Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © NOKIA FILENAMs.PPT/ DATE / NN Mobile Technology Overview Ed Gibbs Technologist ISSA - September 20, 2001 Sacramento, California.

Similar presentations

Presentation on theme: "1 © NOKIA FILENAMs.PPT/ DATE / NN Mobile Technology Overview Ed Gibbs Technologist ISSA - September 20, 2001 Sacramento, California."— Presentation transcript:


2 1 © NOKIA FILENAMs.PPT/ DATE / NN Mobile Technology Overview Ed Gibbs Technologist ISSA - September 20, 2001 Sacramento, California

3 2 © NOKIA FILENAMs.PPT/ DATE / NN Ed Gibbs Biography Prior: Digital Equipment Corporation, Lockheed-Martin, Dow Jones & Company, and a few start-ups that dont exist anymore! Focus on Firewalls, VPN, internetworking, , Mobile Data including WAP, and carrier infrastructure Recently completed chapter for Eoghan Caseys new book Handbook of Computer Crime to be published in October/Nov. Collecting digital evidence within a cellular and network Contact Information: Nokia, 313 Fairchild Drive, Mountain View, CA Mobile:

4 3 © NOKIA FILENAMs.PPT/ DATE / NN Introduction Why is understanding Cellular networking important? As voice and data merge over cellular networks, you may be tasked securing both Wireless data handsets are inescapable Carrier infrastructures are very complex – to what degree should one become acquainted? Just the basics – thats what well cover here today As security experts, theres significant value in obtaining this knowledge to prepare you for the future Carriers have enjoyed closed networks, opening them up to the Internet is a major challenge

5 4 © NOKIA FILENAMs.PPT/ DATE / NN Types of Cellular Networks

6 5 © NOKIA FILENAMs.PPT/ DATE / NN Analog Mobile Phone Service What is AMPS: Commercially available in 1970 by Bell Telephone Laboratories Geographic areas are subdivided into smaller areas which are commonly known as cells Each cell has its own antenna that is set to operate at distinct transmission frequencies Communications occur at a set frequency in each direction AMPS is still widely used today 7-cell pattern, each with different frequencies to avoid interference 824Mhz to 894Mhz with 30Khz of bandwidth separation per assigned channel for Transmit/Receive

7 6 © NOKIA FILENAMs.PPT/ DATE / NN Digital Advanced Mobile Phone Service D-AMPS is far more complex than AMPS and supports two modes of operations Voice traffic is digital AMPS used for channel setup and signaling IS-54 – Uses Time-Division Multiple Access (TDMA) to divide the radio channels used by AMPS IS-136 (D-AMPS 1900) supports dual-mode, dual-band: –Dual-Mode: Analog or Digital –800Mhz cellular frequency used by AMPS –1900Mhz frequency spectrum – Personal Communications Service (PCS) –Allows for pages and short message services (SMS) of up to 239 characters

8 7 © NOKIA FILENAMs.PPT/ DATE / NN Time Division Multiple Access TDMA separates users by assigned time slots, which minimizes interference from other simultaneous transmissions Disadvantage: When changing cells (handoff), the assigned time-slot in the new cell may already be occupied however this is a capacity problem Transmission (uplink/downlink or send/receive) is allocated two slots: One used at a defined frequency for uplink Second used at a particular frequency for downlink Extends battery life-time of handset by only transmitting a portion of time instead of a continuous transmission AT&T, Cingular (Eastern/Central US) uses TDMA Cingular formally PacificBell uses a technology called GSM which is not compatible with TDMA

9 8 © NOKIA FILENAMs.PPT/ DATE / NN Code Division Multiple Access CDMA (IS-95) offers 6-10x the capacity of TDMA and uses codes to separate users as opposed to TDMA, which uses assigned time slots Uses broadband spread-spectrum developed in the 1940s for military purposes and uses a direct sequence technique, with the spreading sequence based on a pseudorandom binary sequence Also uses the 800Mhz and 1900Mhz frequency bands. When using 800Mhz AMPS mode, more AMPS channels needed to obtain frequency for CDMA (operator must clear 1.23Mhz/30khz or 41 channels) to accommodate When in 1900Mhz mode, CDMA uses PCS Directly supports IP packet data protocols Sprint, SBC uses CDMA

10 9 © NOKIA FILENAMs.PPT/ DATE / NN Global System for Mobile Communications GSM developed in Europe in 1980s and became an international standard 13 years later There are two standards: European: 900Mhz (International Standard) North American – 800Mhz (900Mhz used by Government) and 1900Mhz GSM PCS North American GSM and European GSM are not compatible due to their frequency Tri-mode phones are available that operate at 800Mhz, 900Mhz, and 1900Mhz Uses TDMA framework but not compatible Subdivides each radio channel into eight time slots; D- AMPS subdivides into six time slots Over 250 GSM Networks are presently operating in 110 countries Data rates: 9.6Kbps to 14.4Kbps Carriers: Pacific Bell (now Cingular), VoiceStream, and now AT&T Wireless

11 10 © NOKIA FILENAMs.PPT/ DATE / NN GSM GSM uses the Subscriber Information Module (SIM card) which comes in two forms – credit card sized format and thumb tip size Embedded in the card is a microprocesor, ROM and RAM Also contains data such as: The subscribers phone number which is referred to as the MSISDN (Mobile Subscriber ISDN Number) The IMSI (International Mobile Subscriber Identity). The IMSI is globally unique to a particular subscriber The subscribers PIN which is used to prevent unauthorized use of the mobile device Authentication Keys

12 11 © NOKIA FILENAMs.PPT/ DATE / NN Carrier Infrastructure

13 12 © NOKIA FILENAMs.PPT/ DATE / NN Simple Architecture

14 13 © NOKIA FILENAMs.PPT/ DATE / NN Detailed Architecture

15 14 © NOKIA FILENAMs.PPT/ DATE / NN Network Operation Parameters The adjunct processor handling operational issues may handle records that drill down deep into the network operation details. These records can cover such items as: A subscribers phone call attempt Whether the attempt was successful Whether the call was ended normally or was dropped Date and time of the call Signal strength of the subscribers mobile device as seen by the BTS In what cell site was the call set up In what cell site sector was the call set up Handover information What channel was used What frequency/time slot/PN number was used

16 15 © NOKIA FILENAMs.PPT/ DATE / NN Surveillance & Tracking

17 16 © NOKIA FILENAMs.PPT/ DATE / NN Methods of Tracking AOA: By knowing the direction from which a wireless signal is received (via the use of special antennas at the cell site), Angle of Arrival techniques calculate the location of a mobile device. This technology is deployed at the cell sites of the network operator. TDOA: Time Difference of Arrival technology uses the difference in time that it takes for a wireless signal to arrive at multiple cell sites to calculate the location of the mobile device. This technology is deployed at the cell sites of the network operator. E-OTD: Enhanced Observed Time Difference involves a mobile device receiving the signals from at least three base stations, while a special receiver in the network (at a known position) also receives these signals. The mobile device location is calculated by comparing the time differences of arrival of the signals from the base stations at both the mobile device and the special receiver. This technology is deployed at cell sites and in the mobile device itself.

18 17 © NOKIA FILENAMs.PPT/ DATE / NN Methods of Tracking Triangulation is a process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction of the received signal from two or three different points Time delay response can be used in conjunction with triangulation to determine how far away the signal is between multiple points When a cell phone is turned on – its communicating! Call or standby mode Tracking is often difficult if not impossible in some situations Signal reflection, distortion, weak signal, etc.

19 18 © NOKIA FILENAMs.PPT/ DATE / NN Triangulation & Timed Response Base X Base Z Base Y Cell Phone Measured Response Time + Direction

20 19 © NOKIA FILENAMs.PPT/ DATE / NN Lawful Interception MSC/VLREIR HLR Gi Gs Gf Gr GSM & UMTS SGSN GGSN Gn 3G GPRS backbone PDN Gp

21 20 © NOKIA FILENAMs.PPT/ DATE / NN Functional Roles Law Enforcement Authority (LEA) Authorisation Authority (AA) Network Operator Equipment Manufacturer User Host/Terminal Target User

22 21 © NOKIA FILENAMs.PPT/ DATE / NN Authorizing interceptions Authorizing Agency (AA) Authorizes session using the web interface at the LIC

23 22 © NOKIA FILENAMs.PPT/ DATE / NN Enabling interceptions Law Enforcement Agency (LEA) Starts interception at the LIC

24 23 © NOKIA FILENAMs.PPT/ DATE / NN E911 Update August 2000: FCC adopted an Order to implement the Wireless Communications and Public Safety Act of 1999 (911 Act), enacted on October 26,1999. Implemented in two phases: First Phase – Reveals cell phone number and base-station caller is using Second Phase – Pinpoints location accurate within meters October 1, 2001 Deadline will not be met All major carriers will file an extension with the FCC Location based service and tracking software not in place Only %10 of law enforcement is equipped to handle E911 Official Web-site

25 24 © NOKIA FILENAMs.PPT/ DATE / NN Steps to 3rd Generation within the US Basic GSM data at 9.6 kbit/s & Smart messaging 1997 Landline-like circuit services (HSCSD) & Interactive messaging (USSD) 2000 Internet-like IP packet services for mass market (GPRS) 144Kbps Enhanced speed and capacity (EDGE) 2002Evolution New multimedia services Mass market cost of service (WCDMA) 2Mbps Introduction of 3rd generation radio Development of Radio Technology

26 25 © NOKIA FILENAMs.PPT/ DATE / NN GPRS Architecture VPN Firewall


28 27 © NOKIA FILENAMs.PPT/ DATE / NN Wireless Application Protocol (WAP) De-facto world standard for wireless information and telephony services on digital mobile phones and other wireless terminals "Internet in Every Pocket" Objectives: General environment for wireless applications Internet or Intranet-like services and content to mobile terminals Network, bearer and manufacturer independent WAP Forum Started 1997 by Nokia, Ericsson, Motorola and Unwired Planet Now close to 500 member companies WAP 1.1 (June 99) The first release for commercial products WAP 1.2 (December 99)

29 28 © NOKIA FILENAMs.PPT/ DATE / NN Web Server Content CGI Scripts etc. WML Decks with WML-Script WAP Gateway WML Encoder WMLScript Compiler Protocol Adapters Client WML WML- Script WTAI Etc. HTTPWSP/WTP WAP System Architecture

30 29 © NOKIA FILENAMs.PPT/ DATE / NN Common WAP Deployment Scenarios Mobile Customer Dial-in Server WAP Server/Gateway Content & Applications Server (s) Total Corporate Solution Closed WAP Portal e.g. Operator / ISP Business ModelTechnical Architecture Typical WAP Enabled 'Web Destination Site' Open WAP Portal + Content providers and Merchants Key Enterpr. hosted xSP hosted

31 30 © NOKIA FILENAMs.PPT/ DATE / NN Wireless Transport Layer Security WTLS provides encryption from the mobile handset to the WAP Gateway WTLS to SSL conversion on WAP gateway must decrypt WTLS and re-encrypt to SSL Vulnerability: Clear-text Four classes: Class 0: No Security Class 1: Server Authentication (dh_anon) Available today Class 2: Signed Server Certificate Available today Class 3: Signed Client Servificate Coming Soon


33 32 © NOKIA FILENAMs.PPT/ DATE / NN Wireless Identity Module (WIM) Terminal HW (terminal SW) Additional chip, "Dual chip" Integrated reader I.e. "dual slot" External reader Wireless PKI Capability WIM has five implementation possibilities WIM inside SIM = SWIM

34 33 © NOKIA FILENAMs.PPT/ DATE / NN WAP Modes The four modes for WAP communications are: ModeUDP PortWTLS Security Connectionless9200 No Connection9201No Connectionless9202Yes Connection 9203 Yes

35 34 © NOKIA FILENAMs.PPT/ DATE / NN Terminal WAP Gateway Origin Server Wireless Network Internet Company intranet FIREWALL Leased modem pool Security in WAP FIREWALL WAP Security WAP can secure communication between terminal and WAP gateway. For communications between gateway and origin server, other means e.g. SSL are required. GSM Security Internet Security

36 35 © NOKIA FILENAMs.PPT/ DATE / NN 1. Choosing the movie 2. Choosing the payment method 3. Entering the PIN-code 4. Downloading tickets to the chip 5. Confirming the downloading and loyalty points Future Example

37 36 © NOKIA FILENAMs.PPT/ DATE / NN In the Cinema: Printing the tickets from terminal with bluetooth EMPS: Many ways to use it

38 37 © NOKIA FILENAMs.PPT/ DATE / NN Corporate Impact

39 38 © NOKIA FILENAMs.PPT/ DATE / NN Currently there are 350 million mobile phone subscribers. By 2003 there will be more than 1 billion! Of these, around 600m are likely to be using WAP compatible products to access the web, compared to a PC installed base of around 400m Cellular Phones Outnumber PCs Cellular Subscribers. Source: EMC 1999 PC installed base. Source: Dataquest 1999

40 39 © NOKIA FILENAMs.PPT/ DATE / NN Mobile phones are becoming media phones WAP (Wireless Application Protocol) brings standard way to connect mobile customers to content services Now near 300 million mobile phone users, by 2003 there will be more than 1 billion! 50 Milj. Users Radio TV WWW Internet GSM 35 Years 15 5 Today there are more than 150 million GSM subscribers world wide WAP Mobile Phone will be a new online Channel

41 40 © NOKIA FILENAMs.PPT/ DATE / NN Is youre organization ready? Mobile data is here today Accessibility Modems Internal External Internet Portal Encryption WTLS SSL VPN Device Applications

42 41 © NOKIA FILENAMs.PPT/ DATE / NN Terms 2G – Second Generation Phone Service – What we have today! 2.5G - GPRS 3G – Third Generation – Packet Switched Radio BTS – Base Transceiver Station BSC – Base Station Controller GGSN – GPRS Gateway Server Node HLR – Home Location Registry LIG – Lawful Interception Gateway MSC – Mobile Switching Center SMSc – Small Message Service Center PSTN – Public Switched Telephone Network SGSN – Serving GPRS Support Node VLR – Visitor Location Registry

43 42 © NOKIA FILENAMs.PPT/ DATE / NN Questions? Thank You for listening Danke für Ihre Aufmerksamkeit Kiitos huomiostanne Muchas gracias por atención Merci pour votre attention

Download ppt "1 © NOKIA FILENAMs.PPT/ DATE / NN Mobile Technology Overview Ed Gibbs Technologist ISSA - September 20, 2001 Sacramento, California."

Similar presentations

Ads by Google