23 research outputs found
Easy 4G/LTE IMSI Catchers for Non-Programmers
IMSI Catchers are tracking devices that break the privacy of the subscribers
of mobile access networks, with disruptive effects to both the communication
services and the trust and credibility of mobile network operators. Recently,
we verified that IMSI Catcher attacks are really practical for the
state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires
subscription identities (IMSIs) within an area or location within a few seconds
of operation and then denies access of subscribers to the commercial network.
Moreover, we demonstrate that these attack devices can be easily built and
operated using readily available tools and equipment, and without any
programming. We describe our experiments and procedures that are based on
commercially available hardware and unmodified open source software
Experimental Analysis of Subscribers' Privacy Exposure by LTE Paging
Over the last years, considerable attention has been given to the privacy of
individuals in wireless environments. Although significantly improved over the
previous generations of mobile networks, LTE still exposes vulnerabilities that
attackers can exploit. This might be the case of paging messages, wake-up
notifications that target specific subscribers, and that are broadcasted in
clear over the radio interface. If they are not properly implemented, paging
messages can expose the identity of subscribers and furthermore provide
information about their location. It is therefore important that mobile network
operators comply with the recommendations and implement the appropriate
mechanisms to mitigate attacks. In this paper, we verify by experiment that
paging messages can be captured and decoded by using minimal technical skills
and publicly available tools. Moreover, we present a general experimental
method to test privacy exposure by LTE paging messages, and we conduct a case
study on three different LTE mobile operators
Analysis of Propagation Models for Base Station Antenna: A Case Study of Ado - Ekiti, Nigeria
Path loss analysis using key parameters and mathematical
models is essential for accurate characterization of a radio channel
for a coverage area. It plays a fundamental role in predicting the
radio coverage, path
-
loss, death zone and designing of an optim
ized
fixed and mobile
network
systems. This paper analysed and
compared two models, Okumura and Okumura Hata on the basis of
variation in antenna height and operational frequency of a base
transmitting station (BTS) in Ado
-
Ekiti, Nigeria. The result obtain
ed
shows that Okumura Hata model has a better signal strength delivery
to destination with a less reduced path loss variation compared to
Okumura model. Even though there is significant gain of about 12dB
when Okumura model parameters was varied it is not
better than the
signal strength Okumura Hata model will deliver to a destination
Nori: Concealing the Concealed Identifier in 5G
IMSI catchers have been a long standing and serious privacy problem in pre-5G
mobile networks. To tackle this, 3GPP introduced the Subscription Concealed
Identifier (SUCI) and other countermeasures in 5G. In this paper, we analyze
the new SUCI mechanism and discover that it provides very poor anonymity when
used with the variable length Network Specific Identifiers (NSI), which are
part of the 5G standard. When applied to real-world name length data, we see
that SUCI only provides 1-anonymity, meaning that individual subscribers can
easily be identified and tracked. We strongly recommend 3GPP and GSMA to
standardize and recommend the use of a padding mechanism for SUCI before
variable length identifiers get more commonly used. We further show that the
padding schemes, commonly used for network traffic, are not optimal for padding
of identifiers based on real names. We propose a new improved padding scheme
that achieves much less message expansion for a given -anonymity.Comment: 9 pages, 8 figures, 1 tabl