Presentation on theme: "Mobile Technology Overview"— Presentation transcript:
1 Mobile Technology Overview Ed GibbsTechnologistISSA - September 20, 2001Sacramento, California
2 Ed Gibbs BiographyPrior: Digital Equipment Corporation, Lockheed-Martin, Dow Jones & Company, and a few start-ups that don’t exist anymore!Focus on Firewalls, VPN, internetworking, , Mobile Data including WAP, and carrier infrastructureRecently completed chapter for Eoghan Casey’s new book “Handbook of Computer Crime” to be published in October/Nov.Collecting digital evidence within a cellular and networkContact Information:Nokia, 313 Fairchild Drive, Mountain View, CA 94043Mobile:
3 Introduction Why is understanding Cellular networking important? As voice and data merge over cellular networks, you may be tasked securing bothWireless data handsets are inescapableCarrier infrastructures are very complex – to what degree should one become acquainted?Just the basics – that’s what we’ll cover here todayAs security experts, there’s significant value in obtaining this knowledge to prepare you for the futureCarriers have enjoyed closed networks, opening them up to the Internet is a major challenge
5 Analog Mobile Phone Service What is AMPS:Commercially available in 1970 by Bell Telephone LaboratoriesGeographic areas are subdivided into smaller areas which are commonly known as “cells”Each cell has it’s own antenna that is set to operate at distinct transmission frequenciesCommunications occur at a set frequency in each directionAMPS is still widely used today7-cell pattern, each with different frequencies to avoid interference824Mhz to 894Mhz with 30Khz of bandwidth separation per assigned channel for Transmit/Receive
6 Digital Advanced Mobile Phone Service D-AMPS is far more complex than AMPS and supports two modes of operationsVoice traffic is digitalAMPS used for channel setup and signalingIS-54 – Uses Time-Division Multiple Access (TDMA) to divide the radio channels used by AMPSIS-136 (D-AMPS 1900) supports dual-mode, dual-band:Dual-Mode: Analog or Digital800Mhz cellular frequency used by AMPS1900Mhz frequency spectrum – Personal Communications Service (PCS)Allows for pages and short message services (SMS) of up to 239 characters
7 Time Division Multiple Access TDMA separates users by assigned time slots, which minimizes interference from other simultaneous transmissionsDisadvantage: When changing cells (handoff), the assigned time-slot in the new cell may already be occupied however this is a capacity problemTransmission (uplink/downlink or send/receive) is allocated two slots:One used at a defined frequency for uplinkSecond used at a particular frequency for downlinkExtends battery life-time of handset by only transmitting a portion of time instead of a continuous transmissionAT&T, Cingular (Eastern/Central US) uses TDMACingular formally PacificBell uses a technology called GSM which is not compatible with TDMA
8 Code Division Multiple Access CDMA (IS-95) offers 6-10x the capacity of TDMA and uses codes to separate users as opposed to TDMA, which uses assigned time slotsUses broadband spread-spectrum developed in the 1940s for military purposes and uses a direct sequence technique, with the spreading sequence based on a pseudorandom binary sequenceAlso uses the 800Mhz and 1900Mhz frequency bands.When using 800Mhz AMPS mode, more AMPS channels needed to obtain frequency for CDMA (operator must clear 1.23Mhz/30khz or 41 channels) to accommodateWhen in 1900Mhz mode, CDMA uses PCSDirectly supports IP packet data protocolsSprint, SBC uses CDMA
9 Global System for Mobile Communications GSM developed in Europe in 1980s and became an international standard 13 years laterThere are two standards:European: 900Mhz (International Standard)North American – 800Mhz (900Mhz used by Government) and 1900Mhz GSM PCSNorth American GSM and European GSM are not compatible due to their frequencyTri-mode phones are available that operate at 800Mhz, 900Mhz, and 1900MhzUses TDMA framework but not compatibleSubdivides each radio channel into eight time slots; D-AMPS subdivides into six time slotsOver 250 GSM Networks are presently operating in 110 countriesData rates: 9.6Kbps to 14.4KbpsCarriers: Pacific Bell (now Cingular), VoiceStream, and now AT&T Wireless
10 GSMGSM uses the Subscriber Information Module (SIM card) which comes in two forms – credit card sized format and thumb tip sizeEmbedded in the card is a microprocesor, ROM and RAMAlso contains data such as:The subscriber’s phone number which is referred to as the MSISDN (Mobile Subscriber ISDN Number)The IMSI (International Mobile Subscriber Identity). The IMSI is globally unique to a particular subscriberThe subscriber’s PIN which is used to prevent unauthorized use of the mobile deviceAuthentication Keys
14 Network Operation Parameters The adjunct processor handling operational issues may handle records that drill down deep into the network operation details. These records can cover such items as:A subscriber’s phone call attemptWhether the attempt was successfulWhether the call was ended normally or was droppedDate and time of the callSignal strength of the subscriber’s mobile device as seen by the BTSIn what cell site was the call set upIn what cell site sector was the call set upHandover informationWhat channel was usedWhat frequency/time slot/PN number was used
16 Methods of TrackingAOA: By knowing the direction from which a wireless signal is received (via the use of special antennas at the cell site), Angle of Arrival techniques calculate the location of a mobile device.This technology is deployed at the cell sites of the network operator.TDOA: Time Difference of Arrival technology uses the difference in time that it takes for a wireless signal to arrive at multiple cell sites to calculate the location of the mobile device.E-OTD: Enhanced Observed Time Difference involves a mobile device receiving the signals from at least three base stations, while a special receiver in the network (at a known position) also receives these signals.The mobile device location is calculated by comparing the time differences of arrival of the signals from the base stations at both the mobile device and the special receiver.This technology is deployed at cell sites and in the mobile device itself.
17 Methods of TrackingTriangulation is a process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction of the received signal from two or three different pointsTime delay response can be used in conjunction with triangulation to determine how far away the signal is between multiple pointsWhen a cell phone is turned on – it’s communicating!Call or standby modeTracking is often difficult if not impossible in some situationsSignal reflection, distortion, weak signal, etc.
18 Triangulation & Timed Response Base • ZBase• X•Base • YCell Phone•Measured Response Time + Direction
20 Functional Roles User 5 Law 4 Enforcement Authority (LEA) 4 3 Network OperatorTarget User1224AuthorisationAuthority (AA)EquipmentManufacturerHost/Terminal
21 Authorizing interceptions Authorizing Agency (AA)Authorizes session using the web interface at the LIC
22 Enabling interceptions Law Enforcement Agency (LEA)Starts interception at the LIC
23 E911 UpdateAugust 2000: FCC adopted an Order to implement the Wireless Communications and Public Safety Act of 1999 (911 Act), enacted on October 26,1999.Implemented in two phases:First Phase – Reveals cell phone number and base-station caller is usingSecond Phase – Pinpoints location accurate within metersOctober 1, 2001 Deadline will “not be met”All major carriers will file an extension with the FCCLocation based service and tracking software not in placeOnly %10 of law enforcement is equipped to handle E911Official Web-site
24 Steps to 3rd Generation within the US New multimedia servicesMass market cost of service (WCDMA) 2MbpsIntroduction of 3rd generation radioDevelopment of Radio TechnologyEnhanced speed and capacity (EDGE)2002Internet-like IP packet services for mass market (GPRS) 144KbpsLandline-like circuit services (HSCSD) & Interactive messaging (USSD)2000Basic GSM data at 9.6 kbit/s & Smart messaging1997Evolution
27 Wireless Application Protocol (WAP) De-facto world standard for wireless information and telephony services on digital mobile phones and other wireless terminals"Internet in Every Pocket"Objectives:General environment for wireless applicationsInternet or Intranet-like services and content to mobile terminalsNetwork, bearer and manufacturer independentWAP ForumStarted 1997 by Nokia, Ericsson, Motorola and Unwired PlanetNow close to 500 member companiesWAP 1.1 (June ‘99)The first release for commercial productsWAP 1.2 (December ’99)
28 WAP System Architecture Web ServerContentCGIScriptsetc.with WML-ScriptWML DecksWAP GatewayWML EncoderWMLScriptCompilerProtocol AdaptersClientWMLWML-ScriptWTAIEtc.HTTPWSP/WTP
29 Common WAP Deployment Scenarios MobileCustomerTechnical ArchitectureBusiness ModelTotal Corporate SolutionTypical WAP Enabled 'Web Destination Site'Open WAP Portal + Content providers and MerchantsClosed WAP Portal e.g. Operator / ISPKeyEnterpr. hostedxSP hostedDial-inServerWAP Server/GatewayContent & ApplicationsServer (s)
30 Wireless Transport Layer Security WTLS provides encryption from the mobile handset to the WAP GatewayWTLS to SSL conversion on WAP gateway must decrypt WTLS and re-encrypt to SSLVulnerability: Clear-textFour classes:Class 0: No SecurityClass 1: Server Authentication (dh_anon)Available todayClass 2: Signed Server CertificateClass 3: Signed Client ServificateComing Soon
33 WAP Modes The four modes for WAP communications are: Mode UDP Port WTLS SecurityConnectionless NoConnection NoConnectionless YesConnection Yes
34 Security in WAPGSM SecurityInternet SecurityWireless NetworkInternetFIREWALLWAP can secure communication between terminal and WAP gateway.For communications between gateway and origin server, other means e.g. SSL are required.TerminalWAP GatewayOrigin ServerWAP SecurityFIREWALLLeased modem poolCompany intranetInitial image: terminal, gateway, origin serverTerminal lives in wireless network, origin server in some internetThe communications between the terminal and WAP gateway also require additional components, namely a base station and a dial-in-service.GSM security secures connection between the terminal and the base station. Internet security can be used to secure connection from gateway to origin server.WAP security secures communications all the way from the terminal to the gateway, no matter what kind bearer we are using.Security must be thought about as a complete package: we need also other security measures, like the gateway must be somehow protected from attacks from the Internet. Firewalls are used to protect the company intranet. Having the gateway in company premises is usually a good idea.Even the modem pool may be leased and we would still have complete security up to the gateway.
35 Future Example 1. Choosing the movie 2. Choosing the payment method 3. Entering the PIN-code4. Downloading tickets to the chip5. Confirming the downloading and loyalty points
36 EMPS: Many ways to use it In the Cinema:Printing the tickets from terminal with bluetooth
38 Cellular Phones Outnumber PCs Currently there are 350 million mobile phone subscribers. By 2003 there will be more than 1 billion! Of these, around 600m are likely to be using WAP compatible products to access the web, compared to a PC installed base of around 400mCellular Subscribers. Source: EMC 1999PC installed base. Source: Dataquest 1999
39 Mobile Phone will be a new online Channel Mobile phones are becoming media phonesWAP (Wireless Application Protocol) brings standard way to connect mobile customers to content servicesNow near 300 million mobile phone users, by 2003 there will be more than 1 billion!WAPGSMTV50 Milj.UsersRadioWWWInternetHere some picture with a mobility themeThe message here basically the same as in the first page of the WAP Server brocure51535YearsToday there are more than 150 million GSM subscribers world wide
40 Is you’re organization ready? Mobile data is here todayAccessibilityModemsInternalExternalInternet PortalEncryptionWTLSSSLVPNDeviceApplications
41 Terms 2G – Second Generation Phone Service – What we have today! 2.5G - GPRS3G – Third Generation – Packet Switched RadioBTS – Base Transceiver StationBSC – Base Station ControllerGGSN – GPRS Gateway Server NodeHLR – Home Location RegistryLIG – Lawful Interception GatewayMSC – Mobile Switching CenterSMSc – Small Message Service CenterPSTN – Public Switched Telephone NetworkSGSN – Serving GPRS Support NodeVLR – Visitor Location Registry
42 Questions?Thank You for listening Danke für Ihre Aufmerksamkeit Kiitos huomiostanne Muchas gracias por atención Merci pour votre attention
Your consent to our cookies if you continue to use this website.