\relax \@newglossary{main}{glg}{gls}{glo} \@newglossary{acronym}{alg}{acr}{acn} \@istfilename{Master.ist} \@glsorder{word} \select@language{english} \@writefile{toc}{\select@language{english}} \@writefile{lof}{\select@language{english}} \@writefile{lot}{\select@language{english}} \providecommand {\FN@pp@footnotehinttrue }{} \providecommand {\FN@pp@footnote@aux }[2]{} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \citation{GSM2009} \citation{GSM_history2011} \citation{GSM_stats2011} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{\numberline {1}Introduciton}{1}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \@writefile{toc}{\contentsline {section}{\numberline {1.1}Structure}{1}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{\numberline {2}GSM}{3}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \newlabel{ch:gsm}{{2}{3}} \@writefile{toc}{\contentsline {section}{\numberline {2.1}A Historical Perspective}{3}} \citation{GSM2009} \citation{protocols1999} \citation{GSM2009} \citation{GSM_history2011} \citation{GSM_stats2011} \citation{GSM2009} \citation{GSM_history2011} \citation{GSM_stats2011} \citation{3gpp_Proposal2000} \@writefile{lof}{\contentsline {figure}{\numberline {2.1}{\ignorespaces Growth of mobile GSM subscriptions. Compiled from \cite {GSM2009,GSM_history2011,GSM_stats2011}}}{4}} \newlabel{fig:gsm_growth}{{2.1}{4}} \citation{hsdpa} \citation{hsupa} \citation{kommsys2006} \citation{ITU1200} \FN@pp@footnote@aux{1}{5} \@writefile{toc}{\contentsline {section}{\numberline {2.2}The GSM Network}{5}} \newlabel{sec:network}{{2.2}{5}} \citation{GSM2009} \citation{overview1994} \citation{overview1996} \citation{GSM0207} \citation{protocols1999} \@writefile{lof}{\contentsline {figure}{\numberline {2.2}{\ignorespaces The main components of a GSM network.}}{6}} \newlabel{fig:gsm_network}{{2.2}{6}} \FN@pp@footnote@aux{2}{6} \@writefile{toc}{\contentsline {subsection}{\numberline {2.2.1}Mobile Station}{6}} \newlabel{sec:ms}{{2.2.1}{6}} \citation{GSM0505} \citation{ISO7810} \FN@pp@footnote@aux{3}{7} \FN@pp@footnote@aux{4}{7} \citation{protocols1999} \citation{protocols1999} \citation{kommsys2006} \citation{GSM23003} \citation{ITU212} \@writefile{lot}{\contentsline {table}{\numberline {2.1}{\ignorespaces Subset of data stored on a SIM card. Adopted from \cite {protocols1999}}}{8}} \newlabel{tab:simdata}{{2.1}{8}} \@writefile{lot}{\contentsline {table}{\numberline {2.2}{\ignorespaces Mobile Country and Network Codes. (R) denotes that the MCC is reserved but not operational as of yet, whereas (T) denotes a operational test network.}}{9}} \newlabel{tab:countrycodes}{{2.2}{9}} \@writefile{toc}{\contentsline {subsection}{\numberline {2.2.2}Network Subsystem}{9}} \newlabel{sec:nss}{{2.2.2}{9}} \@writefile{toc}{\contentsline {subsubsection}{Mobile Switching Center}{9}} \@writefile{toc}{\contentsline {subsubsection}{Home Location Register}{10}} \@writefile{lot}{\contentsline {table}{\numberline {2.3}{\ignorespaces Interfaces inside the core network (upper part) and the radio network (lower part)}}{11}} \newlabel{tab:interfaces}{{2.3}{11}} \citation{blacklisting} \@writefile{toc}{\contentsline {subsubsection}{Visitor Location Register}{12}} \@writefile{toc}{\contentsline {subsubsection}{Equipment Identification Register}{12}} \FN@pp@footnote@aux{5}{12} \@writefile{toc}{\contentsline {subsubsection}{Authentication Center}{12}} \newlabel{sec:authentication}{{2.2.2}{12}} \FN@pp@footnote@aux{6}{12} \@writefile{lof}{\contentsline {figure}{\numberline {2.3}{\ignorespaces Authentication procedure.}}{13}} \newlabel{fig:authentication}{{2.3}{13}} \citation{kommsys2006} \@writefile{toc}{\contentsline {subsection}{\numberline {2.2.3}Intelligent Network}{14}} \citation{GSM23078} \citation{kommsys2006} \citation{kommsys2006} \citation{kommsys2006} \@writefile{toc}{\contentsline {subsection}{\numberline {2.2.4}Base Station Subsystem}{15}} \newlabel{sec:bss}{{2.2.4}{15}} \@writefile{toc}{\contentsline {subsubsection}{Frequencies and the Cellular Principle}{15}} \@writefile{lof}{\contentsline {figure}{\numberline {2.4}{\ignorespaces Mapping of functional entities on the 900 Mhz band.}}{16}} \newlabel{fig:frequency}{{2.4}{16}} \@writefile{lot}{\contentsline {table}{\numberline {2.4}{\ignorespaces Frequencies in the different bands \cite {kommsys2006}.}}{16}} \newlabel{tab:frequencies}{{2.4}{16}} \citation{GSM2009} \citation{protocols1999} \citation{GSM2009} \citation{GSM2009} \citation{kommsys2006} \citation{protocols1999} \citation{protocols1999} \citation{protocols1999} \@writefile{lof}{\contentsline {figure}{\numberline {2.5}{\ignorespaces Theoretical arrangement of radio cells compared to a realistic alignment. Cells with the same number share the same frequency \cite {GSM2009}.}}{18}} \newlabel{fig:cells}{{2.5}{18}} \@writefile{toc}{\contentsline {subsubsection}{Base Transceiver Station}{18}} \@writefile{lof}{\contentsline {figure}{\numberline {2.6}{\ignorespaces Common base station configurations. Compiled from \cite {protocols1999}.}}{19}} \@writefile{lof}{\contentsline {subfigure}{\numberline{(a)}{\ignorespaces {Stantard configuration.}}}{19}} \@writefile{lof}{\contentsline {subfigure}{\numberline{(b)}{\ignorespaces {Umbrella cell configuration.}}}{19}} \@writefile{lof}{\contentsline {subfigure}{\numberline{(c)}{\ignorespaces {Sectorised configuration.}}}{19}} \newlabel{fig:configurations}{{2.6}{19}} \citation{kommsys2006} \@writefile{toc}{\contentsline {subsubsection}{Baste Station Controller}{20}} \citation{kommsys2006} \@writefile{toc}{\contentsline {subsubsection}{Transcoding rate and Adaption Unit}{21}} \citation{kommsys2006} \citation{kommsys2006} \citation{protocols1999} \@writefile{lof}{\contentsline {figure}{\numberline {2.7}{\ignorespaces Ciphering procedure for one frame of voice data. Adopted from \cite {kommsys2006}.}}{22}} \newlabel{fig:cypher}{{2.7}{22}} \@writefile{toc}{\contentsline {section}{\numberline {2.3}The $U_m$ Interface}{22}} \newlabel{sec:Um}{{2.3}{22}} \@writefile{lof}{\contentsline {figure}{\numberline {2.8}{\ignorespaces The combination of FDMA and TDMA.}}{23}} \newlabel{fig:fdma_tdma}{{2.8}{23}} \@writefile{toc}{\contentsline {subsection}{\numberline {2.3.1}Radio Transmission}{23}} \newlabel{sec:radio}{{2.3.1}{23}} \@writefile{toc}{\contentsline {subsubsection}{Frame Numbering}{24}} \@writefile{lof}{\contentsline {figure}{\numberline {2.9}{\ignorespaces Hierarchical Composition of the different frames.}}{25}} \newlabel{fig:frame_hierarchy}{{2.9}{25}} \citation{GSM2009} \citation{GSM2009} \citation{GSM2009} \@writefile{lof}{\contentsline {figure}{\numberline {2.10}{\ignorespaces Structural Comparison of different Burst types. After \cite {GSM2009}.}}{26}} \newlabel{fig:burst_types}{{2.10}{26}} \@writefile{toc}{\contentsline {subsubsection}{Burst Types}{26}} \citation{kommsys2006} \@writefile{lof}{\contentsline {figure}{\numberline {2.11}{\ignorespaces Mapping of virtual channels on time slots.}}{27}} \newlabel{fig:channels}{{2.11}{27}} \@writefile{toc}{\contentsline {subsection}{\numberline {2.3.2}Logical Channels}{27}} \newlabel{sec:channels}{{2.3.2}{27}} \@writefile{toc}{\contentsline {subsubsection}{Dedicated Channels}{28}} \@writefile{toc}{\contentsline {subsubsection}{Common Channels}{28}} \citation{gsm0502} \citation{GSM2009} \citation{GSM2009} \citation{kommsys2006} \citation{protocols1999} \citation{kommsys2006} \citation{kommsys2006} \@writefile{lot}{\contentsline {table}{\numberline {2.5}{\ignorespaces Possible combinations of logical channels for the base station. From \cite {GSM2009}.}}{29}} \newlabel{tab:channel_configurations}{{2.5}{29}} \@writefile{toc}{\contentsline {subsubsection}{Combinations}{29}} \citation{protocols1999} \citation{GSM0405} \citation{GSM0406} \citation{protocols1999} \@writefile{toc}{\contentsline {subsection}{\numberline {2.3.3}Layers}{30}} \newlabel{sec:layers}{{2.3.3}{30}} \@writefile{toc}{\contentsline {paragraph}{Physical Layer (Layer 1):}{30}} \@writefile{toc}{\contentsline {paragraph}{Data Link (Layer 2):}{30}} \@writefile{toc}{\contentsline {paragraph}{Network (Layer 3):}{30}} \@writefile{lof}{\contentsline {figure}{\numberline {2.12}{\ignorespaces Snippet of a Multiframe-configurations for a base station from \cite {kommsys2006}.}}{31}} \newlabel{fig:channel_example}{{2.12}{31}} \citation{fox} \citation{imsi_wiki} \citation{fox} \citation{dennis} \citation{def_catcher} \citation{fox} \citation{def_catcher} \citation{fox} \citation{def_catcher} \citation{mueller} \@writefile{toc}{\contentsline {section}{\numberline {2.4}IMSI-Catcher}{32}} \newlabel{sec:catcher}{{2.4}{32}} \citation{mueller} \citation{mueller} \citation{fox} \citation{mueller} \citation{fox} \@writefile{lof}{\contentsline {figure}{\numberline {2.13}{\ignorespaces A commercial catcher by Rhode \& Schwarz \cite {fox} and a self built catcher introduced at Defcon 2010 \cite {def_catcher}.}}{33}} \newlabel{fig:catchers}{{2.13}{33}} \@writefile{toc}{\contentsline {subsection}{\numberline {2.4.1}Mode of Operation}{33}} \newlabel{sec:catcher_operation}{{2.4.1}{33}} \@writefile{lof}{\contentsline {figure}{\numberline {2.14}{\ignorespaces IMSI catching procedure. Adopted and simplified from \cite {mueller}.}}{34}} \newlabel{fig:catcher_catch}{{2.14}{34}} \citation{dennis} \citation{mueller} \citation{imsi_wiki} \citation{mueller} \@writefile{toc}{\contentsline {subsubsection}{Attacks}{35}} \newlabel{sec:attacks}{{2.4.1}{35}} \@writefile{toc}{\contentsline {paragraph}{MS is in normal cell selection mode:}{35}} \@writefile{toc}{\contentsline {paragraph}{MS is already connected to a network:}{35}} \citation{fox} \citation{fox} \citation{imsi_wiki} \citation{criminal_justice} \@writefile{toc}{\contentsline {subsubsection}{Risks and Irregularities}{36}} \@writefile{toc}{\contentsline {subsection}{\numberline {2.4.2}Law Situation in Germany}{36}} \newlabel{sec:catcher_law}{{2.4.2}{36}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \citation{dennis} \citation{osmo_rationale} \@writefile{toc}{\contentsline {chapter}{\numberline {3}IMSI Catcher Detection}{39}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \@writefile{toc}{\contentsline {section}{\numberline {3.1}Framework and Hardware}{39}} \FN@pp@footnote@aux{7}{39} \@writefile{toc}{\contentsline {subsection}{\numberline {3.1.1}OsmocomBB}{39}} \@writefile{lof}{\contentsline {figure}{\numberline {3.1}{\ignorespaces Interaction of the OsmocomBB components with the ICDS software.}}{40}} \newlabel{fig:osmo_setup}{{3.1}{40}} \FN@pp@footnote@aux{8}{40} \@writefile{toc}{\contentsline {subsection}{\numberline {3.1.2}Motorola C123}{41}} \newlabel{sec:osmo_phones}{{3.1.2}{41}} \@writefile{toc}{\contentsline {section}{\numberline {3.2}Procedure}{41}} \@writefile{toc}{\contentsline {subsection}{\numberline {3.2.1}Information Gathering}{41}} \newlabel{sec:info_gathering}{{3.2.1}{41}} \@writefile{toc}{\contentsline {subsection}{\numberline {3.2.2}Information Evaluation}{41}} \@writefile{toc}{\contentsline {section}{\numberline {3.3}IMSI Catcher Detection System}{41}} \newlabel{sec:icds}{{3.3}{41}} \@writefile{toc}{\contentsline {subsection}{\numberline {3.3.1}Implemetation}{41}} \@writefile{toc}{\contentsline {subsubsection}{Architecture}{41}} \@writefile{toc}{\contentsline {subsubsection}{Extensions}{41}} \@writefile{toc}{\contentsline {subsection}{\numberline {3.3.2}Configuration}{41}} \@writefile{toc}{\contentsline {subsection}{\numberline {3.3.3}Operation}{41}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{\numberline {4}Evaluation}{43}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \@writefile{toc}{\contentsline {section}{\numberline {4.1}Example Scenarios}{43}} \@writefile{toc}{\contentsline {section}{\numberline {4.2}Test Period}{43}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion}{45}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \@writefile{toc}{\contentsline {section}{\numberline {5.1}Related Projects}{45}} \@writefile{toc}{\contentsline {section}{\numberline {5.2}Future Work}{45}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \bibstyle{acm} \citation{*} \bibdata{../Content/Bibliography} \bibcite{GSM0405}{1} \bibcite{GSM0406}{2} \bibcite{GSM0505}{3} \bibcite{GSM0207}{4} \bibcite{ISO7810}{5} \bibcite{gsm0502}{6} \bibcite{GSM23078}{7} \bibcite{GSM23003}{8} \bibcite{3gpp_Proposal2000}{9} \bibcite{GSM2009}{10} \bibcite{mueller}{11} \bibcite{fox}{12} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{Bibliography}{I}} \bibcite{GSM_stats2011}{13} \bibcite{GSM_history2011}{14} \bibcite{overview1994}{15} \bibcite{protocols1999}{16} \bibcite{hsdpa}{17} \bibcite{hsupa}{18} \bibcite{criminal_justice}{19} \bibcite{kommsys2006}{20} \bibcite{overview1996}{21} \bibcite{def_catcher}{22} \bibcite{ITU1200}{23} \bibcite{ITU212}{24} \bibcite{dennis}{25} \bibcite{blacklisting}{26} \bibcite{imsi_wiki}{27} \FN@pp@footnotehinttrue \citation{GSM2009} \citation{GSM_history2011} \citation{GSM_stats2011} \citation{GSM2009} \citation{protocols1999} \citation{kommsys2006} \citation{GSM2009} \citation{kommsys2006} \citation{fox} \citation{def_catcher} \citation{mueller} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \citation{protocols1999} \citation{kommsys2006} \citation{GSM2009} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{\numberline {A}appendix}{VII}} \@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\addvspace {10\p@ }} \@writefile{lol}{\addvspace {10\p@ }} \@writefile{toc}{\contentsline {section}{\numberline {A.1}OsmocomBB}{VII}} \@writefile{toc}{\contentsline {subsection}{\numberline {A.1.1}Installation}{VII}} \newlabel{sec:osmo_install}{{A.1.1}{VII}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \@writefile{toc}{\contentsline {chapter}{Acronyms}{IX}} \FN@pp@footnotehinttrue \FN@pp@footnotehinttrue \gdef \LT@i {\LT@entry {1}{55.97493pt}\LT@entry {1}{245.03047pt}} \FN@pp@footnotehinttrue \global\@altsecnumformattrue