Telecommunications has a wide field and containing various areas such as fiber-optic network, mobile network and wireless and satellite network, etc. We considered especially for wireless GSM network, GSM or Global System for Mobile communications is a 2G network, but when it offers GPRS (data) services can be called 2.5G network.
The AMPS network has 1G or so vulnerabilities such as espionage and cell cloning, as it was a job in the analog domain, while the 2G network works in the digital environment and uses a different type of encryption algorithm to protect data.
It is good practice to first describe the original architecture of the GSM network so that you can easily understand the security holes. Now consider the basic scheme.
SIM Subscriber Identity Module HLR Home Location Register
MS Mobile Station Vistor Location Register VLR
BTS Base Transceiver Station EIR Equipment Identity Register
BSC Base Station Controller Authentication Center AC
MSC Mobile Switching Center PSTN Public Switched Telecommunications Network
VLR Visitor Location Register ISDN Integrated Services Digital Network
Like a computer network, the GSM network also uses an authentication process to allow SIM (user) to enter the network, just assume that there are 4 GSM operator that offers services and you have purchased a connection from a provider services, now does not mean your phone can not detect the network signal of three, your cell phone can receive the signal of 4 operators, but can only connect to the network of the SIM to be because the network to identify your SIM card user.
Understand phenomena in GSM authentication
The SIM (Subscriber Identity Module) is a small smart card and contain information and programming. SIM contains a temporary encryption key for encryption, temporary subscriber identity (TIMSI) and the International Mobile Subscriber Identity (IMSI). It also contains a PIN (Personal Identification Number) and PUK (PIN Unblocking Key).
SIM stores an authentication key of 128 bits provided by the service provider, IMSI is a unique 15 digit number that has a third party.
* Mobile Country Code (MCC)
* Mobile Network Code (MNC)
* Mobile Subscriber Identity (MSIN)
Now, as you have seen the importance of the IMSI, IMSI if you have another user of what the network can be identified by the identity of another user (as dangerous).
But what authentication is one way to hack GSM network? answer is no.
The air interface I mean the Um interface between the handset and BTS is encrypted by the algorithm A5, but the interface between the BSC and BTS to BSC to MSC is usually unencrypted and typically uses a microwave link or where using the fiber optic link or depends on the geographic area. So the point is that if you start to smell on the link for the GSM standard have not defined to protect the inhalation, so now you can understand the main port of the GSM network.
About the author:
This guest post was written by Irfan Shakeel, Irfan is a Telecommunications Engineer and IT Security Geek, Irfan wrote the article so many different blogs and is currently running a blog related to Ethical Hacking and penetration testing.
0 comments