Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks Read chapter Read first chapter

2015 | OriginalPaper | Chapter

Implementing an Affordable and Effective GSM IMSI Catcher with 3G Authentication

Author : Max Suraev

Published in: International Conference on Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Recently revealed information on secret agencies eavesdropping on the politicians’ phone calls all over the world, have shown how common practice it is. Although the insecurity of the mobile telecommunication system GSM has been known in the scientific community, these events made it clear to the public. Particularly, the extent and usage of such techniques demonstrates its relevance in the current society. In this paper, we will demonstrate techniques used to intercept mobile calls and analyze the feasibility of man-in-the-middle attacks in real-life scenarios. We show how to build an affordable and effective IMSI catcher which works even when mutual authentication between phone and a network is enforced. The methods to detect it and other potential countermeasures are discussed as well.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Visual-Assisted Wormhole Attack Detection for Wireless Sensor Networks
next chapter A Simple and Novel Technique for Counteracting Exploit Kits
Appendix
Available only for authorised users
Footnotes
1
Alongside with GSM which is the common denominator of supported protocols.
 
2
Older phones, which do not support UMTS authentication will ignore it.
 
3
The case of LTE is not considered in this paper and left out for future work.
 
4
Up to 6 cells in GSM and up to 15 in UMTS.
 
5
Not all the phones supported by XGoldmon provide such option.
 
6
Another explanation would be the pervasive use of IMSI catchers in Germany of course.
 
7
Both SII and SIII models.
 
8
The results may vary depending on the dissectors available to Wireshark tool.
 
9
Corresponding bug #5353 dates back to 2009 with no indication of any progress or intention to fix it so far.
 
10
See the recent bug #960007 for tracking developments.
 
11
Bug #838.
 
12
Bug #1276208.
 
13
64 bit build used in this case.
 
14
FISH shell syntax used: http://​fishshell.​com/​.
 
Literature
1.
3GPP: Digital cellular telecommunications system (Phase 2+); Radio subsystem link control. Technical Specification TS 100.911 v8.23.0, 3G Partnership Project, October 2005
2.
3GPP: Digital cellular telecommunications system (Phase 2+); Functions related to Mobile Station (MS) in idle mode and group receive mode. Technical Specification TS 143.022 v11.0.0, 3G Partnership Project, October 2012
3.
3GPP: Smart Cards; UICC-Terminal interface; Physical and logical characteristics. Technical Specification TS 102.221 v11.0.0, 3G Partnership Project, June 2012
4.
3GPP: Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture. Technical Specification TS 131.102 v11.5.1, 3G Partnership Project, July 2013
5.
3GPP: Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Mobile radio interface Layer 3 specification; Core network protocols; Stage 3. Technical Specification TS 124.008 v11.8.0, 3G Partnership Project, October 2013
6.
3GPP: Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture. Technical Specification TS 33.102 v11.5.1, 3G Partnership Project, July 2013
7.
3GPP: Universal Mobile Telecommunications System (UMTS); LTE; Service aspects; Service principles. Technical Specification TS 122.101 v11.9.0, 3G Partnership Project, July 2013
8.
9.
Fox, Dirk: Der IMSI-Catcher. Datenschutz und Datensicherheit 26, 212–215 (2002)
10.
Golde, N., Redon, K., Borgaonkar, R.: Weaponizing femtocells: the effect of rogue devices on mobile telecommunication. In: Network & Distributed System Security Symposium 2011, February 2012
11.
GSM Association: European Mobile Industry Observatory 2011 (2011)
12.
13.
Kalenderi, M., Pnevmatikatos, D.N., Papaefstathiou, I., Manifavas, C.: Breaking the gsm a5/1 cryptography algorithm with rainbow tables and high-end fpgas. In: FPL, pp. 747–753 (2012)
14.
15.
Mayer, T.: IMSI Catcher Detection System. Master Thesis at the Chair of Communication Systems at Freiburg University, June 2012
16.
Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: Proceedings of the 3rd ACM workshop on Wireless security, WiSe 2004, pp. 90–97. ACM, New York (2004)
17.
Meyer, U., Wetzel, S.: On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks. In: Proceedings of IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC2004), September 2004. IEEE (2004)
18.
Mjølsnes, S.F., Tsay, J.K.: Computational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols. CoRR abs/1203.3866 (2012)
19.
Ntantogian, C., Xenakis, C.: Questioning the feasibility of UMTS-GSM interworking attacks. Wirel. Pers. Commun. 65(1), 157–163 (2012)CrossRef
20.
21.
22.
23.
Song, Y., Zhou, K., Chen, X.: Fake BTS Attacks of GSM system on software radio platform. J. Netw. 7(2), 275–281 (2012)
24.
Tang, C., Naumann, D.A., Wetzel, S.: Analysis of authentication and key establishment in inter-generational mobile telephony. IACR Cryptology ePrint Archive 2013, 227 (2013)
25.
Wehrle, D.: Open Source IMSI-Catcher. Master Thesis at the Chair of Communication Systems at Freiburg University, October 2009
Metadata
Title
Implementing an Affordable and Effective GSM IMSI Catcher with 3G Authentication
Author
Max Suraev
Copyright Year
2015
Book
International Conference on Security and Privacy in Communication Networks

Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-23829-6_18

Premium Partner

    Image Credits