GSM Research

Chair in Communication Systems Department of Applied Sciences University of Freiburg 2 !

Dennis "ehrle# $onrad Meier# Dir% von Suchodolet&# $laus Rechert# Gerhard Schneider

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research 2

1. GSM Infrastructure
 GSM is a cellular net,or%  .argest mobile net,or% ,orld ,ide  Subscriber vie,2
/ Mobile Station
3 Cell phone 3 S*M card

/ 4ase Station 5ransceiver 645S7
3 8rovides access to the net,or% over the air interface 3 Different fre9uency bands GSM :' # 0GSM ; # DCS !: # 8CS !;
!'( )(!! GSM Research )

1. GSM Infrastructure
 +perator 1 <et,or% vie,

!'( )(!!

GSM Research

-

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research '

2. GSM Analysis
 Analysis from the subscriber point of vie,
/ <o%ia ))!
3 <etmonitor to sho, net,or% parameters and cell phone state 3 Gammu>!? captures data received and transmitted by the phone(

/ USR8>2?
3 Fle@ible soft,are radio 3 GSM signals can be captured( 3 Data processing is done ,ith airprobe(>)?
[1] Gamm ! http!""wamm #e "$amm " [%] USRP from &tt s Resear'h! http!""www#ett s#'om [3] airpro(e! https!""svn#(erlin#'''#de"pro)e'ts"airpro(e"
!'( )(!! GSM Research

Nokia 3310

Universal Software Radio Peripheral (USRP)
=

2. GSM Analysis
 Gammu output displayed ,ith "ireshar%  <o%ia ))! <etmonitor

'ell parameters

pa$in$ re* est with +,S+
!'( )(!! GSM Research

nei$h(orhood list
A

2. GSM Analysis
 Analysis from the provider point of vie,
/ Access to a real/,orld GSM net,or% is hard to get( / 5herefore ,e have set up our o,n GSM net,or% called RB/GSM( / Research net,or% for2
3 3 3 3 3 C8layingD ,ith the GSM topic in a meaningful ,ay Statistics about user behavior ,ithin the net,or% 8ositioning of Mobile Station GSM encryption A'1! "hat information can1,ill be gathered by the providerE 3 Fo, to protect the user in a GSM net,or%E
!'( )(!! GSM Research :

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research ;

3. Our own GSM network
 GSM net,or%2 RB/GSM
/ Soft,are2
3 +pen4SC>!?2 +pen/Source soft,are implementation of a GSM 4ase Station Controller 3 .CR>2? 3 Asteris%>)? Goice communication server for routing the calls

/ Fard,are
3 ip(access <ano45S 3 Small GSM picocell
[1] /pen-S0! http!""open(s'#osmo'om#or$ [%] 10R! http!""www#lin 23'all3ro ter#de" [3] 4sterisk! http!""www#asterisk#or$"
!'( )(!! GSM Research

ip#a''ess nano-.S
!

3. Our own GSM network
 GSM net,or%2 RB/GSM
Some facts2 ) 45S ! 4SC MSC HI Asteris% Databases HI SJ. Connection to2 / S*8 / *SD< / mobile net,or%s / fi@ed net,or%s
!'( )(!! GSM Research !!

3. Our own GSM network
 Measuring the received signal strength
Can ,e use this data to calculate the position of a subscriberE
/ Fo, precise is itE / Comparison of different approaches / +ngoing research

re'eived si$nal stren$th at the fa' lt5 site
!'( )(!! GSM Research !2

3. Our own GSM network
 Statistics about the net,or%
!(2(2 !! to ;()(2 !!

n m(er of 'alls6 S,S and lo'ation pdates

ori$in of the s (s'ri(ers

!'( )(!!

GSM Research

!)

3. Our own GSM network
 Statistics about the net,or%
!(2(2 !! to ;()(2 !!

s (s'ri(ers witho t German5
!'( )(!! GSM Research !-

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research !'

4. Security on GSM
 +riginal intention2
/ Anonymi&ation of subscribers 6usage of temporary identifier 5MS*7 / 8revention of eavesdropping 6encryption7

 5hrough the lac% of computing po,er and suitable hard,are for analysis# GSM ,as KsecureK for a long time(  4ut by no, there e@ists several hard,are components and soft,are proLects that can be used to analy&e# crac% and build up GSM net,or%s(
!'( )(!! GSM Research !=

4. Security on GSM
 8roblems2
/ <o physical access needed for attac%ers 6e(g( cable/based communication7 / Radio ,aves spread ,ith less1no control( / Much information is not encrypted during transmission(

!'( )(!!

GSM Research

!A

4.1 Localization in GSM
 "hy is it necessary to %no, the positionE / Subscribers are moving 3 5he net,or% has to %no, appro@imate position in order to deliver calls or SMS( / Security reasons 3 *n case of emergency 1 prosecution / Charging 1 Services 3 Use the position for charging different fees 6e(g( home &one7 / *nformation/based 3 "here is the ne@t restaurantE / 8osition/based 3 4usiness aspects 6trac%ing cargo7
!'( )(!! GSM Research !:

4.1 Localization in GSM
 Accuracy2 Depends on the density of the net,or%
/ City2 up to a fe, 6hundred7 meters / Rural area2 up to several %ilometers / *mprovement2 Combination ,ith G8S

 Fo, does it ,or%E
/ Depends on the service provider 3 F.R loo%up of the last %no,n position 3 Active loo%up by sending silent SMS to get the current position

 8roblem2
/ Misuse of the data / *t is not clear ,hat happens ,ith the data2 3 e(g(2 5he Austria provider A! sells anonymi&ed data
!'( )(!! GSM Research !;

4.1 E a!"le# Localization in GSM

7ispla5ed ran$e

0orre't position! 'omp ter 'enter

!'( )(!!

GSM Research

2

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research 2!

4.2 IMSI$%atc&er
 *MS*2
/ "orld,ide uni9ue identifier for the S*M / Stored on the S*M

 *M0*2
/ "orld,ide uni9ue identifier for the Mobile Station

 *MS*/Catcher2
/ May only be used by public authorities 6in Germany7 / 8rice is really high 6I M! Rohde N Sch,ar&7 / 4ut ,ith USR8 you can build a cheap one 6O M!' 7(

 8roblems2
/ *dentity of the user can be revealed / Record conversation / 8roduce a moving profile
!'( )(!! GSM Research 22

4.2 IMSI$%atc&er
 Fo, does it ,or%E
/ Simulates a base station as part of a regular mobile radio net,or% 6in Germany2 D!# D2# 0/8lus# +27 / During the login procedure the Mobile Station transmits the *MS* 1 *M0*(

 5his is successful because GSM doesnPt provide mutual authentication( +nly the Mobile Stations have to authenticate correctly(

!'( )(!!

GSM Research

2)

4.2 IMSI$%atc&er
8Standard8 +,S+30at'her!

/pen So r'e +,S+30at'her!

!'( )(!!

GSM Research

2-

4.2 Lo'in to IMSI$%atc&er
 Fo, to induce the Mobile Station to s,itch to the *MS*/ CatcherE  Mobile Station2
/ Stores the last used fre9uency on S*M( / DonPt scan the ,hole fre9uency/band if it has a connection( / 5ry to stay in the formerly used net,or%( / Use the neighborhood list to scan for proper 45S(

 8roblem2
/ *f the *MS*/Catcher isnPt on the neighborhood list# it ,ill not be recogni&ed(

 Solutions2
/ Force the Mobile Station to s,itch to the *MS*/Catcher( / Use a GSM/Qammer to induce the Mobile Station to rescan the fre9uency/band
!'( )(!! GSM Research 2'

4.2 Lo'in to IMSI$%atc&er
Forcing the Mobile Station to s,itch to the *MS*/Catcher2 !( Mobile Station listens to 45S!
/ 45S!2 5ransmits list of neighbors

2( <eighborhood/Measurement )( 5urn *MS*/Catcher on
/ Fa%e 45S-# ,hich has the ,orst receiving signal strength( / MS believes that the signal strength of 45S- is no, better than the signal strength of 45S!(

-( MS s,itch to *MS*/Catcher(
!'( )(!! GSM Research 2=

4.2 (rotection a'ainst IMSI$%atc&ers
 RCatchingC *MS*2
/ <o protection against catching the *MS* / Mobile phone can not differentiate bet,een the CvisibleD radio cells

 <ormally the user should be notified of the use of an unencrypted net,or%( 4ut2
/ Modern devices do not display if the connection is secure or not( / <otification about unencrypted connections can be disabled via a flag on the S*M card(

 Solution2 Use cryptographic enabled mobile phones ,ith an end/to/end encryption(
!'( )(!! GSM Research 2A

4.2 (rotection a'ainst IMSI$%atc&ers
 *s it sufficient to use UM5S Mobile Stations for protectionE <oS2
/ A fall/bac%/to/GSM/function e@ists if there is no surrounding UM5S net,or% available( HI UM5S/Qammer / *t is theoretically possible to build a UM5S/*MS*/Catcher

!'( )(!!

GSM Research

2:

Overview
!( GSM *nfrastructure 2( Analysis of GSM )( +ur o,n GSM net,or% -( Security
-(! .ocali&ation -(2 *MS*/Catcher -() 0ncryption A'1!
!'( )(!! GSM Research 2;

4.3 Encry"tion A)*1
 Content of the communication is encrypted 6speech data# SMS7  5hree GSM encryption standards2
/ A'1 2 no encryption( Should not be used( / A'1!2 CstrongestD encryption( Currently used( / A'122 ,ea% encryption( <o longer used(

 0ncryption Algorithm A'1! developed in !;:A
/ +nly =- 4it $ey / Security by +bscurity / General Design lea%ed in !;;-# fully reverse engineered in !;;;
!'( )(!! GSM Research )

4.3 Encry"tion A)*1
 Session %ey $c is calculated from private %ey $i and random number RA<D

 $c is used to encrypt plainte@t2

!'( )(!!

GSM Research

)!

4.3 Encry"tion A)*1
 8roblem2
/ Algorithm is too old and not longer save( / $ey space can be reduced / "ith todayPs computing po,er the encryption can be bro%en in seconds by using rainbo, tables( / *nterception of GSM signals is no longer a problem(
3 USR8 3 Motorola C!2) ,ith +smocom44>!?

[1] /smo'om--! http!""((#osmo'om#or$"
!'( )(!! GSM Research

,otorola 01%3
)2

4.3 Encry"tion A)*1
 Rainbo, 5ables
/ Si&e !(A 54 / Calculated ,ith A5* graphic cards( / Available on the *nternet via bittorrent(

 Attac% is based on %no,n plainte@t
/ Some signaling messages are %no,n both unencrypted and encrypted( / Session %ey $c can be calculated in seconds( / 8rivate %ey $i can not be calculated ,ith this attac%( 4ut this is not necessary to decode the encrypted data(
!'( )(!! GSM Research ))

4.3 Encry"tion A)*1
 GSM encryption is no longer secure  BUT: More and more devices are using GSM to transmit data(
/ Mobile 5A< for online ban%ing2 5A< transmitted via SMS / Gending machines2 *nformation about the fill level / Rail,ay GSM2 *nformation about the status of the train / Smart meter2 *nformation about the electricity consumption

 *s this really a good ideaE
!'( )(!! GSM Research )-