From 818bd7c053bb9c17f323134a244e6822fa02b99f Mon Sep 17 00:00:00 2001 From: Tom Date: Mon, 21 May 2012 18:30:02 +0200 Subject: added sections on paging and paging feature in c code, lot of minor changes in tex files --- Tex/Master/Master.lof | 85 +++++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 40 deletions(-) (limited to 'Tex/Master/Master.lof') diff --git a/Tex/Master/Master.lof b/Tex/Master/Master.lof index 5a633db..08a06fc 100644 --- a/Tex/Master/Master.lof +++ b/Tex/Master/Master.lof @@ -1,44 +1,49 @@ \select@language {english} \addvspace {10\p@ } \addvspace {10\p@ } -\contentsline {figure}{\numberline {2.1}{\ignorespaces Growth of mobile GSM subscriptions. Compiled from \cite {GSM2009,GSM_history2011,GSM_stats2011}}}{4} -\contentsline {figure}{\numberline {2.2}{\ignorespaces The main components of a GSM network.}}{6} -\contentsline {figure}{\numberline {2.3}{\ignorespaces Authentication procedure.}}{13} -\contentsline {figure}{\numberline {2.4}{\ignorespaces Mapping of functional entities on the 900\tmspace +\thinmuskip {.1667em}MHz\ band.}}{16} -\contentsline {figure}{\numberline {2.5}{\ignorespaces Theoretical arrangement of radio cells compared to a realistic alignment. Cells with the same number share the same frequency \cite {GSM2009}.}}{18} -\contentsline {figure}{\numberline {2.6}{\ignorespaces Common base station configurations. Compiled from \cite {protocols1999}.}}{19} -\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Stantard configuration.}}}{19} -\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {Umbrella cell configuration.}}}{19} -\contentsline {subfigure}{\numberline {(c)}{\ignorespaces {Sectorised configuration.}}}{19} -\contentsline {figure}{\numberline {2.7}{\ignorespaces Ciphering procedure for one frame of voice data. Adopted from \cite {kommsys2006}.}}{22} -\contentsline {figure}{\numberline {2.8}{\ignorespaces The combination of FDMA and TDMA.}}{23} -\contentsline {figure}{\numberline {2.9}{\ignorespaces Hierarchical Composition of the different frames.}}{25} -\contentsline {figure}{\numberline {2.10}{\ignorespaces Structural Comparison of different Burst types. After \cite {GSM2009}.}}{26} -\contentsline {figure}{\numberline {2.11}{\ignorespaces Mapping of virtual channels on time slots.}}{27} -\contentsline {figure}{\numberline {2.12}{\ignorespaces Snippet of a Multiframe-configurations for a base station from \cite {kommsys2006}.}}{31} -\contentsline {figure}{\numberline {2.13}{\ignorespaces A commercial catcher by Rhode \& Schwarz \cite {fox} and a self built catcher introduced at Defcon 2010 \cite {def_catcher}.}}{33} -\contentsline {figure}{\numberline {2.14}{\ignorespaces IMSI catching procedure. Adopted and simplified from \cite {mueller}.}}{34} -\addvspace {10\p@ } -\contentsline {figure}{\numberline {3.1}{\ignorespaces Interaction of the OsmocomBB components with the ICDS software.}}{40} -\contentsline {figure}{\numberline {3.2}{\ignorespaces Circuit board of the Motorola C123 with its components \cite {osmo_wiki_c123}.}}{43} -\contentsline {figure}{\numberline {3.3}{\ignorespaces T-Mobile and Vodafone stations at the Technische Fakult\"at.}}{48} -\contentsline {figure}{\numberline {3.4}{\ignorespaces Comparison between a normal neighbourhood subgraph and a tainted one.}}{49} -\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Normal neighbourhood}}}{49} -\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {Tainted neighbourhood}}}{49} -\contentsline {figure}{\numberline {3.5}{\ignorespaces System architecture of the ICDS. The arrows indicate the flow of data.}}{52} -\contentsline {figure}{\numberline {3.6}{\ignorespaces A python dictionary.}}{54} -\contentsline {figure}{\numberline {3.7}{\ignorespaces The ICDS main window.}}{54} -\contentsline {figure}{\numberline {3.8}{\ignorespaces Settings windows for two ICDS features.}}{57} -\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Databases window.}}}{57} -\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {User Mode window.}}}{57} -\addvspace {10\p@ } -\addvspace {10\p@ } -\addvspace {10\p@ } -\contentsline {figure}{\numberline {A.1}{\ignorespaces Schematics for the T191 unlock cable.}}{IX} -\addvspace {10\p@ } -\addvspace {10\p@ } -\contentsline {figure}{\numberline {C.1}{\ignorespaces System Information 1 Message}}{XIV} -\contentsline {figure}{\numberline {C.2}{\ignorespaces System Information 2 Message}}{XV} -\contentsline {figure}{\numberline {C.3}{\ignorespaces System Information 3 Message}}{XVI} -\contentsline {figure}{\numberline {C.4}{\ignorespaces System Information 4 Message}}{XVII} +\contentsline {figure}{\numberline {2.1}{\ignorespaces Growth of mobile GSM subscriptions. Compiled from \cite {GSM2009,GSM_history2011,GSM_stats2011}}}{6} +\contentsline {figure}{\numberline {2.2}{\ignorespaces The main components of a GSM network.}}{8} +\contentsline {figure}{\numberline {2.3}{\ignorespaces Authentication procedure.}}{15} +\contentsline {figure}{\numberline {2.4}{\ignorespaces Mapping of functional entities on the 900\tmspace +\thinmuskip {.1667em}MHz\ band.}}{17} +\contentsline {figure}{\numberline {2.5}{\ignorespaces Theoretical arrangement of radio cells compared to a realistic alignment. Cells with the same number share the same frequency \cite {GSM2009}.}}{19} +\contentsline {figure}{\numberline {2.6}{\ignorespaces Ciphering procedure for one frame of voice data. Adopted from \cite {kommsys2006}.}}{21} +\contentsline {figure}{\numberline {2.7}{\ignorespaces The combination of FDMA and TDMA.}}{22} +\contentsline {figure}{\numberline {2.8}{\ignorespaces Hierarchical Composition of the different frames.}}{23} +\contentsline {figure}{\numberline {2.9}{\ignorespaces Structural Comparison of different Burst types. After \cite {GSM2009}.}}{24} +\contentsline {figure}{\numberline {2.10}{\ignorespaces Mapping of virtual channels on time slots.}}{26} +\contentsline {figure}{\numberline {2.11}{\ignorespaces A commercial catcher by Rhode \& Schwarz \cite {fox} and a self built catcher introduced at Defcon 2010 \cite {def_catcher}.}}{29} +\contentsline {figure}{\numberline {2.12}{\ignorespaces IMSI catching procedure. Adopted and simplified from \cite {mueller}.}}{30} +\addvspace {10\p@ } +\contentsline {figure}{\numberline {3.1}{\ignorespaces Circuit board of the Motorola C123 with its components \cite {osmo_wiki_c123}.}}{38} +\contentsline {figure}{\numberline {3.2}{\ignorespaces Interaction of the OsmocomBB components with the ICDS software.}}{39} +\contentsline {figure}{\numberline {3.3}{\ignorespaces System Information 1 Message \cite {protocols1999}.}}{41} +\contentsline {figure}{\numberline {3.4}{\ignorespaces Base stations and their neighbourhood connections at the Technische Fakult\"at.}}{46} +\contentsline {figure}{\numberline {3.5}{\ignorespaces Comparison between a normal neighbourhood subgraph and a tainted one.}}{46} +\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Normal neighbourhood}}}{46} +\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {Tainted neighbourhood}}}{46} +\contentsline {figure}{\numberline {3.6}{\ignorespaces Procedure taken when the network has a call/text waiting for a passive subscriber.}}{49} +\contentsline {figure}{\numberline {3.7}{\ignorespaces System architecture of the ICDS. The arrows indicate the flow of data.}}{50} +\contentsline {figure}{\numberline {3.8}{\ignorespaces Configuration Dictionary in the settings file.}}{51} +\contentsline {figure}{\numberline {3.9}{\ignorespaces The ICDS main window.}}{53} +\contentsline {figure}{\numberline {3.10}{\ignorespaces Dialogs for different settings.}}{56} +\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Filters window.}}}{56} +\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {Rules window.}}}{56} +\contentsline {subfigure}{\numberline {(c)}{\ignorespaces {Databases window.}}}{56} +\contentsline {subfigure}{\numberline {(d)}{\ignorespaces {Encryption window (not yet implemented).}}}{56} +\addvspace {10\p@ } +\contentsline {figure}{\numberline {4.1}{\ignorespaces Scan durations for the sample data sets.}}{62} +\contentsline {figure}{\numberline {4.2}{\ignorespaces Open Source IMSI Catcher (left) with USRP (black) and external clock (blue) and the ICDS (right) with the Motorola C123 connected.}}{64} +\contentsline {figure}{\numberline {4.3}{\ignorespaces Excerpt of a \texttt {OpenBTS.conf}.}}{65} +\contentsline {figure}{\numberline {4.4}{\ignorespaces Nokia 3310 NetMonitor screenshots.}}{66} +\contentsline {subfigure}{\numberline {(a)}{\ignorespaces {Connected cell information.}}}{66} +\contentsline {subfigure}{\numberline {(b)}{\ignorespaces {Neighbouring cell measurements.}}}{66} +\contentsline {figure}{\numberline {4.5}{\ignorespaces Takeover attack of an IMSI catcher on a base station.}}{69} +\addvspace {10\p@ } +\addvspace {10\p@ } +\addvspace {10\p@ } +\addvspace {10\p@ } +\contentsline {figure}{\numberline {C.1}{\ignorespaces System Information 1 Message}}{86} +\contentsline {figure}{\numberline {C.2}{\ignorespaces System Information 2 Message}}{87} +\contentsline {figure}{\numberline {C.3}{\ignorespaces System Information 3 Message}}{88} +\contentsline {figure}{\numberline {C.4}{\ignorespaces System Information 4 Message}}{89} \addvspace {10\p@ } -- cgit v1.2.3-55-g7522