Mobile Network Security Experiments With USRP
MetadataShow full item record
Though the mobile phone market has embraced 3G and 4G services, especially for the convenience of high speed Internet connectivity, the original cellular network system, GSM, is still available and covers most of the human population. One of its weaknesses is the relative simplicity of setting up a fake Base Transceiver Station (BTS), which can mount several attacks against Mobile Station (MS). One of them is to trick the MS into revealing International Mobile Subscriber Identity(IMSI), which uniquely identifies a mobile network user subscription. A breach of privacy. These devices have therefore become known as IMSI catchers. This thesis presents IMSI catchers, how they can operate in the GSM network, and what makes them most effective at their task. This information is then used to identify ways detecting IMSI catchers. Some of these identification methods are implemented in a piece of software that utilizes a Universal Software Radio Peripheral (USRP) to pick up GSM signals. This IMSI Catcher Detector is then tested in a live GSM environment, and the results of this experiment are analyzed. One proposed way of detection is to gather information from many BTSs to form a "fingerprint" of what is normal operation. Deviation from this would be deemed suspicious. This method seems to have some viability. After analyzing the data from the experiment it was found that there was very little deviation in broadcast traffic of the BTSs detected in the area covered by the experiment.