Skip to main content
SpringerLink
Log in

A new approach to deploying private mobile network exploits

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Private mobile communication systems (MCS) can be established easily with an open project and small MCS base stations are increasingly deployed in experiment environment. They can support not only voice communication, but also short message services (SMS) and data services. If a user has small base station (BS), then establishing a private real-world MCS becomes a clear option. For a private MCS to function properly, the services of private MCSs based on open projects should be configured similarly to those provided by commercial MCSs. In other words, the service should include voice communication, a SMS, and a General Packet Radio Services/Enhanced Data rates for GSM Evolution service. Also, the subscriber station, likewise, should be configured to support such services. In this paper, we consider attack scenarios using experimental MCSs with small BSs. We experimentally show the feasibility of attacks resulting in the leakage of private information, attacks on OpenBSC control, and DNS spoofing at the network level, all without subscriber knowledge.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. 3GPP LTE Encyclopedia (2010) An introduction to LTE

  2. Motorola (2010) Long term evolution (LTE): a technical overview

  3. Mouly M, Pautet MB (1992) The GSM system for mobile communication. Telecom Publishing, Phoenix

    Google Scholar 

  4. Ekdahl P, Johansson T (2003) Another attack on A5/1. In: IEEE transactions on information theory, vol 49.1

  5. Gendrullis T, Novotny M, Rupp A (2008) A real-world attack breaking A5/1 within hours. In: Cryptographic hardware and embedded systems (CHES). Springer, Berlin

  6. Ageev DV (1935) Bases of the theory of linear selection. Code demultiplexing. In: Proceedings of the Leningrad Experimental Institute of Communication, pp 3–35

  7. BTS. http://en.wikipedia.org/wiki/Base_transceiver_station. Accessed Oct 2013

  8. 3GPP TS 33.320 : 3GPP security aspect of home NodeB and home eNodeB, release 9. 10th December 2009

  9. Chen J, Wong M (2012) Security implications and considerations for Femtocells. RP Journal

  10. Bilogrevic I, Jadliwala M, Hubaux J-P (2010) Security issues in next generation mobile networks: LTE and femtocells. 2nd international femtocell workshop, Luton

    Google Scholar 

  11. Rao JR, Rohatgi P, Scherzer H, Tinguely S (2003) Partitioning attacks: or how to rapidly clone some GSM cards. In: Proceedings of the 2002 IEEE symposium on security and privacy

  12. Wary J-P (2003) Another countermeasure for the Barkan–Biham–Keller attack on A5/2, 3GPP

  13. Kumar S, Pelzl J, Pfeiffer G, Schimmler M, Paar C (2003) Breaking ciphers with COPACOBANA a cost-optimized parallel code breaker. In: Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems. Springer

  14. Nohl K, Kribler S (2010) A5/1 cracking project. Black Hat USA

  15. Paglieri N, Benjamin O (2011) Implementation and performance analysis of Barkan, Biham and Kellers attack on A5/2

  16. Perez D, Pico J (2011) A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications. Black Hat DC

  17. Boccuzzi J (2010) Femtocells design & application. McGrawHill, New York

    Google Scholar 

  18. Femtocell. http://en.wikipedia.org/wiki/Femtocell. Accessed June 2013

  19. Hulton D (2008) Intercepting GSM traffic. Black Hat Europe

  20. Borgaonkar RB (2013) Security analysis of femtocell-enabled cellular network architecture. Technical University of Berlin, Berlin

  21. Dunkelman O, Keller N, Shamir A (2010) A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony. IACR

  22. Handschuh H, Paillier P (2000) Reducing the collision probability of alleged Comp128, smart card research and applications. Lecture notes in computer science, vol 1820. Springer, New York, pp 380–385

  23. Weinmann R-P (2012) Attacks baseband: remote exploitation of memory corruptions in cellular. protocol stacks, USENIX

  24. Weinmann R-P (2011) The baseband apocalypse. In: 27th CCC

  25. SS7 MTP2-user peer-to-peer adaptation layer (2004) SS7 MTP2-user peer-to-peer adaptation layer

  26. European Telecommunications Standards Institute (1996) Digital cellular telecommunications system (phase 2\(+\)). In: Mobile application part (MAP) specification (GSM 09.02)

  27. Handover. http://en.wikipedia.org/wiki/Handover/. Accessed June 2013

  28. OpenBSC. http://openbsc.osmocom.org/trac/. Accessed June 2013

  29. osmo-nitb (BSC, MSC, HLR, AuC and EIR). http://openbsc.osmocom.org/trac/wiki/osmo-nitb/. Accessed Oct 2013

  30. OpenSGSN. http://openbsc.osmocom.org/trac/wiki/osmo-sgsn/. Accessed Oct 2013

  31. OpenGGSN. http://sourceforge.net/projects/ggsn/. Accessed Oct 2013

Download references

Acknowledgments

This work was supported by Korea University Grant.

Conflict of interest

None.

Author information

Authors and Affiliations

  1. Graduate School of Information Security, Korea University, Seoul, 137-713, Korea

    Eunyoung Kim

  2. The Attached of ETRI, P.O. Box 1, Yuseong, Daejeon, 305-600, Korea

    Eunyoung Kim

  3. Department of Electronics and Information Engineering, Korea University, Sejong City, 339-700, Korea

    Jongsub Moon

Authors
  1. Eunyoung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jongsub Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jongsub Moon.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, E., Moon, J. A new approach to deploying private mobile network exploits. J Supercomput 72, 46–57 (2016). https://doi.org/10.1007/s11227-015-1461-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1461-5

Keywords

Search

Navigation