The search module is not installed.
Listening to GSM calls became available to everyone?
Anton Tulchinsky
Introduction
In early September, there were reports from Israeli professor Eli Biham that he and his student Elad Barkan had found a way to listen to the conversations of people who are subscribers of GSM (Global System for Mobile communications) mobile operators. Moreover, they claim that it is even possible to identify eavesdropping callers. Using a special device, it is possible to intercept calls and imitate one of the subscribers during a conversation, says Biham, a professor at the Haifa Technical Institute.
Is it so? How secure is the GSM standard from listening by unauthorized persons? Does the standard contain fundamental errors in the system of cryptographic protection of transmitted data? According to James Moran (which he said prior to Biham's statement), director of security and anti-fraud division of the GSM consortium, "No one in the world has demonstrated the possibility of intercepting calls in the GSM network ... To our knowledge, there is no equipment capable of producing such interception". Against the backdrop of recent events and well-known early studies in the field of cryptanalysis of algorithms used in the GSM standard, these words sound somewhat self-confident...
GSM encryption protocol
Before considering in detail the method of attacking GSM networks proposed by Professor Biham and evaluating the comments of experts, I will allow myself to describe in a nutshell the very scheme of key distribution and information encryption in the GSM standard.
Key distribution in symmetric encryption systems is a serious problem if the number of legitimate users is large. In different systems, it is solved in different ways. Without going into details, we will consider the general scheme of secret communication of the GSM standard. Even without deep knowledge in the field of cryptography, it is clear that the protocol (algorithm) for distributing keys should provide for a ban on the transmission of a session key over the air [roughly speaking, a session key provides legitimate users with the ability to encrypt and decrypt data at certain points in time. - Approx. author] and the ability to quickly change the key.
The key distribution protocol in GSM includes two steps. When registering a mobile station (MS), the network allocates to it a secret number ki, which is stored in a standard identification module - SIM. The second stage of the protocol in a simplified version is shown in the figure "GSM Encryption Protocol".
If it is necessary to carry out a secret communication, the MS sends a request for encryption. The switching center (SC) generates a random number RAND, which is transmitted to the MS and used on both sides to calculate a single session key Kc according to some algorithm "A8" defined by the standard (on the SC side, the key ki is taken from the authentication center). Due to interference in the radio channel, RAND distortion is possible, and the key on the MS will differ from the calculated CC. To check the identity of the keys, the numerical sequence of the key (NPC), which is the code of its hash function, is used. Any change in the key Kc is likely to change the NPC, but it is difficult to determine the value of Kc from the NPC. Therefore, the interception of the PPC in the radio channel does not reduce the strength of the cipher. After confirming the correct installation of the keys, streaming data encryption is carried out according to the "A5" algorithm.
Errors in GSM security
Now let's get back to Eli Biham and Elad Barkan's research on GSM secret cryptanalysis...
In Prof. Biham's opinion, hacking requires an attacker not just to listen, but to "be active." That is, it must transmit clear data over the air in order to mask the GSM base station. In addition, the attacker must be physically between the caller and the base station in order to interrupt the call. It is clear that the hacker will need to transmit data on the operator's frequency, which is illegal in most countries.
The security hole is due to a fundamental mistake made by the GSM developers, and is related to line priority when coding a conversation, Biham said.
The researchers wrote an article "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication", where they described their discoveries. The paper was presented at the annual international cryptology conference held in Santa Barbara, California last month, but news of the discovery has only recently surfaced. The 450 conference attendees were "shocked and amazed" by the findings, the scientists said.
"Elad [student Elad Barkan. - Author's note] found a serious error in the security system when it was initialized in GSM networks," said Eli Biham. According to the professor, Elad Barkan found out that GSM networks work in the wrong order: first they inflate the information sent through them in order to correct interference and noise, and only then they encrypt it. At first, the professor did not believe this, but after checking it turned out that this was so.
Based on this discovery, three researchers (Nathan Keller joined Eli Biham and Elad Barkan) developed a system that allows them to crack the encrypted GSM code even at the call stage, before the connection with the requested subscriber is established. As a response to a previous attack, a new encryption system was recently developed, but the researchers managed to overcome this improvement.
GSM encryption and hacking
The GSM cipher was considered completely unbreakable until 1998, when engineer Marc Briceno found a way to reverse engineer the encryption algorithm. Since then, there have been many hacking attempts, but all of them required hearing the contents of the call for a few initial minutes in order to decode the rest of the conversation and subsequently decode other calls. Since there was no way to know the contents of the call, these attempts never came to fruition. The study of the triple shows the existence of the possibility of cracking the code without knowing anything about the contents of the call itself.
GSM security is based on three algorithms:
A3 - authentication algorithm;
A8 - crypto key generation algorithm;
A5 - the actual encryption algorithm for digitized speech (two main varieties of the algorithm are used: A5 / 1 - the "strong" version of the cipher and A5 / 2 - the "weakened", the first implementation of A5 was developed in 1987).
These algorithms, when properly executed, are designed to guarantee strong user authentication and high-quality encryption of confidential conversations.
As for algorithms A3-A8, cryptanalysts argue that the key can be obtained based on the study of registers and differential analysis. By the "split-and-open" method, according to Slobodan Petrovic and others from the Institute of Applied Physics in Spain, the generator characteristics of the "weakened" A5/2 algorithm can be obtained ("Cryptanalysis of the A5/2 Algorithm", http ://gsmsecurity.com/papers/a52.pdf).
The attack on the A5/1 algorithm was undertaken by Professor Jörg Keller and colleagues from Germany ("A Hardware-Based Attack on the A5/1 Stream Cipher", http://ti2server.fernuni-hagen.de/~jkeller/apc2001-final.pdf ). He proposed a method that differs from the others in two ways: his method requires a very small piece of plain text to work, and his method is based not only on software. The critical part of the attacking algorithm is implemented in the FPGA. Jörg Keller concludes at the end of his paper: at least in the case of long conversations, the A5/1 algorithm does not guarantee secrecy, and therefore its replacement is probably more urgent than in the case of the well-known DES algorithm, for which a successor has already been announced.
Finally, Alex Biryukov and Adi Shamir (Real Time Cryptanalysis of A5/1 on a PC, http://cryptome.org/a51-bsw.htm) announced in late 1999 that they had successfully attacked the A5 algorithm. /one. Their calculations showed that the data protection systems used in the GSM standard could be hacked using a single personal computer with 128 megabytes of RAM, a large hard drive, and some radio equipment. In their opinion, since the protection of voice data is provided by the mobile handset itself, the only solution to the problem is to replace the handset.
If it is possible, it is difficult
Not all experts were enthusiastic about Biham's message. Intercepting mobile conversations was easy enough on analog networks, but with the advent of digital technology in the 90s of the XX century, such as GSM, such an operation became much more difficult. According to security expert Motti Golan, so far only specialized equipment worth a quarter of a million dollars has been able to listen to conversations.
The new method, in his opinion, can be dangerous if it is in the hands of terrorists. At the same time, Biham and his team report that they know how to patch a hole in the GSM security system.
According to the GSM Association, which represents the companies that depend on the world's largest mobile system, which has hundreds of millions of users in nearly 200 countries, the security hole in GSM appeared during development in the 1980s, when computer power was limited.
The association claims that this bug can only be exploited with sophisticated and expensive equipment, and that it can take a long time to access individual subscriber conversations. Thus, according to the GSM Association, the use of the new listening method is limited.
It should be noted that the GSM standard "occupies" more than seventy percent of the global digital mobile telephony market. And it would be naive to assume that its security has not been sufficiently studied by security experts. The vulnerability in the "A5" encryption algorithm was fixed back in July 2002, according to the GSM Association noted above.
Indeed, in July 2002, the GSM Association, the 3GPP (3rd Generation Partnership Project) and the European Telecommunications Standards Institute (ETSI) Security Algorithms Committee announced the development of a new A5/3 encryption algorithm. The new algorithm is implemented at the hardware level and takes into account the peculiarities of signal processing in cell phones. At the same time, both voice traffic and service data transmitted over a GSM wireless channel are subject to encryption.
However, Professor Biham disagrees with the statements of the Association. According to him, they managed to overcome the new encryption system that was proposed after previous attacks on GSM.
Where are we going
(instead of conclusion)
According to Professor Biham and the GSM Association, the problem will not affect 3rd generation mobile communication systems. The fact is that 3G uses other encryption algorithms, protection mechanisms and protocols. So far, no one has demonstrated that the CDMA (Code Division Multiple Access) standard competing with GSM can be hacked.
Until now, the only way to solve the encryption problem was to switch all the phones (now 850 million) that are currently in use...
Apparently, despite the resistance of GSM operators, sooner or later they will have to switch to 3G systems. And some steps in this direction are already being taken.
European countries have chosen the W-CDMA interface (WideBand Code Division Multiple Access), proposed by the Swedish company Ericsson, for the transition from GSM to 3G technology. W-CDMA's main competitor will be Qualcomm's cdma2000 technology, which may be used by Japanese companies currently using cdmaOne technology. The Japanese DoCoMo system is an exception as this system will be developed in collaboration with W-CDMA.
In conclusion, I note that the most interesting thing about the security algorithms in GSM networks, in particular in A5 / 1 and A5 / 2, is that they all turned out to have imperfections that were not obvious at first glance. Attacks on both algorithms (A5/1 and A5/2) use "thin structures" of the algorithm and result in the ability to decode voice traffic in real time using the power of average computer hardware.
At present, the A8 algorithm, which is provided by the keys A5/1 and A5/2, can be "weakened" by setting a number of input bits to zero and thus get closer to breaking it.
It should be noted that earlier the encryption algorithms used in the GSM standard were criticized because they were developed secretly, without the publication of source codes. Moran (the same director of the security and anti-fraud division of the GSM consortium) reported on this occasion that the A5 ciphers currently in development will be published.
From what has been said, it turns out that all GSM algorithms responsible for security can theoretically be opened. In practice, it is usually more difficult to open the system, but this is probably a matter of time. In general, it is very difficult to guarantee 100% data protection during transmission over an open area in a system with millions of legitimate subscribers. Probably not even possible at all.
Jovan DJ. Golic, Cryptanalysis of Alleged A5 Stream Cipher, http://gsmsecurity.com/papers/a5-hack.html
J?org Keller and Birgit Seitz, A Hardware-Based Attack on the A5/1 Stream Cipher, http://ti2server.fernuni-hagen.de/~jkeller/apc2001-final.pdf
Slobodan Petrovic and Amparo Fuster-Sabater, Cryptanalysis of the A5/2 Algorithm, http://gsmsecurity.com/papers/a52.pdf
Alex Biryukov, Adi Shamir and David Wagner, Real Time Cryptanalysis of A5/1 on a PC, http://cryptome.org/a51-bsw.htm
|
GSM networks. A look from within.
A bit of history
At the dawn of the development of mobile communications (and it was not so long ago - in the early eighties), Europe was covered with analog networks of various standards - Scandinavia developed its own systems, Great Britain its own ... Now it is difficult to say who initiated the revolution that followed very soon - the "tops" in in the form of equipment manufacturers, forced to develop their own devices for each network, or "bottom" as users, dissatisfied with the limited coverage of their phone. One way or another, in 1982, the European Commission for Telecommunications (CEPT) created a special group to develop a fundamentally new, pan-European mobile communication system. The main requirements for the new standard were: efficient use of the frequency spectrum, the possibility of automatic roaming, improved voice quality and protection against unauthorized access compared to previous technologies, and also, obviously, compatibility with other existing communication systems (including wired) etc.
The result of the hard work of many people from different countries (to be honest, I can’t even imagine the amount of work they did!) was the specification of a pan-European mobile network, introduced in 1990, called Global System for Mobile Communications or just GSM. And then everything flashed like in a kaleidoscope - the first GSM operator accepted subscribers in 1991, by the beginning of 1994 networks based on the standard in question already had 1.3 million subscribers, and by the end of 1995 their number had increased to 10 million! Truly, "GSM walks the planet" - at present, about 200 million people have phones of this standard, and GSM networks can be found all over the world.
Let's try to figure out how GSM networks are organized and on what principles they operate. I must say right away that the task is not an easy one, however, believe me - as a result, we will get real pleasure from the beauty of the technical solutions used in this communication system.
Two very important issues will remain outside the scope of consideration: firstly, frequency-time separation of channels (you can familiarize yourself with this) and, secondly, encryption and protection systems for transmitted speech (this is such a specific and extensive topic that, perhaps, in the future a separate article will be devoted to it).
The main parts of the GSM system, their purpose and interaction with each other.
Let's start with the most difficult and, perhaps, boring - consideration of the skeleton (or, as they say in the military department of my Alma Mater, block diagram) of the network. When describing, I will adhere to the English-language abbreviations accepted throughout the world, of course, while giving their Russian interpretation.
Take a look at fig. one:
Fig.1 Simplified GSM network architecture.
The simplest part of the block diagram - a portable telephone, consists of two parts: the "handset" itself - IU(Mobile Equipment - mobile device) and smart cards SIM (Subscriber Identity Module - subscriber identification module), obtained by concluding a contract with the operator. Just like any car is equipped with a unique body number, so the cell phone has its own number - IMEI(International Mobile Equipment Identity - the international identifier of a mobile device), which can be transmitted to the network upon its request (for more details, see IMEI can be found). SIM , in turn, contains the so-called IMSI(International Mobile Subscriber Identity - international subscriber identification number). I think the difference between IMEI and IMSI clear - IMEI corresponds to a specific phone, and IMSI- a specific subscriber.
The "central nervous system" of the network is NSS(Network and Switching Subsystem - a network and switching subsystem), and the component that performs the functions of the "brain" is called MSc(Mobile services Switching Center - switching center). It is the latter that is called in vain (sometimes aspirated) "switchboard", and also, in case of problems with communication, is blamed for all mortal sins. MSc there may be more than one in the network (in this case, the analogy with multiprocessor computer systems is very appropriate) - for example, at the time of this writing, the Moscow operator Beeline was implementing a second switch (manufactured by Alcatel). MSc handles call routing, generates data for the billing system, manages many procedures - it's easier to say what is NOT the responsibility of the switch than to list all its functions.
The next most important network components, also included in NSS, I would call HLR(Home Location Register - register of own subscribers) and VLR(Visitor Location Register - register of movements). Pay attention to these parts, in the future we will often refer to them. HLR, roughly speaking, is a database of all subscribers who have concluded a contract with the network in question. It stores information about user numbers (numbers mean, firstly, the above-mentioned IMSI, and secondly, the so-called MSISDN-Mobile Subscriber ISDN, i.e. telephone number in its usual sense), a list of available services and much more - further in the text, the parameters that are in HLR.
Unlike HLR, which is the only one in the system, VLR There can be several `s - each of them controls its part of the network. AT VLR contains data about subscribers who are located on its (and only its!) territory (and not only its subscribers are served, but also roamers registered in the network). As soon as the user leaves the area of effect of some VLR, information about it is copied to a new VLR, and removed from the old one. In fact, between what is about the subscriber in VLR and in HLR, there is a lot in common - look at the tables where the list of long-term (Table 1) and temporary (Table 2 and 3) data about subscribers stored in these registries is given. Once again, I draw the reader's attention to the fundamental difference HLR from VLR: the first contains information about all subscribers of the network, regardless of their location, and the second contains data only about those who are on the subordinated network VLR territory. AT HLR for each subscriber there is always a link to that VLR, which is currently working with him (the subscriber) (at the same time he VLR may belong to a foreign network located, for example, on the other side of the Earth).
| 1. | International subscriber identification number ( IMSI) |
| 2. | The telephone number of the subscriber in the usual sense ( MSISDN) |
| 3. | Mobile station category |
| 4. | Subscriber identification key ( Ki) |
| 5. | Types of provision of additional services |
| 6. | Closed user group index |
| 7. | Closed user group lock code |
| 8. | The composition of the main calls that can be transferred |
| 9. | Caller alert |
| 10. | Called Line Identification |
| 11. | Schedule |
| 12. | Called Party Announcement |
| 13. | Signaling control when connecting subscribers |
| 14. | Characteristics of a closed user group |
| 15. | Closed User Group Benefits |
| 16. | Barred outgoing calls in a closed user group |
| 17. | Maximum number of subscribers |
| 18. | Used passwords |
| 19. | Priority Access Class |
Table 1. Complete composition of long-term data stored in HLR and VLR.
| 1. | Authentication and encryption options |
| 2. | Temporary mobile number ( TMSI) |
| 3. | The address of the movement register where the subscriber is located ( VLR) |
| 4. | Mobile station movement areas |
| 5. | Handover cell number |
| 6. | Registration status |
| 7. | No answer timer |
| 8. | Composition of currently used passwords |
| 9. | Communication activity |
Table 2. Complete composition of temporary data stored in HLR.
Table 3. Complete composition of temporary data stored in VLR.
NSS contains two more components - AuC(Authentication Center - authorization center) and EIR(Equipment Identity Register - Equipment Identification Register). The first block is used for subscriber authentication procedures, and the second, as the name implies, is responsible for allowing only authorized cell phones to operate on the network. The operation of these systems will be discussed in detail in the next section on subscriber registration in the network.
The executive, so to speak, part of the cellular network is BSS(Base Station Subsystem - a subsystem of base stations). If we continue the analogy with the human body, then this subsystem can be called the limbs of the body. BSS consists of several "arms" and "legs" - BSC(Base Station Controller - base station controller), as well as many "fingers" - bts(Base Transceiver Station - base station). Base stations can be observed everywhere - in cities, fields (I almost said "and rivers") - in fact, these are just transceivers containing from one to sixteen emitters. Each BSC controls the whole group bts and is responsible for channel management and allocation, power level of base stations, and the like. Usually BSC there is not one in the network, but a whole set (there are hundreds of base stations in general).
The operation of the network is managed and coordinated using OSS (Operating and Support Subsystem - a subsystem for management and support). OSS consists of all sorts of services and systems that control work and traffic - in order not to overload the reader with information, the work of OSS will not be considered below.
Online registration.
Each time you turn on your phone after selecting a network, the registration procedure starts. Let's consider the most general case - registration not in the home, but in someone else's, so-called guest, network (we will assume that the roaming service is allowed for the subscriber).
Let the network be found. When requested by the network, the phone transmits IMSI subscriber. IMSI begins with the code of the country of "registration" of its owner, followed by numbers that define the home network, and only then - the unique number of a particular subscriber. For example, start IMSI 25099… corresponds to the Russian operator Beeline. (250-Russia, 99 - Beeline). By number IMSI VLR guest network identifies the home network and associates with it HLR. The latter transmits all necessary information about the subscriber to VLR, who made the request, and places a link to this VLR so that, if necessary, to know "where to look" for the subscriber.
The process of determining the authenticity of the subscriber is very interesting. During registration AuC home network generates a 128-bit random number - RAND, sent to the phone. Inside SIM with a key Ki(identification key - same as IMSI, it is contained in SIM) and identification algorithm A3, a 32-bit response is calculated - SRES(Signed RESult) according to the formula SRES = Ki * RAND. Exactly the same calculations are done simultaneously in AuC(as selected from HLR Ki user). If a SRES, calculated in the phone, will coincide with SRES calculated AuC, then the authorization process is considered successful and the subscriber is assigned TMSI(Temporary Mobile Subscriber Identity-temporary mobile subscriber number). TMSI serves solely to improve the security of the subscriber's interaction with the network and may change from time to time (including when changing VLR).
Theoretically, during registration, the number should also be transmitted IMEI, but I have big doubts about what Moscow operators track IMEI telephones used by subscribers. Let's consider some "ideal" network, functioning as it was intended by the creators of GSM. So, upon receipt IMEI network, it is directed to EIR, where it is compared with the so-called "lists" of numbers. The white list contains numbers of authorized phones, the black list consists of IMEI, stolen or for some other reason not approved for use phones, and finally the gray list - "handsets" with problems, the operation of which is resolved by the system, but which are constantly monitored.
After the procedure of identification and interaction of the guest VLR with home HLR a time counter is started, which sets the moment of re-registration in the absence of any communication sessions. Usually, the mandatory registration period is a few hours. Re-registration is necessary in order for the network to confirm that the phone is still in its coverage area. The fact is that in standby mode, the “handset” only monitors the signals transmitted by the network, but does not emit anything itself - the transmission process begins only if a connection is established, as well as during significant movements relative to the network (this will be discussed in detail below) - in such cases, the timer counting down the time until the next re-registration is restarted. Therefore, if the phone "falls out" from the network (for example, the battery was disconnected, or the owner of the device entered the subway without turning off the phone), the system will not know about it.
All users are randomly divided into 10 equal access classes (with numbers from 0 to 9). In addition, there are several special classes with numbers from 11 to 15 (various types of emergency and emergency services, network staff). Access class information is stored in SIM. A special, class 10 access allows you to make emergency calls (to number 112) if the user does not belong to any permitted class, or does not have any IMSI (SIM). In the event of emergencies or network congestion, some classes may be temporarily denied access to the network.
Territorial division of the network and handover.
As already mentioned, the network consists of many bts- base stations (one bts- one "cell", cell). To simplify the operation of the system and reduce service traffic, bts combined into groups - domains called LA(Location Area - location areas). Each LA matches your code LAI(Location Area Identity). One VLR can control multiple LA. And exactly LAI placed in VLR to set the location of the mobile subscriber. If necessary, in the appropriate LA(and not in a separate cell, mind you) the subscriber will be searched. When a subscriber moves from one cell to another within the same LA re-registration and change of records in VLR/HLR is not performed, but it costs him (the subscriber) to enter the territory of another LA how the phone will start interacting with the network. Each user, probably, more than once had to hear periodic interference (such as grunt-grunt --- grunt-grunt --- grunt-grunt :-)) in the music system of his car from a phone in standby mode - often this is a consequence of ongoing re-registration when crossing borders LA. When changing LA the old area code is erased from VLR and replaced by a new one LAI, if the next LA controlled by another VLR, then there will be a change VLR and update the entry in HLR.
Generally speaking, partitioning the network into LA a rather difficult engineering task, which is solved when building each network individually. Too small LA will lead to frequent re-registration of phones and, as a result, to an increase in traffic of various kinds of service signals and faster discharge of mobile phone batteries. If to do LA large, then, if it is necessary to connect with the subscriber, a call signal will have to be given to all cells included in the LA, which also leads to an unjustified increase in the transmission of service information and overload of the internal channels of the network.
Now consider a very beautiful algorithm of the so-called handover`ra (this name was given to changing the channel used during the connection process). During a conversation on a mobile phone, due to a number of reasons (removal of the "handset" from the base station, multipath interference, the subscriber moving into the so-called shadow zone, etc.), the signal strength (and quality) may deteriorate. In this case, it will switch to the channel (maybe another bts) with the best signal quality without interrupting the current connection (I will add - neither the subscriber himself nor his interlocutor, as a rule, notice what happened handover`a). Handovers are usually divided into four types:
- changing channels within the same base station
- changing the channel of one base station to the channel of another station, but under the patronage of the same BSC.
- channel switching between base stations controlled by different BSC, but one MSc
- switching channels between base stations, for which not only different BSC, but also MSc.
In general, carrying out handover`a - task MSc. But in the first two cases, called internal handover`s, to reduce the load on the switch and service lines, the channel change process is controlled BSC, a MSc only to be informed about what happened.
During a call, the mobile phone constantly monitors the signal strength from neighboring bts(the list of channels (up to 16) that need to be monitored is set by the base station. Based on these measurements, the six best candidates are selected, data on which is constantly (at least once per second) transmitted BSC and MSc to organize a possible switch. There are two main schemes handover`a:
- "Least switching mode" (Minimum acceptable performance). In this case, when the quality of communication deteriorates, the mobile phone increases the power of its transmitter as long as it is possible. If, despite the increase in the signal level, the connection does not improve (or the power has reached its maximum), then handover.
- "Energy saving mode" (Power budget). At the same time, the power of the transmitter of the mobile phone remains unchanged, and in case of deterioration in the quality, the communication channel changes ( handover).
Interestingly, not only a mobile phone can initiate a channel change, but also MSc, for example, for better traffic distribution.
Call routing.
Let's now talk about how incoming calls are routed on a mobile phone. As before, we will consider the most general case when the subscriber is in the coverage area of the guest network, registration was successful, and the phone is in standby mode.
When a connection request (Figure 2) is received from a wired telephone (or other cellular) system on MSc home network (the call "finds" the desired exchange by the dialed number of the mobile subscriber MSISDN, which contains the country and network code).
Fig.2 Interaction of the main blocks of the network when an incoming call arrives.
MSc sends to HLR room ( MSISDN) subscriber. HLR, in turn, makes a request to VLR guest network in which the subscriber is located. VLR selects one of the available MSRN(Mobile Station Roaming Number - the number of the "roaming" mobile station). Destination ideology MSRN very similar to the dynamic assignment of IP addresses in dial-up Internet access via a modem. HLR home network receives from VLR assigned to the subscriber MSRN and accompanying him IMSI user, transmits to the home network switch. The final stage of establishing a connection is the call, followed by IMSI and MSRN, the guest network switch, which generates a special signal transmitted over PAGCH(PAGer CHannel - call channel) throughout LA where the subscriber is located.
Outgoing call routing does not represent anything new and interesting from an ideological point of view. Here are just some of the diagnostic signals (Table 4) that indicate the impossibility of establishing a connection and which the user can receive in response to a connection attempt.
Table 4. Main diagnostic signals for a connection error.
Conclusion
Of course, nothing in the world is perfect. The GSM cellular systems discussed above are no exception. The limited number of channels creates problems in the business centers of megacities (and recently, marked by the rapid growth of the subscriber base, and on their outskirts) - in order to make a call, you often have to wait for the system load to decrease. Small, by modern standards, the data transfer rate (9600 bps) does not allow sending large files, not to mention video materials. Yes, and roaming opportunities are not so limitless - America and Japan are developing their own, incompatible with GSM, digital wireless communication systems.
Of course, it is too early to say that the days of GSM are numbered, but it is impossible not to notice the appearance on the horizon of the so-called 3G- systems embodying the beginning of a new era in the development of cellular telephony and devoid of the above disadvantages. How I want to look a few years ahead and see what opportunities we all get from new technologies! However, the wait is not so long - the start of commercial operation of the first third-generation network is scheduled for early 2001 ... But what fate awaits the new systems - explosive growth, like GSM, or ruin and destruction, like Iridium, time will tell ...
Available for 4 frequency bands: 850 MHz, 900 MHz, 1800 MHz, 1900 MHz.
Depending on the number of bands, phones are divided into classes and frequency variations depending on the region of use.
- Single-band - the phone can operate in one frequency band. Currently not available, but it is possible to manually select a specific frequency range in some phone models, such as Motorola C115, or using the phone's engineering menu.
- Dual band (Dual Band) - for Europe, Asia, Africa, Australia 900/1800 and 850/1900 for America and Canada.
- Tri-band (Tri Band) - for Europe, Asia, Africa, Australia 900/1800/1900 and 850/1800/1900 for America and Canada.
- Quad Band - support all 850/900/1800/1900 bands.
Commercial GSM networks began operating in European countries in the middle of the year. GSM was developed later than analog cellular and was better designed in many ways. The North American counterpart, PCS, has grown from its roots standards including TDMA and CDMA digital technologies, but for CDMA the potential improvement in quality of service has never been proven.
GSM Phase 1
1982 (Groupe Spécial Mobile) - 1990 Global System for Mobile Communications. First commercial network in January Digital standard, supports data rates up to 9.6 kbps. Completely obsolete, production of equipment for it has been discontinued.
In 1991, GSM services "PHASE 1" were introduced.
Base station subsystem
Antennas of three base stations on a mast
BSS consists of the actual base stations (BTS - Base Transceiver Station) and base station controllers (BSC - Base Station Controller). The area covered by the GSM network is divided into hexagonal cells. The diameter of each hexagonal cell can be different - from 400 m to 50 km. The maximum theoretical cell radius is 120 km, which is due to the limited ability of the synchronization system to compensate for the signal delay time. Each cell is covered by one BTS, while the cells partially overlap each other, thereby retaining the possibility of MS handover when moving from one cell to another without breaking the connection ( The operation of handover of a mobile phone (MS) from one base station (BTS) to another at the moment the mobile phone passes the range of the current base station during a call, or GPRS session, is called the technical term "Handover"). Naturally, in fact, the signal from each station propagates, covering the area in the form of a circle, but when crossing, regular hexagons are obtained. Each base has six neighbors due to the fact that the tasks of planning the placement of stations included such as minimizing signal overlap zones from each station. A greater number of neighboring stations than 6 does not bring any special benefits. Considering the boundaries of the signal coverage from each station already in the overlap zone, we just get - hexagons.
| Pictures of GSM base stations at Wikimedia Commons |
The base station (BTS) provides signal reception/transmission between the MS and the base station controller. BTS is autonomous and is built on a modular basis. Directional base station antennas can be located on towers, rooftops, etc.
The base station controller (BSC) controls the connections between the BTS and the switching subsystem. Its powers also include management of the order of connections, data transfer rate, distribution of radio channels, collection of statistics, control of various radio measurements, assignment and management of the Handover procedure.
Switching Subsystem
NSS consists of the following components.
Switching Center (MSC - Mobile Switching Center)
The MSC controls a certain geographic area with BTS and BSC located on it. It establishes a connection to and from the subscriber within the GSM network, provides an interface between GSM and PSTN, other radio networks, and data transmission networks. Also performs the functions of call routing, call control, handover when moving MS from one cell to another. After the call is completed, the MSC processes data on it and transfers it to the settlement center to generate an invoice for the services provided, collects statistical data. The MSC also constantly monitors the position of the MS using data from the HLR and VLR, which is necessary to quickly find and establish a connection with the MS in case of a call.
Home Location Register (HLR - Home Location Registry)
Contains a database of subscribers assigned to it. It contains information about the services provided to this subscriber, information about the status of each subscriber, necessary in case of a call, as well as the International Mobile Subscriber Identity (IMSI - International Mobile Subscriber Identity), which is used to authenticate the subscriber (using AUC). Each subscriber is assigned to one HLR. HLR data is available to all MSCs and VLRs in a given GSM network, and in the case of internetwork roaming, to MSCs of other networks.
Visitor Location Registry (VLR)
VLR monitors the movement of MS from one area to another and contains a database of moving subscribers currently in this area, including subscribers of other GSM systems - the so-called roamers. Subscriber data is deleted from the VLR if the subscriber has moved to another area. This scheme reduces the number of requests to the HLR of a given subscriber and, consequently, the call service time.
Equipment Identification Register (EIR)
Contains the database required for MS authentication by IMEI (International Mobile Equipment Identity). Forms three lists: white (allowed for use), gray (some problems with MS identification) and black (MS banned for use). Russian operators (and most of the operators of the CIS countries) use only white lists, which does not allow to solve the problem of mobile phone theft once and for all.
Authentication Center (AUC)
Here, the subscriber is authenticated, or rather, SIM (Subscriber Identity Module). Access to the network is allowed only after the SIM has passed the authentication procedure, during which a random RAND number is sent from the AUC to the MS, after which the AUC and MS are simultaneously encrypted with the Ki key for this SIM using a special algorithm. The MS and AUC then return "signed responses" - SRES (Signed Response), which are the result of this encryption, to the MSC. At the MSC, the responses are compared, and if they match, the authentication is considered successful.
OMC subsystem (Operations and Maintenance Centre)
It is connected to the rest of the network components and provides quality control and management of the entire network. Handles alarms that require human intervention. Provides a check of the network status, the possibility of passing the call. Performs software updates on all network elements and a number of other functions.
see also
- List of GPS tracker models
- GSM terminal
Notes
Links
- Association GSMA (The GSM Association) (English)
- 3GPP - Current GSM Standardization Level, Free Standards
- 3GPP Specification Numbering Scheme
- (English)
- WHO booklet Building a Dialogue on the Risks of Electromagnetic Fields (pdf 2.68Mb)
- “WHO Proposals for a Project to Study the Effects of Electromagnetic Fields; Impact of Radio Fields of Mobile Telecommunications on Health; Recommendations to State Authorities»
| Cellular communication in Russia | |
|---|---|
| Operators | |
| ...virtual | |
| Sales networks | |
| Standards | |
| ||||||||||||||
This article discusses the issue of choosing a GSM gateway (cellular bridge, gsm-gateway). Various types of devices and parameters that should be taken into account when choosing the optimal model are described. You can skip the feature overview and go directly to the list of selection criteria or selection table for analog or VoIP GSM gateways.
Why do I need a VoIP GSM gateway?
The main advantages of using analog or VoIP GSM gateways:
- Call cost reduction from the cellular network to the fixed telephone network and back to the price level of an on-net mobile call. This makes it possible to significantly reduce the cost of cellular communications for companies or individuals. Savings occur due to the installation of a SIM card in the cellular bridge with an unlimited or corporate tariff of one of the cellular operators (Tele2, MTS, Megafon, Beeline, etc.). This provides unlimited number of calls and time traffic between cellular network subscribers for a final fee. Thus, all calls from the office to this cellular network will be considered as intranet calls. By installing a cellular gateway in the office, you can save up to 75% on cellular communications.
- Otelephone line equipment for remote sites, but located in the coverage area of one of the cellular networks - the second option for using GSM bridges. There are many reasons for this use:
- The impossibility or irrationality of laying a wired telephone line,
- The seasonality of an object or the mobility of an object, such as a riverboat.
- Weak mobile signal. In this case, it is possible to use an efficient external antenna. At the output of such a cellular bridge, an interface of a conventional wired telephone line is formed. And such a gateway can be connected to a regular landline phone, radiotelephone or even a mini PBX.
- Savings on long distance and international calls. You can install a VoIP GSM gateway in another city or even another country, and connect it to an office PBX via a VPN channel. In this case, the cost of long distance/international calls will be equal to the cost of intranet calls.
- Mode: " always in touch". Another possibility is to install a cellular bridge parallel to a fixed (office or home) phone. Thus, if you did not pick up the phone on a stationary device, the call will automatically be transferred to your mobile number, and you will always stay in touch.
What is a GSM gateway, gsm-gateway?
GSM gateway or gsm-gateway(in the English version) - equipment that transmits traffic from a cellular network to an analog or ip telephony network, as well as in the opposite direction. In the general case, a gateway, in relation to the field of telecommunications, is a device or program that allows you to transfer data from one network to another. Moreover, these networks are heterogeneous and cannot be connected directly, as they differ in the type of information (analogue / digital), protocol or other parameter. And in simple terms, GSM gateway is a device with which a mobile cellular line is connected to a regular phone orPBX to receive calls and make calls through the SIM card of the cellular operator directly from the internal phones of the company. A GSM gateway is often also referred to as a cellular bridge. In addition to the main purpose -save money on callsbetween fixed and mobile phones - the use of such equipment opensadditional features, such as a voice greeting, conversation recording, Callback - a callback for "free" calls to employees in the office, and other functions.
Physically, a cellular bridge looks like a device with a SIM card slot, a phone line or Ethernet jack, an antenna jack, and a power jack.
GSM gateway Teleoffice OfficeGate 2:
How a GSM Gateway Works
The basis of the GSM gateway is a cell phone, which is located inside the device case, and the following are brought out: a slot for a SIM card, an antenna connector, a power socket, in some models - a mini-USB connector for connecting a computer, and a socket for connecting a conventional telephone set or mini-ATS. The cellular module converts the GSM signal into an analog telephone signal (or digital - in voip gsm gateways) and feeds it to the telephone line emulator, which generates line voltage and service signals, standard for a wired telephone line. Thus, a regular telephone or PBX connected to a cellular bridge works as if it were a regular telephone line.
Cellular bridges can be divided into 2 groups:
- , to which not a line is connected, but directly a handset.
For example Masterkit Dadget MT3020B:
GSM terminals with an external interface are divided into:
- Analog with FXS interface
- Analog with FXO interface
- Digital VoIP-GSM gateways with Ethernet interface
Analog GSM gateways
The analog GSM gateway is designed to interface a cellular network with an analog telephone line of a city PBX or office. Cellular bridges, depending on the type of line to which they are connected, are divided into 2 types:
- With FXS port
- With FXO port
Analogue GSM gateways for standard telephone connection (FXS)
Analog gateways with an FXS port are used to connect a regular analog wired phone to a cellular network. In addition, devices of this type can be used to create an additional external line of an analog PABX. This makes it possible to make low-cost calls from fixed office phones to mobile phones of employees and customers through a mini-PBX. An example of such a device is Termit pbxGate v2 rev3:
Analogue GSM gateway: SMS and fax
Most GSM gateways can receive and send SMS through a computer connected to the gateway. The main thing is that the supplied software supports this function. But for receiving / transmitting FAX messages, the cellular bridge must support the appropriate protocols. For faxing, these are the protocols V.27ter (2.4Kbps and 4.8Kbps) andV.29 (7.2 Kbps and 9.6 Kbps).
GSM gateway for fax: model Teleoffice OfficeGate.
FXO FXS difference
To understand which analog cellular gateway to buy, you need to understand the concepts of FXO FXS.
- FXS - Foreign eXchange station. This is the port of the device that is the master, master, providing service to the end device.
- FXO - Foreign eXchange office. This is the interface of a slave, slave, terminal, subscriber device.
Phones and faxes have analog phone line ports only FXO interface.
PBX has interface ports FXO for connection to a city PBX and interface FXS for connecting telephone sets.
Only ports of different interfaces can be interconnected, FXO<->FXO and FXS<->FXS cannot be connected.
GSM gateway with FXS or FXO: what to choose?
In fact, choosing a cell bridge with FXS or FXO depends on the task you want to solve.
GSM gateway with FXS interface is connected to a regular telephone set or external line connector of mini PBX and gives you the following options:
- Inexpensive calls from office phones to mobiles
- "Free" calls from employees' cell phones to the office
- Additional or backup external line mini PBX
GSM gateway with FXO port is connected in parallel to a landline telephone or to the mini PBX internal line connector and serves to:
- Make low-cost calls from mobile phones to the landline network
- To provide remote objects with an internal telephone line of an office PBX by extending the radio channel of the cellular network
- An important employee always remained in touch, regardless of whether he was at the workplace or on the road (parallel inclusion of a cellular bridge and a landline phone)
- Connect your cell phone to the landline telephone network
To benefits use of analogue GSM gateways include:
- Low price
- Ease of installation and configuration
To cons include lower reliability, stability and communication quality than voip-gsm gateways. As an example, for stable operation, analog cellular bridges must be connected to an office PBX with wires no longer than 5 m. It turns out that cellular bridges for different mobile operators (Tele2, Beeline, MTS, Megafon) are almost all located in one place. Firstly, mutual interference occurs, and secondly, the signals of all cellular operators are not always strong enough in this place.
You can read more about the comparison of analog cellular bridges and recommendations for choosing.
VoIP GSM Gateways
The VoIP GSM gateway redirects voice traffic or data from the cellular network to the IP network and vice versa. The name of the connection establishment protocol can be used in the device name. Most VoIP telephony operators use the SIP protocol, and a cellular gateway that supports it is often referred to as a SIP GSM gateway.
Equipment example - AddPac AP-GS1001A:
SIP GSM gateways
SIP GSM gateways operate using the SIP connection establishment protocol. This protocol was the basis of the Voice-over-IP technology. And VoIP telephony itself has been widely used since 2000, when the SIP (Session Initiation Protocol) recommendations were approved.
Benefits of SIP
The SIP protocol has the following advantages that have determined its widespread use:
- High mobility of subscribers - SIP-ID remains unchanged even when moving to another country, only the Internet is needed
- Extensibility and compatibility with previous versions of the protocol
- Fast connection establishment
- Clear and simple system of addresses, like e-mail
- Internet traffic saving
SIP GSM gateways are divided into:
- single channel
- Multichannel: GSM gateways for 2 SIM cards, for 4 SIM cards, etc.
For example, GSM gateways for 4 SIM cards AddPac AP-GS1004B:
GSM IP gateways with FXS/FXO ports
In cases where it is necessary to organize a GSM IP gateway between the cellular network, regular and digital lines, AddPac devices with support for analog lines will come to the rescue. Moreover, traffic transmission is possible in any direction: IP - cellular network; analogue - cellular network; IP - cellular network - analogue; IP - analogue.
These devices are essentially ordinary VoIP GSM gateways with additional support for FXO or FXS analog line interfaces.
- GSM IP gateway with FXS port -AddPac AP-GS1001B:
Benefits of VoIP GSM Gateways
- Installation anywhere on the local network and even the world (via VPN channel)
- High call quality
- Reliability and stability
- 100% caller identification (caller ID)
- Support for Virtual PBX features: Least Cost Routing, Call Forwarding, etc.
- Support for additional functions: callback callback, WEB-callback, etc.
Summary: choosing a GSM gateway for home and office
Summarizing the parameters described above, we will give the main selection criteria:
- Manufacturer. The quality and reliability of the equipment depends on the choice of the manufacturer. However, it must be taken into account that each vendor specializes in gateways of a certain specificity. Therefore, it is not always possible to first choose a brand, and then find a suitable model for it.
- analog or VoIP GSMGateway. This is determined by the telephone lines you use.
Criteria for selecting analog GSM gateways
- Analog interface type: FXO or FXS
- FAX support: Ability to send and receive faxes
- Support for data transfer (2G, 3G, 4G) to access the Internet from a computer connected to the device
- Ability to receive and send SMS
- Additional features such as call recording or caller ID
Criteria for choosing VoIP GSM gateways
- The required number of cellular network channels. In fact, this is the number of different mobile operators whose mobile phones are planned to be called. You may also need to connect several SIM cards of the same operator with different tariffs.
- Support for multiple SIP accounts
- Support for FXO/FXS analog line ports
- Support for virtual PBX functions: call routing, call number identification and call distribution, call forwarding, etc.
- Availability of callback, WEB-callback functions, etc.
Having decided on these parameters, you can choose a cellular bridge. The tables below are designed to help you choose the best model for you.
As a result, the physical channel between the receiver and the transmitter is determined by the frequency, allocated frames and the numbers of timeslots in them. Base stations typically use one or more ARFCN channels, one of which is used to identify the presence of the BTS on the air. The first timeslot (index 0) of this channel's frames is used as the base-control channel or beacon-channel. The remaining part of the ARFCN is distributed by the operator for CCH and TCH channels at its discretion.
2.3 Logical channels
Logical channels are formed on the basis of physical channels. Um-interface implies the exchange of both user information and service information. According to the GSM specification, each type of information corresponds to a special type of logical channels implemented through physical ones:
- traffic channels (TCH - Traffic Channel),
- service information channels (CCH - Control Channel).
Service information channels are divided into:
- Broadcast (BCH - Broadcast Channels).
- FCCH - Frequency Correction Channel (frequency correction channel). Provides the information needed by the mobile phone to correct the frequency.
- SCH - Synchronization Channel (synchronization channel). Provides the mobile phone with the information needed for TDMA synchronization with the base station (BTS) as well as its BSIC identity.
- BCCH - Broadcast Control Channel (broadcast channel service information). It transmits basic information about the base station, such as the way the service channels are organized, the number of blocks reserved for access grant messages, and the number of multiframes (51 TDMA frames in size) between Paging requests.
- General purpose channels (CCCH - Common Control Channels)
- PCH - Paging Channel. Looking ahead, I’ll tell you that Paging is a kind of ping of a mobile phone that allows you to determine its availability in a certain coverage area. This channel is for that.
- RACH - Random Access Channel (random access channel). Used by mobile phones to request their own service channel SDCCH. Exclusively uplink channel.
- AGCH - Access Grant Channel (access notification channel). On this channel, base stations respond to RACH requests from mobile phones by allocating SDCCH, or immediately TCH.
- Own channels (DCCH - Dedicated Control Channels)
Own channels, like TCH, are allocated to specific mobile phones. There are several subspecies:- SDCCH - Stand-alone Dedicated Control Channel. This channel is used for mobile phone authentication, encryption key exchange, location update procedure, as well as for voice calls and SMS messaging.
- SACCH - Slow Associated Control Channel. Used during a call or when the SDCCH is already in use. With it, BTS sends periodic instructions to the phone to change timings and signal strength. In the opposite direction, there are data on the received signal level (RSSI), TCH quality, as well as the signal level of the nearest base stations (BTS Measurements).
- FACCH - Fast Associated Control Channel. This channel is provided together with TCH and allows the transmission of urgent messages, for example, during the transition from one base station to another (Handover).
2.4 What is burst?
Data over the air is transmitted as a sequence of bits, most commonly referred to as "burst", within timeslots. The term “burst”, the most appropriate analogue of which is the word “splash”, should be familiar to many radio amateurs, and most likely appeared when compiling graphical models for the analysis of radio air, where any activity looks like waterfalls and water splashes. You can read more about them in this wonderful article (image source), we will focus on the most important. A schematic representation of a burst might look like this:
Guard Period
To avoid interference (i.e. overlapping of two busrts), the burst duration is always less than the timeslot duration by a certain value (0.577 - 0.546 = 0.031 ms), called the "Guard Period". This period is a kind of time reserve to compensate for possible time delays in signal transmission.
tail bits
These markers define the beginning and end of the burst.
info
Burst payload, for example, subscriber data or service traffic. Consists of two parts.
Stealing Flags
These two bits are set when both parts of the TCH burst are transmitted on the FACCH. One transmitted bit instead of two means that only one part of the burst is transmitted on FACCH.
Training Sequence
This part of the burst is used by the receiver to determine the physical characteristics of the link between the phone and the base station.
2.5 Burst types
Each logical channel corresponds to certain types of burst:
normal burst
Sequences of this type implement traffic channels (TCH) between the network and subscribers, as well as all types of control channels (CCH): CCCH, BCCH and DCCH.
Frequency Correction Burst
The name speaks for itself. Implements a one-way FCCH downlink channel, allowing mobile phones to more accurately tune to the BTS frequency.
Synchronization Burst
Burst of this type, as well as Frequency Correction Burst, implements a downlink channel, only SCH, which is designed to identify the presence of base stations on the air. By analogy with beacon packets in WiFi networks, each such burst is transmitted at full power, and also contains information about the BTS necessary to synchronize with it: frame rate, identification data (BSIC), and others.
Dummy Burst
A dummy burst sent by the base station to fill unused timeslots. The fact is that if there is no activity on the channel, the signal strength of the current ARFCN will be significantly less. In this case, the mobile phone may appear to be far from the base station. To avoid this, BTS fills unused timeslots with meaningless traffic.
Access Burst
When establishing a connection with the BTS, the mobile phone sends a dedicated SDCCH request on the RACH. The base station, having received such a burst, assigns the subscriber his FDMA system timings and answers on the AGCH channel, after which the mobile phone can receive and send Normal Bursts. It is worth noting the increased duration of Guard time, since initially neither the phone nor the base station knows information about time delays. If the RACH request does not fall into the timeslot, the mobile phone sends it again after a pseudo-random period of time.
2.6 Frequency hopping
Quote from Wikipedia:Pseudo-random shifting of the operating frequency (FHSS - English frequency-hopping spread spectrum) is a method of transmitting information by radio, the peculiarity of which is the frequent change of carrier frequency. The frequency changes according to a pseudo-random sequence of numbers known to both the sender and the recipient. The method increases the noise immunity of the communication channel.
3.1 Main attack vectors
Since the Um-interface is a radio interface, all its traffic is "visible" to anyone who is within the range of the BTS. Moreover, you can analyze the data transmitted over the air without even leaving your home, using special equipment (for example, an old mobile phone supported by the OsmocomBB project, or a small RTL-SDR dongle) and direct hands of the most ordinary computer.There are two types of attack: passive and active. In the first case, the attacker does not interact in any way with the network or with the attacked subscriber - only the reception and processing of information. It is not difficult to guess that it is almost impossible to detect such an attack, but it does not have as many prospects as an active one. An active attack implies the interaction of the attacker with the attacked subscriber and/or cellular network.
We can single out the most dangerous types of attacks to which subscribers of cellular networks are exposed:
- Sniffing
- Leakage of personal data, SMS and voice calls
- Location data leak
- Spoofing (FakeBTS or IMSI Catcher)
- Remote SIM Capture, Arbitrary Code Execution (RCE)
- Denial of Service (DoS)
3.2 Subscriber identification
As mentioned at the beginning of the article, subscriber identification is performed by IMSI, which is recorded in the subscriber's SIM card and the operator's HLR. Mobile phones are identified by serial number - IMEI. However, after authentication, neither IMSI nor IMEI fly in the clear over the air. After the Location Update procedure, the subscriber is assigned a temporary identifier - TMSI (Temporary Mobile Subscriber Identity), and further interaction is carried out with its help.Attack methods
Ideally, the subscriber's TMSI is known only to the mobile phone and the cellular network. However, there are ways to bypass this protection. If you make a cyclic call to a subscriber or send SMS messages (or rather Silent SMS), monitoring the PCH channel and performing correlation, you can select the TMSI of the attacked subscriber with a certain accuracy.
In addition, having access to the SS7 interoperator network, you can find out the IMSI and LAC of its owner by the phone number. The problem is that in the SS7 network, all operators "trust" each other, thereby reducing the level of confidentiality of their subscribers' data.
3.3 Authentication
To protect against spoofing, the network authenticates the subscriber before starting its service. In addition to the IMSI, the SIM card stores a randomly generated sequence called Ki, which it returns only in hashed form. Ki is also stored in the operator's HLR and is never transmitted in the clear. In general, the authentication process is based on the principle of a four-way handshake:
- The subscriber performs a Location Update Request, then provides the IMSI.
- The network sends a pseudo-random RAND value.
- The phone's SIM card hashes Ki and RAND using the A3 algorithm. A3(RAND, Ki) = SRAND.
- The network also hashes Ki and RAND using the A3 algorithm.
- If the SRAND value on the subscriber's side coincides with that calculated on the network side, then the subscriber has been authenticated.
Attack methods
Iterating over Ki, given the RAND and SRAND values, can take quite a long time. In addition, operators can use their own hashing algorithms. There is quite a bit of information on the web about brute force attempts. However, not all SIM cards are perfectly protected. Some researchers were able to directly access the file system of the SIM card and then extract the Ki.
3.4 Traffic encryption
According to the specification, there are three algorithms for encrypting user traffic:- A5/0- a formal designation for the lack of encryption, just like OPEN in WiFi networks. I myself have never seen networks without encryption, however, according to gsmmap.org, A5 / 0 is used in Syria and South Korea.
- A5/1 is the most widely used encryption algorithm. Despite the fact that his hack has already been repeatedly demonstrated at various conferences, it is used everywhere and everywhere. To decrypt the traffic, it is enough to have 2 TB of free disk space, a regular personal computer with Linux and the Kraken program on board.
- A5/2- an encryption algorithm with intentionally weakened protection. If where and is used, then only for beauty.
- A5/3- at the moment the strongest encryption algorithm, developed back in 2002. On the Internet, you can find information about some theoretically possible vulnerabilities, but in practice no one has yet shown how to crack it. I don't know why our operators don't want to use it in their 2G networks. After all, this is far from a hindrance, because. the encryption keys are known to the operator and the traffic can be quite easily decrypted on its side. And all modern phones support it perfectly. Fortunately, modern 3GPP networks use it.
As already mentioned, having sniffing equipment and a computer with 2 TB of memory and the Kraken program, you can quite quickly (a few seconds) find A5 / 1 session encryption keys, and then decrypt anyone's traffic. German cryptologist Karsten Nohl in 2009 cracking A5/1. A few years later Karsten and Sylvian Muno demonstrated the interception and method of decrypting a telephone conversation using several old Motorola phones (OsmocomBB project).
