summaryrefslogtreecommitdiffstats
path: root/Tex/Content/Motivation.tex
diff options
context:
space:
mode:
authorTom2012-06-01 18:06:16 +0200
committerTom2012-06-01 18:06:16 +0200
commitd295a0cbff87fa0b87e37cf2dce9edb3c51222b7 (patch)
tree31bdac2a79597b3594ae3ade387086fd176df6ad /Tex/Content/Motivation.tex
parentnew pictures (diff)
downloadimsi-catcher-detection-d295a0cbff87fa0b87e37cf2dce9edb3c51222b7.tar.gz
imsi-catcher-detection-d295a0cbff87fa0b87e37cf2dce9edb3c51222b7.tar.xz
imsi-catcher-detection-d295a0cbff87fa0b87e37cf2dce9edb3c51222b7.zip
finished suggestions on chapter 4
Diffstat (limited to 'Tex/Content/Motivation.tex')
-rw-r--r--Tex/Content/Motivation.tex21
1 files changed, 10 insertions, 11 deletions
diff --git a/Tex/Content/Motivation.tex b/Tex/Content/Motivation.tex
index ddc5b12..71c4ad4 100644
--- a/Tex/Content/Motivation.tex
+++ b/Tex/Content/Motivation.tex
@@ -7,31 +7,30 @@ Considering its reception and growth \cite{GSM2009,GSM_history2011,GSM_stats2011
Since the advent of portable radio equipment and portable microprocessors, mobile phones became technologically possible in the 80's.
From that point on commercialisation started with more and more providers emerging.
-With more and more users, security became an ever more important aspect since important telephone calls were now made over radio instead of fixed landlines.
+With more users, security became an ever more important aspect since confidential telephone calls were now made over radio instead of fixed landlines.
In 1996 a device was released that took advantage of a security hole in the \gls{gsm} protocol which enabled it to record phone calls and track users.
This device was developed by Rhode \& Schwartz and was called IMSI catcher.
The name refers to the IMSI number, a unique identification of the user inside the \gls{gsm} network.
It can be obtained by the device by impersonating a base station, which is the entry point of the subscriber to the network.
-In the way of a classical man-in-the-middle attack the IMSI catcher gets the subscriber to connect to it and relay the information to a real base station while harvesting the needed information like calls or IMSI numbers.
+By means of a classical man-in-the-middle attack the IMSI catcher lures the subscriber to connect to it and relay the information to a real base station while harvesting the needed information like calls or IMSI numbers.
This risk is intensified by the fact that several other projects like the Open Source IMSI catcher \cite{dennis} succeeded in building such an IMSI catcher at a very low cost, using hardware and software that is freely available.
-With this hardware it is considerably easier to eavesdrop on and thus breach the privacy of a neighbour or other person than it was when only landlines were used.
-Industrial espionage is another, higher impact area where these devices can be used.
+With this hardware it is considerably easier to eavesdrop on and thus breach the privacy of a neighbour or record corporate phone calls than it was when only landlines were available.
-Up until now countermeasures to IMSI catchers have been given much attention since the commercial grade devices were only available to authorities and abuse was thus not a large topic.
+Up until now countermeasures to IMSI catchers have not been given much attention to since the commercial grade devices were only available to authorities and private abuse was thus not a large topic.
This is where this project is aimed at.
Different ways will be explored on how to identify an IMSI catcher based on its differences to a regular base station.
Additionally information of the surrounding area and tracking of different parameters over time is used to isolate suspicious base stations in the perimeter.
A toolbox is developed that makes it possible to gather and analyse information from all available base stations in an easy manner, the IMSI Catcher Detection System.
-It is also designed to operate in an end user mode where only the provider of the subscriber has to be given to the system and an evaluation is yielded of whether it is safe to place a phone call or not.
+It is also designed to operate in an end user mode where only a very simplified version of the GUI is presented and an evaluation is yielded of whether it is safe to place a phone call or not at the moment.
The tool operates in a completely passive manner only on information that is freely broadcasted, never connecting to base stations in question.
This way the system itself stays invisible to the base stations and thus potential IMSI catchers while evaluating them.
\section{Structure}
The remainder of this thesis is structured as follows:
-The second chapter will give an overview of how a \gls{gsm} network is build up to create a general understanding of the infrastructure in which an IMSI catcher and the detection system work.
+The second chapter will give an overview of how a \gls{gsm} network is built up to create a general understanding of the infrastructure in which an IMSI catcher and the detection system work.
Protocol specifics of the interface on which the two systems operate, the interface between a mobile phone and the base station will be discussed in the second part.
-The chapter concludes with a description of how an IMSI catcher works and which attacks are possible.
+The chapter concludes with a description of how an IMSI catcher works and give an account of what kind of attacks are possible.
In the third chapter, the software framework and hardware that is used to develop the IMSI Catcher Detection System is introduced.
The different procedures used for information gathering and evaluation are also discussed in this chapter based on possible attacks an IMSI catcher can perform and differences in parameters to a valid base station.
@@ -39,13 +38,13 @@ Finally a explanation of how to set up and operate the system together with some
The fourth chapter contains an evaluation of how the system performs in several categories.
First some general performance statistics and results on the individual methods used are collected.
-Afterwards a long term test over the course of a week is done to examine the false positive and false negative rate considering the discovery of an IMSI catcher.
-The chapter ends with a two simulated attack scenarios.
+Afterwards a long-term test over the course of a week is done to examine the false positive and false negative rates of IMSI catcher detection.
+The chapter ends with two simulated attack scenarios.
In the last chapter, a short summary of the results will be given as well as am outlook of how the system can be extended.
\section{Disclaimer}
-During the practical part of this thesis precautions have been made, not to interrupt or influence radio transmissions made by regular subscribers.
+During the practical part of this thesis precautions have been taken not to interrupt or influence radio transmissions made by regular subscribers.
They main part of the experiments is passive information gathering which only harvests information that is freely available and thus does not influence regular communication procedures.
The IMSI catcher was configured in a way to not let subscribers connect, therefore it is not interfering with regular connection procedures.