Content area
Full Text
Abstract-The 2G GSM communication system only provides one-way authentication mechanism which just authenticate the identities of mobile users. As we know, this is not resistant to fake BTS attack. But for the huge cost for building a fake BTS before, this kind of attack were not really implemented before. This paper presents an implement of fake BTS based on software radio technologies. Furthermore, this paper discusses two types of fake BTS attacks on our software radio platform. The first attack is IMSI/IMEI catch attack, which can get the mobile phone's IMSI and IMEI. With this information, attacker can got the track of the man with this phone. The second attack is selective jamming attack. After get the IMSI and IMEI of the mobile phone, the attackers can decide whether the mobile phone is blocked or not. We will analyze the GSM protocol which is relevant to the interception system and later present the performance of such a system by real tests and demonstrate its feasibility.
Index Terms-GSM/UMTS; jamming system; IMSI-catcher
I. INTRODUCTION
GSM is the most widely used cellular standard in the world. Over 1000 million users are using gsm mobile phone, mostly in Europe and Asia. The GSM system is based on TDMA radio access and PCM trunking. It using SS7 signalling with mobile-specific extensions. The GSM provides authentication and encryption capabilities. But in recent years, many security problems were discovered.
The problems with GSM security are included as follows:
* Only provides access security-communications and signaling traffic in the fixed network are not protected.
* Does not address active attacks.
* Only as secure as the fixed networks to which they connect.
* Lawful interception only considered as an afterthought
* Terminal identity cannot be trusted
* Difficult to upgrade the cryptographic mechanisms
* Lack of user visibility
As discussed above, there attacks on GSM networks can divided into three types:
* Eavesdropping. This is the capability that the intruder eavesdrops signaling and data connections associated with other users.
* Impersonation of a user. This is the capability whereby the intruder sends signaling and/or user data to the network, in an attempt to make the network believe they originate from the target user.
* Impersonation of the network. This is the capability...