GSM Mobile Security .

Uploaded on:
Presentation. With GSM, frameworks for versatile correspondence came to a worldwide scale. In the western world, it appears everybody has their own cellular telephone, and GSM has taken more of the business sector. GSM permits clients to wander consistently in the middle of systems, and separate the client personality from the telephone gear. Also the GSM framework gives the useful premise to the third era crowd
Slide 1

GSM Mobile Security Prepared by: Leen F. Arikat

Slide 2

Introduction With GSM, frameworks for portable correspondence achieved a worldwide scale. In the western world, it appears everybody has their own particular cell phone, and GSM has taken increasingly of the market. GSM permits clients to wander flawlessly amongst systems, and separate the client personality from the telephone gear. What\'s more the GSM framework gives the useful premise to the third era portable framework, UMTS.

Slide 3

Some GSM Facts Nearly 1 billion endorsers overall Estimated that overall cell phone misrepresentation will reach $40 billion dollars US Law implementation specialists have found that 80% of street pharmacists captured in US utilizing cloned cell phones. Incidentally, Pablo Escobar the top Columbian street pharmacist was found by checking his cell phone action. Two angles important to a Forensic Analyst Has the telephone been utilized for a criminal demonstration? Could the telephone be utilized to secure a conviction?

Slide 4

Some GSM Facts The European Telecommunication Standards Institute (ETSI) controls the GSM standard (each of the 4000 pages of it!). Any hardware utilized on a GSM arrange needs to have endorsement by the ETSI. All MS\'s are autonomous from any system.

Slide 5

What are the segments of a GSM organize? Endorser Equipment The Mobile Station (MS) is the client gear in GSM. It is the thing that the client can see of the GSM framework. The station comprises of two elements: The Mobile Equipment (the telephone itself) The Subscriber Identity Module (SIM)

Slide 6

Components of a GSM arrange (cont..) The Switching System (SS) Home Location Register (HLR) - A database which stores information about GSM supporters, including the Individual Subscriber Authentication Key (Ki) for every Subscriber Identity Module (SIM). Portable Services Switching Center (MSC) - The system component which plays out the communication exchanging elements of the GSM arrange. Guest Location Register (VLR) - A database which stores transitory data about wandering GSM supporters. Verification Center (AUC) - A database which contains the International Mobile Subscriber Identity (IMSI) the Subscriber Authentication key (Ki), and the characterized calculations for encryption. Gear Identity Register (EIR) - A database which contains data about the personality of portable hardware so as to keep calls from stolen, unapproved, or damaged versatile stations.

Slide 7

Components of a GSM organize (cont..) The Base Station System (BSS) Base Station Controller (BSC) - The system component which gives all the control capacities and physical connections between the MSC and BTS. The BSC gives capacities, for example, handover, cell arrangement information, and control of radio recurrence (RF) control levels in Base Transceiver Stations. Base Transceiver Station (BTS) - The system component which handles the radio interface to the portable station. The BTS is the radio gear (handsets and reception apparatuses) expected to benefit every phone in the system.

Slide 8

Components of a GSM organize (cont..) The Operation and Support System (OSS) Message Center (MXE) - A system component which gives Short Message Service (SMS), voice message, fax mail, email, and paging. Portal Mobile Services Switching Center (GMSC) - A system component used to interconnect two GSM systems.

Slide 9

The Subscriber

Slide 10

How to Identify a Subscriber Every versatile supporter is issued with a brilliant card called a Subscriber Identity Module (SIM) As physical confirmation the SIM gives subtle elements imprinted on the surface of; Name of the Network Provider Unique ID Number

Slide 11

Electronic Access to the SIM Every SIM can be secured by a Personal Identification Number (PIN) Set at purpose of make Can be changed by the Subscriber Four digit code Usually 3 endeavors before telephone is blocked Bypassing the PIN requires the Pin Unblocking Key (PUK) 8 digit code Set by producer Maximum 10 endeavors before telephone is for all time blocked

Slide 12

What Can Be Extracted From A SIM? As SIM is a keen card it has A processor Non-unstable memory Processor is utilized for giving access to the information and security To get to the information we require; Standard savvy card peruser SIM get to Software Data put away in twofold records

Slide 13

What Can Be Extracted From A SIM? Preferably an Analyst would download a picture of the substance and process a hash estimation of the substance as a method for approving creativity of substance At present documents are downloaded customarily Software Sim Manager Pro ChipIt SimScan Cards4Labs just accessible to Law Enforcement Agencies Produces a content report of substance as opposed to downloading. 29 records put away on a SIM

Slide 14

Location Information File The bytes 5-9 of the LOCI contain the system Location Area Identifier (LAI) code Network Operator particular This information is held when the MS is shut down Updated as MS moves starting with one area then onto the next Analyst can figure out which area the MS was available in when last utilized. Area Areas can contain numerous cells. LOCI DOES NOT DETAIL WHICH CELL! Cell information not put away on SIM.

Slide 15

Serial Number Integrated Circuit Card Identifier Corresponds to the number imprinted on the surface of the SIM Identifies the SIM

Slide 16

Subscriber Identifier International Mobile Subscriber Identity As put away in the HLR/VLR\'s on the systems Unique ID for each membership on the Operator\'s system

Slide 17

Phone Number Mobile Station International ISDN number

Slide 18

Text Message Data (SMS) Short Message Service is a mainstream specialized strategy Most SIM\'s have 12 openings for putting away messages Modern MS\'s permit stockpiling on the gadget also

Slide 19

Text Message Data (SMS) - Status When client erases a message just the status banner is changed Therefore, giving the message has not been overwritten any message in a space can be recuperated and deciphered utilizing programming

Slide 20

Threats to SIM Data Knowledgeable lawbreakers will know about the properties of the SIM and consequently control them. More prominent danger is that of cloning SIM information for illegal utilize Two key bits of information IMSI The information encryption scratch (Ki) IMSI can be acquired; Directly from the SIM utilizing a filtering programming Eaves-dropping on the systems for decoded transmission of the IMSI Ki can\'t typically be gotten straightforwardly as it is gotten from an encryption calculation put away on the SIM However, in the event that the encryption calculation is feeble then it is conceivable to encourage numbers

Slide 21

Threats to SIM Data Obtaining clear SIMs These cards can be requested from a similar source where organize suppliers get their cards. The card should then be customized with a unique instrument for programming of crisp cards. Such an apparatus is dispersed together with the Sim-Scan bundle. An assailant could likewise get hold of a non specific shrewd card and savvy card software engineer, and after that program the card to go about as a SIM.

Slide 22

The Equipment

Slide 23

Generic Properties All MS\'s have GSM measures on how they get to and speak with the system and SIM card Every MS has an extraordinary ID called the International Mobile Equipment Identity (IMEI) Everything else is producer subordinate File framework Features Interface Etc. Need to ask for the SIM PIN if actuated May have discretionary MS PIN

Slide 24

MS Data Very much subject to the model, may incorporate; IMEI Short Dial Numbers Text/Multimedia Messages Settings (languge, date/time, tone/volume and so on) Stored Audio Recordings Stored pictures/interactive media Stored Computer Files Logged approaching calls and dialed numbers Stored Executable Progams (eg J2ME) Stored Calendar Events GPRS, WAP and Internet settings

Slide 25

Threats to MS Data Tools, for example, Flashers and Data Suites can be utilized to specifically control MS information Common danger is evacuating the Service Provider Lock (SP-Lock) restricting the MS to a solitary arranged. Changing the IMEI on stolen telephones Networks boycott stolen IMEI\'s in the EIR. Can likewise be utilized to abstain from following a MS. Recognizing changes to the IMEI Compare the electronic IMEI with that imprinted within the gadget

Slide 26

The Network

Slide 27

Network Operator Data The Network Operators can give itemized information on calls made/got, message movement, information exchanged and association area/timing The HLR can give; Customer name and address Billing name and address (if other than client) User name and address (if other than client) Billing account subtle elements Telephone Number (MSISDN) IMSI SIM serial number (as imprinted on the SIM-card) PIN/PUK for the SIM Subscriber Services permitted

Slide 28

The Call Data Records (CDR\'s) Produced in the beginning MSC exchanged to the OMC Every call Every message Each CDR contains; Originating MSISDN Terminating MSISDN Originating and ending IMEI Duration of call Type of Service Initial serving Base Station (BTS) (not consequent BTSs after handover)

Slide 29

Threats to Network Operator GSM not invulnerable to block attempt It is feasible for the system to arrange the MS to turn on and off encryption now and again of high stacking This flag can be satirize utilizing a man-in-the-center assault

Slide 30

GSM Security Operation GSM systems use encryption for three purposes: Authentication Encryption Key era

Slide 31

GSM Security Operation (Cont..) GSM gives validation of clients and encryption of the activity over the air interface. This is refined by giving the client and system a mutual mystery, called Ki. This 128-piece number is put away on the SIM-card, and is not specifically available to the client. Every time the portable associates with the system, the system verifies the client by sending an irregular number (test) to the versatile. The SIM then uses a confirmation calculation to register a validation token SRES utilizing the arbitrary number and Ki.

Slide 32

GSM Security Operation (Cont..) The portable sends the SRES back to the system which looks at the esteem

View more...