIT_4.pdf
ssuser136534
 
Lecture 8 9
Lecture 8 9Lecture 8 9
Lecture 8 9
Joe Christensen
 
lecture2.pdf
lecture2.pdflecture2.pdf
lecture2.pdf
AhmedHashi22
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
Karel Berkovec
 

Similar to Kumar gunjan 20160213 mobile communication security (20)

Basic of teleom gsm
Basic of teleom gsmBasic of teleom gsm
Basic of teleom gsm
 
Full gsm overview (modified)
Full gsm overview (modified)Full gsm overview (modified)
Full gsm overview (modified)
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprs
 
Wireless networking
Wireless networkingWireless networking
Wireless networking
 
Switching systems lecture7
Switching systems lecture7Switching systems lecture7
Switching systems lecture7
 
Gsm
GsmGsm
Gsm
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
 
IMS Standards
IMS StandardsIMS Standards
IMS Standards
 
Gsm
GsmGsm
Gsm
 
VoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedVoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2Erevised
 
Gsm training
Gsm trainingGsm training
Gsm training
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principles
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
 
GSM dan GPRS basic
GSM dan GPRS basicGSM dan GPRS basic
GSM dan GPRS basic
 
Wireless_Communication_UNIT_4.pdf
Wireless_Communication_UNIT_4.pdfWireless_Communication_UNIT_4.pdf
Wireless_Communication_UNIT_4.pdf
 
Lecture 8 9
Lecture 8 9Lecture 8 9
Lecture 8 9
 
Gsm Network
Gsm NetworkGsm Network
Gsm Network
 
lecture2.pdf
lecture2.pdflecture2.pdf
lecture2.pdf
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
 

More from nullowaspmumbai

Xxe
XxeXxe
Xxe
nullowaspmumbai
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
nullowaspmumbai
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
nullowaspmumbai
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
nullowaspmumbai
 
Power forensics
Power forensicsPower forensics
Power forensics
nullowaspmumbai
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
nullowaspmumbai
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
nullowaspmumbai
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
nullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
nullowaspmumbai
 
Commix
Commix Commix
Commix
nullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
nullowaspmumbai
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
nullowaspmumbai
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
nullowaspmumbai
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
nullowaspmumbai
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
nullowaspmumbai
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
nullowaspmumbai
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
nullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 

Recently uploaded

Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Kumar gunjan 20160213 mobile communication security

  • 1. Mobile Communication and its Security Analysis by K Gunjan
  • 2. Agenda •evolution of mobile communication •1G technology •2G technology •GSM architecture •GSM channels •SIM •Sharing Spectrum •Authentication and Encryption Scheme •GSM calling sequence •GSM called sequence •Security issues
  • 3. Evolution of Mobile Comm Ancient time: light for comm... eg ship,becon.. 150 BC: smoke signals...color/strength 1794: optical telegraphy 1877: First wireline telephone 1895: wireless telegraphy 1915: wireless voice transmission(AM) 1928: TV broadcast 1933: FM patented.. radios in 1950s
  • 4. Evolution of Mobile Comm 1946: Mobile Telephone was introduced System:MTS, Device wt:36KG In Bell System, used in St. Louis Setup by operator, Only 3 channels for whole metro
  • 5. 1960: Bell Labs -> Celular concept 1970: Mobile User M<=>PSTN System: IMTS(improved mobile tele service) Reduced size and wt Eliminate setup by operator 32 channels across 3 bands 450-470MHz
  • 6. Other wireless systems: Push to talk(PTT) AMTS-Advance Mobile tele system Etc These were also called mobile radio systems
  • 7. 1G technology =>Deployed in early 1990s 1.AMPS-Advanced Mobile Phone System Developed and deployed in USA 2.NMT-Nordic mobile Tele System developed and deployed in Scandinavian countries 3.TACS-Total Access Communication System developed in UK, Deployed in Europe .
  • 8. 1G technology All analog FDMA + FM Only voice Poor Voice quality Poor battery life Large phone size Poor handoff reliability No Roaming— even between two same technology
  • 9. 1G technology No security  Analog Signals does not allow advance encryption methods hence there is no security  FM receivers can be used to listen in on any conversation  Anyone could collect a large database of identity etc by driving around and go into business by reprogramming stolen phones and reselling them.  Airtime thefts were also reported
  • 10. 2G technology Deployed in early 90s Three popular systems: GSM, D-AMPS and CDMA One/IS-95 Digital systems SMS MMS-Multi Media Messages Data Service-GPRS-64kbps Roaming Voice encryption provision Better security
  • 11. GSM GSM is the most popular 2G Technology Developed in Europe and has European standards Low data rate: 9.6 kbps Higher data rates using 2G: GPRS: General Packet Radio Service 2.5G 171kbps(50kbps) EDGE: Enhanced Data Rates for GSM Evolution 2.75G 473.6kbps(100kbps)
  • 12. GSM New network elements required to achieve higher data rate: Serving GPRS Support Node (SGSN), The SGSN handles all packet switched data within the network and is responsible for the authentication and tracking of the users. The SGSN performs the same functions as the MSC for voice traffic Gateway GPRS Support Node (GGSN). The GGSN is the interface from the GSM/GPRS network to external networks. The GGSN is also responsible for the allocation of IP-addresses.
  • 13. GSM ARCHITECHTURE Service Provisioning & billing/CRM CDR archive CRBT system USSD gateways STPMNP D/B USAU SMP Voucher Centers OMC
  • 14. Architecture form network perspective MPLS, Routers E1s STP
  • 24. 31 Subscriber Identification Module (SIM) Smart Card – a single chip computer containing OS, File System, Applications Protected by PIN Owned by operator (i.e. trusted) SIM applications can be written with SIM Toolkit Contains PIN, Ki and Kc Contains A3, A5 and A8 algos
  • 25. 32 Authentication and Encryption Scheme A3 Mobile Station Radio Link GSM Operator A8 A5 A3 A8 A5 Ki Ki Challenge RAND 128bit KcKc 64 bit mi Encrypted Data mi SIM Signed response (SRES32 bit) SRESSRES Fn Fn Authentication: are SRES values equal?
  • 26. Authentication and Encryption Scheme * A3 Input: 128-bit RAND random challenge, Ki 128- bit private key • A3 Output: 32-bit SRES signed response • A8 Input: 128-bit RAND random challenge, Ki 128-bit private key • A8 Output: 64-bit Kc Cipher Key, used for A5
  • 27.
  • 28. GSM Basic Call Sequence The process for calling MS and called MS are two independent flow. The calling party begins with channel request and ends with TCH assignment competition. In general, the calling party includes following several stages: access process, authentication and ciphering process, TCH assignment process. So, we take the sequence from mobile to land as example, in this sequence, we mainly devote to the calling party.
  • 29. Mobile to Land Sequence MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN SIGNALING LINK ESTABLISHED PSTN
  • 30. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC PSTN Mobile to Land Sequence
  • 31. Mobile to Land Sequence MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN SIGNALING LINK ESTABLISHED PSTN
  • 32. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC PSTN Mobile to Land Sequence
  • 33. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE PSTN Mobile to Land Sequence
  • 34. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info PSTN SFOC Mobile to Land Sequence
  • 35. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. PSTN SFOC Mobile to Land Sequence
  • 36. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. 6 COMPLETE CALL CALL PROCEEDING <SDCCH> PSTN SFOC Mobile to Land Sequence
  • 37. Mobile to Land Sequence 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE circuit<FACCH> MS BSS MSC VLR HLR PSTN
  • 38. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
  • 39. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
  • 40. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect 10 Connect Acknowledge <FACCH> circuit<FACCH> <TCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops HELLO! MS BSS MSC VLR HLR PSTN BILLING STARTS Mobile to Land Sequence
  • 41. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE PSTN Mobile to Land Sequence
  • 42. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info PSTN SFOC Mobile to Land Sequence
  • 43. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. PSTN SFOC Mobile to Land Sequence
  • 44. MS BSS MSC VLR HLR 1 CHANNEL REQUEST <RACH> <AGCH>DCCH ASSIGN <SDCCH> SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE CR CC 3 AUTHENTICATION SET Cipher MODE 4 SET-UP <SDCCH> Call Info 5 EQUIP. ID REQ. 6 COMPLETE CALL CALL PROCEEDING <SDCCH> PSTN SFOC Mobile to Land Sequence
  • 45. Mobile to Land Sequence 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE circuit<FACCH> MS BSS MSC VLR HLR PSTN
  • 46. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
  • 47. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect circuit<FACCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops MS BSS MSC VLR HLR PSTN Mobile to Land Sequence
  • 48. 7 ASSIG. COMMAND <SDCCH> ASSIG. COMPLETE Address Complete(ACM) Alerting <FACCH> 9 Answer (ANS)Connect 10 Connect Acknowledge <FACCH> circuit<FACCH> <TCH> Initial and Final Address 8 Message (IFAM) MS hears ring tone from land phone <FACCH> Ring tone stops HELLO! MS BSS MSC VLR HLR PSTN BILLING STARTS Mobile to Land Sequence
  • 49. GSM Basic Call Sequence For the called party, the flow for the called party begins when MSC sends paging command to the called party, ends when two party start talk. In general, this call flow includes several stages: access process, authentication and ciphering process, TCH assignment process, talk process, release process.
  • 50. MS BSS MSC VLR HLR GMSC (MSISDN) (MSISDN)(IMSI) (MSRN) (MSRN) (LAI & TMSI) (TMSI)(TMSI) Initial and Final 1 Address Message PSTN (MSRN) (MSRN) 2 Send Routing Info 3 Routing Info Ack Initial and Final Address Message 4 Send Info For I/C Call Setup 5 Page Paging Request <PCH> Land to Mobile Sequence
  • 51. <FACCH> (channel) (circuit) <FACCH> 9 Assignment Command Assignment Complete Alert <TCH> <FACCH>10 Connect Connect ACK ANS <TCH> Hello... Address Complete MS BSS MSC VLR HLR GMSC PSTN Billing starts Ring Tone at the land phone Ringing stops at land phoneSubscriber picks up Land to Mobile Sequence
  • 52. Attacks on GSM OSMOCOMBB sniffing MIMT attack on call MIMT attack on SMS Attack using data card ……… ….. … .. .