Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Hardware and software
1.1 Software Defined Radio (SDR)
1.2 USRP
1.2.3 USRP Daughterboards
1.3 Hardware used for this thesis
1.4 GNU Radio
1.5 AirProbe
1.6 Gammu
1.8 A5/1 Cracking project
1.9 Software used for this thesis
1.10 Traces throughout this thesis
Network Architecture
2.1 Mobile Station (MS)
2.1.1 Mobile Equipment (ME)
2.1.2 Subscriber Identity Module (SIM)
2.2 Base Station Subsystem (BSS)
2.2.1 Base Transceiver Station (BTS)
2.2.2 Base Station Controller (BSC)
2.3 Network Switching Subsystem (NSS)
2.3.1 Mobile Switching Center (MSC)
2.3.2 Gateway Mobile Switching Center (GMSC)
2.3.3 Home Location Register (HLR)
2.3.4 Visitor Location Register (VLR)
2.3.5 Authentication Centre
2.3.6 Equipment Identity Register (EIR)
2.4 Interfaces
2.5 Scenarios
2.5.1 Authentication
2.5.2 Location Updates
Timed Location Update
Log on
Roaming Location Update
2.5.3 Call setup
Mobile Originating Call (MOC)
Mobile Terminating Call (MTC)
The air-interface
3.1 On Frequencies
3.1.1 FDMA
3.1.2 Frequency Hopping
3.2 Time Division Multiple Access
3.3 From speech to signal
4.2 Channels
4.2.1 Channel combinations
4.3 Burst types
4.4 Burst assembly and channel encoding
4.5 Scenarios
4.5.1 Sign on
4.5.2 Channel setup
4.5.3 Mobile Originated Call (MOC)
Um layer 2
5.1 Layer 2 control frames
5.2 The I-frame header
5.2.1 The Address field
5.2.2 The control field
5.2.3 The length field
Um layer 3
6.1 Layer 3 frames
6.1.1 Layer 3 frame header
6.1.2 Layer 3 frame data
6.2 Radio Resource (RR)
6.3 Mobility Management(MM)
6.4 Call Control (CC)
6.5 Scenarios
6.5.1 Location registration
6.5.2 Mobile Originating Call (MOC)
7.1 Authentication
7.1.1 COMP128v1
7.2 Confidentiality
7.2.1 A5/1
GSM Security
8.1 Security goals
8.1.1 ETSI defined security goals
• connectionless user data confidentiality
Subscriber identity confidentiality
Subscriber identity authentication
User data confidentiality on physical connections
Connectionless user data confidentiality
Signaling information element confidentiality
8.1.2 Other security goals
8.2 Attacks
8.2.1 Confidentiality attacks
Passive eavesdropping
Active eavesdropping
Semi-active eavesdropping
8.2.2 Location privacy and identity privacy attacks
IMSI catchers
Radio Resource Location Protocol (RRLP)
8.2.3 Authenticity attacks
SIM cloning
Fake base station attack
8.2.4 Availability attacks
Future Work
0 of .
Results for:
No results containing your search query
P. 1
Catching and Understanding GSM Signals[1]

Catching and Understanding GSM Signals[1]

|Views: 796|Likes:
Published by Ian Meakin

More info:

Published by: Ian Meakin on Nov 14, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 4 to 40 are not shown in this preview.
You're Reading a Free Preview
Pages 44 to 95 are not shown in this preview.
You're Reading a Free Preview
Pages 99 to 113 are not shown in this preview.

Activity (5)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
zenios2090 liked this
Luis Mario Armenteros liked this
Anwar Mohamed liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->