Setting Up A Rogue GSM Network
| Note: Most the things described here are most likely thoroughly illegal in whatever area you live, partially due to the carrriers' iron grips on these systems |
Intro/Background
- How to set up a GSM Base Station and associated systems for the purpose of providing carrier-free access, likely using VoIP as a transport mechanism.
- Perhaps set up a shell company for those who want to set these up and provide the services legally.
| A bunch of this stuff needs to get sorted into these sections |
Sources
- Internet Link #1
- Internet Link #2
- Book Source #1
- Book Source #2
Ideas for the paper
- Thesis here?
- Direction you want to take the research/paper
- Need to do any interviews for primary sources?
Scratch Pad
GSM Research
Everything you need to know about cell tower leases:
http://chinese-school.netfirms.com/cell-tower-lease.html
About GSM: http://www.telecomspace.com/gsm.html
About SS7: http://www.telecomspace.com/ss7.html
Sites that sell towers:
http://www.sbasite.com/ .. apparently they acquired the other major player
The Algorithm:
http://www.chem.leeds.ac.uk/ICAMS/people/jon/a5.html
A5/2 introduced in 199, upgrade in 2003
Most GSM network operators utilize a version of the COMP128 algorithm as the implementation of the A3 algorithm.
A3's task is to generate the 32-bit Signed Response (SRES) utilizing the 128-bit random challenge (RAND) generated by the Home Location Register (HLR) and the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR).
A3 actually generates 128 bits of output. The first 32 bits of those 128 bits form the Signed Response.
The A3 algorithm is implemented in the Subscriber Identity Module (SIM)
Encryption
he encryption algorithm used in the GSM system is a stream cipher known as the A5 algorithm.
Multiple versions of the A5 algorithm exist which implement various levels of encryption.
A5/0 utilizes no encryption.
A5/1 is the original A5 algorithm used in Europe.
A5/2 is a weaker encryption algorithm created for export and used in the United States.
A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).
The stream cipher is initialized with the Session Key (Kc) and the number of each frame. The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique keystream for every frame.
The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. In practice, the same Session Key (Kc) may be in use for days.
Authentication is an optional procedure in the beginning of a call, but it is usually not performed.
The A5 algorithm is implemented in the Mobile Station (MS).
http://www.gsmworld.com/using/algorithms/docs/a5_3_and_gea3_specifications.pdf
Key Generation�
The key generation algorithm used in the GSM system is known as the A8 algorithm.
Most GSM network operators utilize the a version of the COMP128 algorithm as the implementation of the A8 algorithm.
A8's task is to generate the 64-bit Session Key (Kc), from the 128-bit random challenge (RAND) received from the Mobile Services Switching Center (MSC) and from the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR).
One Session Key (Kc) is used until the MSC decides to authenticate the MS again. This might take days.
A8 actually generates 128 bits of output. The last 54 bits of those 128 bits form the Session Key (Kc). Ten zero-bits are appended to this key before it is given as input to the A5 algorithm.
The A8 algorithm is implemented in the Subscriber Identity Module (SIM).
What are the components of a GSM network?
Subscriber Equipment
Mobile Station (MS) - The mobile telephone.
The Switching System (SS)
Home Location Register (HLR) - A database which stores data about GSM subscribers, including the Individual Subscriber Authentication Key (Ki) for each Subscriber Identity Module (SIM).
Mobile Services Switching Center (MSC) - The network element which performs the telephony switching functions of the GSM network. The MSC is responsible for toll ticketing, network interfacing, common channel signaling.
Visitor Location Register (VLR) - A database which stores temporary information about roaming GSM subscribers.
Authentication Center (AUC) - A database which contains the International Mobile Subscriber Identity (IMSI) the Subscriber Authentication key (Ki), and the defined algorithms for encryption.
Equipment Identity Register (EIR) - A database which contains information about the identity of mobile equipment in order to prevent calls from stolen, unauthorized, or defective mobile stations.
The Base Station System (BSS)
Base Station Controller (BSC) - The network element which provides all the control functions and physical links between the MSC and BTS. The BSC provides functions such as handover, cell configuration data, and control of radio frequency (RF) power levels in Base Transceiver Stations.
Base Transceiver Station (BTS) - The network element which handles the radio interface to the mobile station. The BTS is the radio equipment (transceivers and antennas) needed to service each cell in the network.
The Operation and Support System (OSS)
Message Center (MXE) - A network element which provides Short Message Service (SMS), voice mail, fax mail, email, and paging.
Mobile Service Node (MSN) - A network element which provides mobile intelligent network (IN) services.
Gateway Mobile Services Switching Center (GMSC) - A network element used to interconnect two GSM networks.
GSM Interworking Unit (GIWU) - The network element which interfaces to various data networks.
What are Ki, Kc, RAND, and SRES?
Ki is the 128-bit Individual Subscriber Authentication Key utilized as a secret key shared between the Mobile Station and the Home Location Register of the subscriber's home network.
RAND is 128-bit random challenge generated by the Home Location Register.
SRES is the 32-bit Signed Response generated by the Mobile Station and the Mobile Services Switching Center.
Kc is the 64-bit ciphering key used as a Session Key for encryption of the over-the-air channel. Kc is generated by the Mobile Station from the random challenge presented by the GSM network and the Ki from the SIM utilizing the A8 algorithm.
How do Authentication and Key generation work in a GSM network?
Encryption in the GSM network utilizes a Challenge/Response mechanism.
The Mobile Station (MS) signs into the network.
The Mobile Services Switching Center (MSC) requests 5 triples from the Home Location Register (HLR).
The Home Location Register creates five triples utilizing the A8 algorithm. These five triples each contain:
A 128-bit random challenge (RAND)
A 32-bit matching Signed Response (SRES)
A 64-bit ciphering key used as a Session Key (Kc).
The Home Location Register sends the Mobile Services Switching Center the five triples.
The Mobile Services Switching Center sends the random challenge from the first triple to the Base Transceiver Station (BTS).
The Base Transceiver Station sends the random challenge from the first triple to the Mobile Station.
The Mobile Station receives the random challenge from the Base Transceiver Station and encrypts it with the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station utilizing the A3 algorithm.
The Mobile Station sends the Signed Response to the Base Transceiver Station.
The Base Transceiver Station sends the Signed Response to the Mobile Services Switching Center.
The Mobile Services Switching Center verifies the Signed Response.
The Mobile Station generates a Session Key (Kc) utilizing the A8 algorithm, the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station, and the random challenge received from the Base Transceiver Station.
The Mobile Station sends the Session Key (Kc) to the Base Transceiver Station.
The Mobile Services Switching Center sends the Session Key (Kc) to the Base Transceiver Station.
The Base Transceiver Station receives the Session Key (Kc) from the Mobile Services Switching Center.
The Base Transceiver Station receives the Session Key (Kc) from the Mobile Station.
The Base Transceiver Station verifies the Session Keys from the Mobile Station and the Mobile Services switching Center.
The A5 algorithm is initialized with the Session Key (Kc) and the number of the frame to be encrypted.
Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.
This process authenticates the GSM Mobile Station (MS) to the GSM network. One known security limitation of GSM networks is that the GSM network is never authenticated by the GSM Mobile Station (MS).
This one-way authentication makes it possible for an attacker to pretend to be a GSM network provider.
Have the A3 and A8 algorithms been broken?
Most GSM providers use a version of COMP128 for both the A3 authentication algorithm and the A8 key generation algorithm.
Ian Goldberg and David Wagner of the University of California at Berkeley demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The A8 algorithm takes a 64-bit key, but ten key bits were set to zero. The attack on the A8 algorithm demonstrated by Goldberg and Wagner takes just 2^19 queries to the GSM SIM *Subscriber Identity Module), which takes roughly 8 hours.
Josyula R. Rao, Pankaj Rohatgi and Helmut Scherzer of IBM and Stephane Tinguely of the Swiss Federal Institute of Technology have published Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards which shows a method by which COMP128 can be broken in less than a minute.
The COMP128-2 and COMP128-3 algorithms have been developed to address the security issues of COMP128-1. COMP128-2 and COMP128-3 are secret algorithms which have not been subject to cryptanalysis. COMP128-3 fixes the issue where 10 bits of the Session Key (Kc) were set to zero.
GSM network operators are slowly migrating from COMP128 (also known as COMP128-1) to COMP28-2 or COMP128-3. Because the A3 and A8 algorithms are stored in the Subscriber Identity Module, this requires changing the GSM subscribers SIM cards.
Have the A5 algorithms been broken?
Alex Biryukov, Adi Shamir and David Wagner javascript:var%20handle=window.open('http://cryptome.org/a51-bsw.htm') showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation.
Ian Goldberg and David Wagner of the University of California at Berkeley published an analysis of the weaker A5/2 algorithm showing a work factor of 2^16, or approximately 10 milliseconds.
Elad Barkhan, Eli Biham and Nathan Keller of Technion javascript:var%20handle=window.open('http://cryptome.org/gsm-crack-bbk.pdf'), the Israel Institute of Technology, have shown a ciphertext-only attack against A5/2 that requires only a few dozen milliseconds of encrypted off-the-air traffic. They also described new attacks against A5/1 and A5/3.
What is an IMEI?
The IMEI (International Mobile Equipment Identity) is a unique 15-digit code used to identify an individual GSM mobile station to a GSM network.
The IMEI is stored in the Equipment Identity Register (EIR).
IMEI Classifications
The EIR stores three IMEI classifications:
White Valid GSM Mobile Stations
Grey GSM Mobile Stations to be tracked
Black Barred Mobile Stations
IMEI Format
The format of an IMEI is AABBBB--CC-DDDDDD-E.
AA Country Code
BBBB Final Assembly Code
CC Manufacturer Code
DDDDDD Serial Number
E Unused
IMEI Manufacturer Codes
IMEI Manufacturer Codes include:
01 AEG
02 AEG
07 Motorola
10 Nokia
20 Nokia
40 Motorola
41 Siemens
44 Siemens
51 Sony, Siemens, Ericsson
How can I find my IMEI?
The IMEI (International Mobile Equipment Identity) number can be displayed on most phones by dialing the code *# 06 #.
The IMEI is also usually printed on the compliance plate under the battery.
What is an IMSI?
The IMSI (International Mobile Subscriber Identity) is a unique 15-digit code used to identify an individual user on a GSM network.
The IMSI consists of three components:
Mobile Country Code (MCC)
Mobile Network Code (MNC)
Mobile Subscriber Identity Number (MSIN)
The IMSI is stored in the Subscriber Identity Module (SIM).
How do I change my PIN and PUK?
Change SIM Card PIN ** 04 * old PIN * new PIN * new PIN #
Change SIM Card PIN2 ** 042 * old PIN2 * new PIN2 *new PIN2 #
Change SIM Card PUK ** 05 * old PUK * new PUK * new PUK #
Change SIM Card PUK2 ** 052 * old PUK2 * new PUK2 * new PUK2 #
Note: These codes only work on some mobile stations offered by some providers.
What is a Subscriber Identity Module (SIM)?
The Subscriber Identity Module (SIM) is a small smart card which contains both programming and information.
The A3 and A8 algorithms are implemented in the Subscriber Identity Module (SIM).
Subscriber information, such as the IMSI (International Mobile Subscriber Identity), is stored in the Subscriber Identity Module (SIM).
The Subscriber Identity Module (SIM) can be used to store user-defined information such as phonebook entries.
One of the advantages of the GSM architecture is that the SIM may be moved from one Mobile Station to another. This makes upgrades very simple for the GSM telephone user.
Technion cracked it, filed a patent
http://www.gsm-security.net/gsm-security-papers.shtml
good stuff: http://rfdesign.com/mag/radio_field_trials_allsoftware/
http://www.vanu.com/
http://www.vanu.com/resources/whitepapers/vanu-anywave-2006-05.pdf
"cracking gsm"
The GSM Association says the approach "requires the attacker to transmit distinctive data over the air to masquerade as a GSM base station". This is illegal in most countries, the association says, so anyone attempting an attack on a significant scale would expect to be traced and caught.
Comments (0)
You don't have permission to comment on this page.