Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Technology Overview

Similar presentations

Presentation on theme: "Mobile Technology Overview"— Presentation transcript:

1 Mobile Technology Overview
Ed Gibbs Technologist ISSA - September 20, 2001 Sacramento, California

2 Ed Gibbs Biography Prior: Digital Equipment Corporation, Lockheed-Martin, Dow Jones & Company, and a few start-ups that don’t exist anymore! Focus on Firewalls, VPN, internetworking, , Mobile Data including WAP, and carrier infrastructure Recently completed chapter for Eoghan Casey’s new book “Handbook of Computer Crime” to be published in October/Nov. Collecting digital evidence within a cellular and network Contact Information: Nokia, 313 Fairchild Drive, Mountain View, CA 94043 Mobile:

3 Introduction Why is understanding Cellular networking important?
As voice and data merge over cellular networks, you may be tasked securing both Wireless data handsets are inescapable Carrier infrastructures are very complex – to what degree should one become acquainted? Just the basics – that’s what we’ll cover here today As security experts, there’s significant value in obtaining this knowledge to prepare you for the future Carriers have enjoyed closed networks, opening them up to the Internet is a major challenge

4 Types of Cellular Networks

5 Analog Mobile Phone Service
What is AMPS: Commercially available in 1970 by Bell Telephone Laboratories Geographic areas are subdivided into smaller areas which are commonly known as “cells” Each cell has it’s own antenna that is set to operate at distinct transmission frequencies Communications occur at a set frequency in each direction AMPS is still widely used today 7-cell pattern, each with different frequencies to avoid interference 824Mhz to 894Mhz with 30Khz of bandwidth separation per assigned channel for Transmit/Receive

6 Digital Advanced Mobile Phone Service
D-AMPS is far more complex than AMPS and supports two modes of operations Voice traffic is digital AMPS used for channel setup and signaling IS-54 – Uses Time-Division Multiple Access (TDMA) to divide the radio channels used by AMPS IS-136 (D-AMPS 1900) supports dual-mode, dual-band: Dual-Mode: Analog or Digital 800Mhz cellular frequency used by AMPS 1900Mhz frequency spectrum – Personal Communications Service (PCS) Allows for pages and short message services (SMS) of up to 239 characters

7 Time Division Multiple Access
TDMA separates users by assigned time slots, which minimizes interference from other simultaneous transmissions Disadvantage: When changing cells (handoff), the assigned time-slot in the new cell may already be occupied however this is a capacity problem Transmission (uplink/downlink or send/receive) is allocated two slots: One used at a defined frequency for uplink Second used at a particular frequency for downlink Extends battery life-time of handset by only transmitting a portion of time instead of a continuous transmission AT&T, Cingular (Eastern/Central US) uses TDMA Cingular formally PacificBell uses a technology called GSM which is not compatible with TDMA

8 Code Division Multiple Access
CDMA (IS-95) offers 6-10x the capacity of TDMA and uses codes to separate users as opposed to TDMA, which uses assigned time slots Uses broadband spread-spectrum developed in the 1940s for military purposes and uses a direct sequence technique, with the spreading sequence based on a pseudorandom binary sequence Also uses the 800Mhz and 1900Mhz frequency bands. When using 800Mhz AMPS mode, more AMPS channels needed to obtain frequency for CDMA (operator must clear 1.23Mhz/30khz or 41 channels) to accommodate When in 1900Mhz mode, CDMA uses PCS Directly supports IP packet data protocols Sprint, SBC uses CDMA

9 Global System for Mobile Communications
GSM developed in Europe in 1980s and became an international standard 13 years later There are two standards: European: 900Mhz (International Standard) North American – 800Mhz (900Mhz used by Government) and 1900Mhz GSM PCS North American GSM and European GSM are not compatible due to their frequency Tri-mode phones are available that operate at 800Mhz, 900Mhz, and 1900Mhz Uses TDMA framework but not compatible Subdivides each radio channel into eight time slots; D-AMPS subdivides into six time slots Over 250 GSM Networks are presently operating in 110 countries Data rates: 9.6Kbps to 14.4Kbps Carriers: Pacific Bell (now Cingular), VoiceStream, and now AT&T Wireless

10 GSM GSM uses the Subscriber Information Module (SIM card) which comes in two forms – credit card sized format and thumb tip size Embedded in the card is a microprocesor, ROM and RAM Also contains data such as: The subscriber’s phone number which is referred to as the MSISDN (Mobile Subscriber ISDN Number) The IMSI (International Mobile Subscriber Identity). The IMSI is globally unique to a particular subscriber The subscriber’s PIN which is used to prevent unauthorized use of the mobile device Authentication Keys

11 Carrier Infrastructure

12 Simple Architecture

13 Detailed Architecture

14 Network Operation Parameters
The adjunct processor handling operational issues may handle records that drill down deep into the network operation details. These records can cover such items as: A subscriber’s phone call attempt Whether the attempt was successful Whether the call was ended normally or was dropped Date and time of the call Signal strength of the subscriber’s mobile device as seen by the BTS In what cell site was the call set up In what cell site sector was the call set up Handover information What channel was used What frequency/time slot/PN number was used

15 Surveillance & Tracking

16 Methods of Tracking AOA: By knowing the direction from which a wireless signal is received (via the use of special antennas at the cell site), Angle of Arrival techniques calculate the location of a mobile device. This technology is deployed at the cell sites of the network operator. TDOA: Time Difference of Arrival technology uses the difference in time that it takes for a wireless signal to arrive at multiple cell sites to calculate the location of the mobile device. E-OTD: Enhanced Observed Time Difference involves a mobile device receiving the signals from at least three base stations, while a special receiver in the network (at a known position) also receives these signals. The mobile device location is calculated by comparing the time differences of arrival of the signals from the base stations at both the mobile device and the special receiver. This technology is deployed at cell sites and in the mobile device itself.

17 Methods of Tracking Triangulation is a process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction of the received signal from two or three different points Time delay response can be used in conjunction with triangulation to determine how far away the signal is between multiple points When a cell phone is turned on – it’s communicating! Call or standby mode Tracking is often difficult if not impossible in some situations Signal reflection, distortion, weak signal, etc.

18 Triangulation & Timed Response
Base • Z Base • X Base • Y Cell Phone Measured Response Time + Direction

19 Lawful Interception GSM & UMTS 3G GPRS backbone PDN SGSN GGSN MSC/VLR

20 Functional Roles User 5 Law 4 Enforcement Authority (LEA) 4 3
Network Operator Target User 1 2 2 4 Authorisation Authority (AA) Equipment Manufacturer Host/Terminal

21 Authorizing interceptions
Authorizing Agency (AA) Authorizes session using the web interface at the LIC

22 Enabling interceptions
Law Enforcement Agency (LEA) Starts interception at the LIC

23 E911 Update August 2000: FCC adopted an Order to implement the Wireless Communications and Public Safety Act of 1999 (911 Act), enacted on October 26,1999. Implemented in two phases: First Phase – Reveals cell phone number and base-station caller is using Second Phase – Pinpoints location accurate within meters October 1, 2001 Deadline will “not be met” All major carriers will file an extension with the FCC Location based service and tracking software not in place Only %10 of law enforcement is equipped to handle E911 Official Web-site

24 Steps to 3rd Generation within the US
New multimedia services Mass market cost of service (WCDMA) 2Mbps Introduction of 3rd generation radio Development of Radio Technology Enhanced speed and capacity (EDGE) 2002 Internet-like IP packet services for mass market (GPRS) 144Kbps Landline-like circuit services (HSCSD) & Interactive messaging (USSD) 2000 Basic GSM data at 9.6 kbit/s & Smart messaging 1997 Evolution

25 GPRS Architecture Firewall VPN VPN Firewall

26 WAP

27 Wireless Application Protocol (WAP)
De-facto world standard for wireless information and telephony services on digital mobile phones and other wireless terminals "Internet in Every Pocket" Objectives: General environment for wireless applications Internet or Intranet-like services and content to mobile terminals Network, bearer and manufacturer independent WAP Forum Started 1997 by Nokia, Ericsson, Motorola and Unwired Planet Now close to 500 member companies WAP 1.1 (June ‘99) The first release for commercial products WAP 1.2 (December ’99)

28 WAP System Architecture
Web Server Content CGI Scripts etc. with WML-Script WML Decks WAP Gateway WML Encoder WMLScript Compiler Protocol Adapters Client WML WML-Script WTAI Etc. HTTP WSP/WTP

29 Common WAP Deployment Scenarios
Mobile Customer Technical Architecture Business Model Total Corporate Solution Typical WAP Enabled 'Web Destination Site' Open WAP Portal + Content providers and Merchants Closed WAP Portal e.g. Operator / ISP Key Enterpr. hosted xSP hosted Dial-in Server WAP Server/Gateway Content & Applications Server (s)

30 Wireless Transport Layer Security
WTLS provides encryption from the mobile handset to the WAP Gateway WTLS to SSL conversion on WAP gateway must decrypt WTLS and re-encrypt to SSL Vulnerability: Clear-text Four classes: Class 0: No Security Class 1: Server Authentication (dh_anon) Available today Class 2: Signed Server Certificate Class 3: Signed Client Servificate Coming Soon


32 Wireless Identity Module (WIM)
Wireless PKI Capability WIM has five implementation possibilities Terminal HW (terminal SW) Integrated reader I.e. "dual slot" Additional chip, "Dual chip" WIM inside SIM = SWIM External reader

33 WAP Modes The four modes for WAP communications are:
Mode UDP Port WTLS Security Connectionless No Connection No Connectionless Yes Connection Yes

34 Security in WAP GSM Security Internet Security Wireless Network Internet FIREWALL WAP can secure communication between terminal and WAP gateway. For communications between gateway and origin server, other means e.g. SSL are required. Terminal WAP Gateway Origin Server WAP Security FIREWALL Leased modem pool Company intranet Initial image: terminal, gateway, origin server Terminal lives in wireless network, origin server in some internet The communications between the terminal and WAP gateway also require additional components, namely a base station and a dial-in-service. GSM security secures connection between the terminal and the base station. Internet security can be used to secure connection from gateway to origin server. WAP security secures communications all the way from the terminal to the gateway, no matter what kind bearer we are using. Security must be thought about as a complete package: we need also other security measures, like the gateway must be somehow protected from attacks from the Internet. Firewalls are used to protect the company intranet. Having the gateway in company premises is usually a good idea. Even the modem pool may be leased and we would still have complete security up to the gateway.

35 Future Example 1. Choosing the movie 2. Choosing the payment method
3. Entering the PIN-code 4. Downloading tickets to the chip 5. Confirming the downloading and loyalty points

36 EMPS: Many ways to use it
In the Cinema: Printing the tickets from terminal with bluetooth

37 Corporate Impact

38 Cellular Phones Outnumber PCs
Currently there are 350 million mobile phone subscribers. By 2003 there will be more than 1 billion! Of these, around 600m are likely to be using WAP compatible products to access the web, compared to a PC installed base of around 400m Cellular Subscribers. Source: EMC 1999 PC installed base. Source: Dataquest 1999

39 Mobile Phone will be a new online Channel
Mobile phones are becoming media phones WAP (Wireless Application Protocol) brings standard way to connect mobile customers to content services Now near 300 million mobile phone users, by 2003 there will be more than 1 billion! WAP GSM TV 50 Milj. Users Radio WWW Internet Here some picture with a mobility theme The message here basically the same as in the first page of the WAP Server brocure 5 15 35 Years Today there are more than 150 million GSM subscribers world wide

40 Is you’re organization ready?
Mobile data is here today Accessibility Modems Internal External Internet Portal Encryption WTLS SSL VPN Device Applications

41 Terms 2G – Second Generation Phone Service – What we have today!
2.5G - GPRS 3G – Third Generation – Packet Switched Radio BTS – Base Transceiver Station BSC – Base Station Controller GGSN – GPRS Gateway Server Node HLR – Home Location Registry LIG – Lawful Interception Gateway MSC – Mobile Switching Center SMSc – Small Message Service Center PSTN – Public Switched Telephone Network SGSN – Serving GPRS Support Node VLR – Visitor Location Registry

42 Questions? Thank You for listening Danke für Ihre Aufmerksamkeit Kiitos huomiostanne Muchas gracias por atención Merci pour votre attention

Download ppt "Mobile Technology Overview"

Similar presentations

Ads by Google