summaryrefslogblamecommitdiffstats
path: root/Tex/Master/Master.toc
blob: a71c596521c509a20be11fa290fe8cfa96f3dd25 (plain) (tree)
1
2
3
4
5
6
7
8
9
                          
                                                       
                                                      
                                                       




                                                                     
                                                          







                                                                         
                                                          















                                                                     

                                                                    


                                                                           

                                                                    
                                                 
                                                                

                                                       
                                                                        













                                                                           
                                                      


                                                                    

                                                                             

                                                                           















                                                                         
\select@language {english}
\contentsline {chapter}{\numberline {1}Introduction}{1}
\contentsline {section}{\numberline {1.1}Structure}{1}
\contentsline {section}{\numberline {1.2}Disclaimer}{1}
\contentsline {chapter}{\numberline {2}GSM}{3}
\contentsline {section}{\numberline {2.1}A Historical Perspective}{3}
\contentsline {section}{\numberline {2.2}The GSM Network}{5}
\contentsline {subsection}{\numberline {2.2.1}Mobile Station}{6}
\contentsline {subsection}{\numberline {2.2.2}Network Subsystem}{9}
\contentsline {subsubsection}{Mobile Switching Center}{10}
\contentsline {subsubsection}{Home Location Register}{10}
\contentsline {subsubsection}{Visitor Location Register}{12}
\contentsline {subsubsection}{Equipment Identification Register}{12}
\contentsline {subsubsection}{Authentication Center}{12}
\contentsline {subsection}{\numberline {2.2.3}Intelligent Network}{14}
\contentsline {subsection}{\numberline {2.2.4}Base Station Subsystem}{15}
\contentsline {subsubsection}{Frequencies and the Cellular Principle}{15}
\contentsline {subsubsection}{Base Transceiver Station}{18}
\contentsline {subsubsection}{Base Station Controller}{20}
\contentsline {subsubsection}{Transcoding rate and Adaption Unit}{21}
\contentsline {section}{\numberline {2.3}The $U_m$ Interface}{22}
\contentsline {subsection}{\numberline {2.3.1}Radio Transmission}{23}
\contentsline {subsubsection}{Frame Numbering}{24}
\contentsline {subsubsection}{Burst Types}{26}
\contentsline {subsection}{\numberline {2.3.2}Logical Channels}{27}
\contentsline {subsubsection}{Dedicated Channels}{28}
\contentsline {subsubsection}{Common Channels}{28}
\contentsline {subsubsection}{Combinations}{29}
\contentsline {subsection}{\numberline {2.3.3}Layers}{30}
\contentsline {paragraph}{Physical Layer (Layer 1):}{30}
\contentsline {paragraph}{Data Link (Layer 2):}{30}
\contentsline {paragraph}{Network (Layer 3):}{30}
\contentsline {section}{\numberline {2.4}IMSI-Catcher}{32}
\contentsline {subsection}{\numberline {2.4.1}Mode of Operation}{33}
\contentsline {subsubsection}{Attacks}{35}
\contentsline {paragraph}{MS is in normal cell selection mode:}{35}
\contentsline {paragraph}{MS is already connected to a network:}{35}
\contentsline {subsubsection}{Risks and Irregularities}{36}
\contentsline {subsection}{\numberline {2.4.2}Law Situation in Germany}{36}
\contentsline {chapter}{\numberline {3}IMSI Catcher Detection}{39}
\contentsline {section}{\numberline {3.1}Framework and Hardware}{39}
\contentsline {subsection}{\numberline {3.1.1}OsmocomBB}{39}
\contentsline {subsubsection}{Project Status}{40}
\contentsline {subsection}{\numberline {3.1.2}Motorola C123}{41}
\contentsline {subsubsection}{OsmocomBB and ICDS}{42}
\contentsline {section}{\numberline {3.2}Procedure}{43}
\contentsline {subsection}{\numberline {3.2.1}Information Gathering}{43}
\contentsline {subsection}{\numberline {3.2.2}Information Evaluation}{46}
\contentsline {subsubsection}{Neighbourhood Structure}{48}
\contentsline {subsubsection}{Base Station Evaluation}{49}
\contentsline {subsection}{\numberline {3.2.3}Forged Parameters}{51}
\contentsline {subsubsection}{Database Rules}{52}
\contentsline {section}{\numberline {3.3}IMSI Catcher Detection System}{53}
\contentsline {subsection}{\numberline {3.3.1}Implemetation}{53}
\contentsline {subsection}{\numberline {3.3.2}Configuration}{54}
\contentsline {subsection}{\numberline {3.3.3}Operation}{55}
\contentsline {paragraph}{Sweep scans:}{58}
\contentsline {paragraph}{CellID Information:}{58}
\contentsline {paragraph}{Location Area Database:}{60}
\contentsline {paragraph}{Scan Encryption:}{60}
\contentsline {paragraph}{User Mode:}{60}
\contentsline {chapter}{\numberline {4}Evaluation}{61}
\contentsline {section}{\numberline {4.1}Performance Evaluation}{61}
\contentsline {subsection}{\numberline {4.1.1}Scan Duration}{62}
\contentsline {subsection}{\numberline {4.1.2}Cell ID Databases}{63}
\contentsline {subsection}{\numberline {4.1.3}Encryption Detection Speed}{63}
\contentsline {section}{\numberline {4.2}IMSI Catcher Detection}{63}
\contentsline {subsection}{\numberline {4.2.1}Open Source IMSI Catcher}{64}
\contentsline {subsection}{\numberline {4.2.2}Rule Evaluation}{65}
\contentsline {subsection}{\numberline {4.2.3}Long Term Test}{66}
\contentsline {subsection}{\numberline {4.2.4}Attack Scenarios}{67}
\contentsline {chapter}{\numberline {5}Conclusion}{69}
\contentsline {section}{\numberline {5.1}Future Work}{69}
\contentsline {chapter}{Bibliography}{71}
\contentsline {chapter}{\numberline {A}OsmocomBB}{75}
\contentsline {section}{\numberline {A.1}Installation}{75}
\contentsline {section}{\numberline {A.2}Usage}{76}
\contentsline {section}{\numberline {A.3}Serial Cable Schematics}{77}
\contentsline {chapter}{\numberline {B}IMSI Catcher Detection System}{79}
\contentsline {section}{\numberline {B.1}Extextions}{79}
\contentsline {section}{\numberline {B.2}Example Configuration}{80}
\contentsline {chapter}{\numberline {C}System Information}{83}
\contentsline {chapter}{\numberline {D}Evaluation Data}{89}
\contentsline {section}{\numberline {D.1}IMSI Catcher Configurations}{89}
\contentsline {chapter}{Acronyms}{91}