You are on page 1of 3

Follow: RSS

Pentura Labs's A security research blog at Pentura

Blog

Home About Downloads

TAGS What is 2G, 3G, 4G? Subscribe to Pentura Labs


2G, 3G, 3GPP, by Andy on December 7, 2013
4G, BSC, BTS,
EnodeB, EPC, Subscribe in a reader
Femto,
Femtocell,
GGSN, GPRS, Recent Posts
HeNB, HLR,
ipsec, LTE, MS, SNMPPLUX
MSC, nodeB,
Finding and Exploiting Same Origin Method
PCRF, PDN, PGw,
SGw, SSGN, VLR Execution vulnerabilities
[IRCCloud] History and Another XSS
Bug Bounty
[IRCCloud] Inadequate input validation on
API endpoint leading to self denial of
service and increased system load
Most businesses do not understand data
breach risks

Categories
Introduction
With all the recent fuss over 4G / LTE. Pentura thought a nice blog post 13.56MHz 125kHz Adafruit Android
highlighting the changes and developments of mobile infrastructure would apache arduino Bluetooth breach
be interesting for our readers. Below is a high-level description of the 2G,
clone cookies Cross Site Scripting data
3G, 3G-Femto and finally 4G networks.
default files DLP Ducky electronics
Encryption exploit exploitation
2G
firefox flash flex fuzzing Hak5
2G (GSM/GPRS) is the initial backbone for all mobile infrastructure. At the
front end it comprises of a Radio Tower (BTS) , and the Base Station HF HID IPad java javascript LF Linux
Controller (BSC). The backend comprises of the usual core components the metasploit Microsoft Windows
HLR, VLR, MSC.
MIFARE Open Source OpenWrt
opinion pentesting
pentura PHP Pi Pineapple
Pololu privacy privilege escalation
Programming proxmark Proxmark3
Radio Raspberry Pi rdggeek RFID
robotics robotics week rootedcon RTL-
SDR SDR security server

audit snmp social engineering ssl talks


Telephony twitter USB USB Rubber

Ducky web web security Wi-Fi WiFi


Windows Windows Security xss Zumo

3G
When it came to implementing 3G, the decision was made to build on top of
the existing 2G infrastructure and share some of the backend components.
The only dierence is the Radio Tower (NodeB) that supports a higher data
rate (faster speed) together with a Radio Network Controller (RNC). Note:
Users are referred to User Entities (UE). The backend comprises of the usual
core components the HLR, VLR, MSC, with the addition of the SSGN and
GGSN; which provide access to the Packet Switching Network, otherwise
known as the INTERNET!

The diagram below shows how 2G (top) and 3G/UMTS (bottom) networks
work side-by-side:

3G Femtocell Technology
This technology allows customers with broadband connections so set up
their own mini mobile tower in their home/business supporting up to 8
Mobile Subscribers (MS). The femtocell is known as an eNodeB or rather a
Home eNodeB (HeNB), that then tunnels all communication down an IPSEC
tunnel to your cellular providers IPSEC gateway; Thus being able to talk to
your cellular providers core network.

Note: The Femtocells do not support encryption unlike the big eNodeBs on
your cellular network. So if you monitor the connection between your
handset and the Femtocell you will see the negotiation of the A5/0
encryption scheme; A5/0 = NO ENCRYPTION!

4G
This is now where things become a little different

Again the Radio Tower is connected to a device called an eNodeB (like the
Femto Cell), this connects to the EPC. The EPC is an all-in-one solution that
contains the following components : Mobile Management Entity (MME)
(replacing the MSC); which in turn connects to the Service Gateways SGw
and PGw (which replace the GGSN and the SSGN) and the Policy Charging
and Rules Functionality (PCRF): performing bandwidth shaping and billing.
That connects users to the Public Data Network (Internet),

Rate this:

3 Votes

Share this:

Email Facebook Twitter

Like

Be the first to like this.


From infosec, mobile, pentesting, pentura, Radio, Telephony

Leave a Comment

Leave a Reply

Enter your comment here...

NDProxy Privilege Escalation (CVE-2013-5065)


How to Create Mark V Pineapple Infusions/Plugins

Blog at WordPress.com.

You might also like