Easy 4G/LTE IMSI Catchers for Non-Programmers

IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software

Experimental Analysis of Subscribers' Privacy Exposure by LTE Paging

Over the last years, considerable attention has been given to the privacy of individuals in wireless environments. Although significantly improved over the previous generations of mobile networks, LTE still exposes vulnerabilities that attackers can exploit. This might be the case of paging messages, wake-up notifications that target specific subscribers, and that are broadcasted in clear over the radio interface. If they are not properly implemented, paging messages can expose the identity of subscribers and furthermore provide information about their location. It is therefore important that mobile network operators comply with the recommendations and implement the appropriate mechanisms to mitigate attacks. In this paper, we verify by experiment that paging messages can be captured and decoded by using minimal technical skills and publicly available tools. Moreover, we present a general experimental method to test privacy exposure by LTE paging messages, and we conduct a case study on three different LTE mobile operators

Analysis of Propagation Models for Base Station Antenna: A Case Study of Ado - Ekiti, Nigeria

Path loss analysis using key parameters and mathematical models is essential for accurate characterization of a radio channel for a coverage area. It plays a fundamental role in predicting the radio coverage, path - loss, death zone and designing of an optim ized fixed and mobile network systems. This paper analysed and compared two models, Okumura and Okumura Hata on the basis of variation in antenna height and operational frequency of a base transmitting station (BTS) in Ado - Ekiti, Nigeria. The result obtain ed shows that Okumura Hata model has a better signal strength delivery to destination with a less reduced path loss variation compared to Okumura model. Even though there is significant gain of about 12dB when Okumura model parameters was varied it is not better than the signal strength Okumura Hata model will deliver to a destination

Nori: Concealing the Concealed Identifier in 5G

IMSI catchers have been a long standing and serious privacy problem in pre-5G mobile networks. To tackle this, 3GPP introduced the Subscription Concealed Identifier (SUCI) and other countermeasures in 5G. In this paper, we analyze the new SUCI mechanism and discover that it provides very poor anonymity when used with the variable length Network Specific Identifiers (NSI), which are part of the 5G standard. When applied to real-world name length data, we see that SUCI only provides 1-anonymity, meaning that individual subscribers can easily be identified and tracked. We strongly recommend 3GPP and GSMA to standardize and recommend the use of a padding mechanism for SUCI before variable length identifiers get more commonly used. We further show that the padding schemes, commonly used for network traffic, are not optimal for padding of identifiers based on real names. We propose a new improved padding scheme that achieves much less message expansion for a given $k$-anonymity.Comment: 9 pages, 8 figures, 1 tabl