Telecommunication Network Hacking And Security
Hacking does not only mean to deface a website or steal to someone confidential information, you have heard so many times about computer network security or just computer security but what about Telecommunication security or Telecommunication network security. Well there is so many articles on computer security but this time I have decided to write on Telecommunication network security.
Telecommunication has a broad field and it contain different areas like Optical fiber network, mobile and wireless network and satellite network etc. We have considered wireless network specially for GSM network, GSM or global system for mobile communication is a 2G network but when it provides GPRS (data) service it can call 2.5G network.
The 1G network or AMPS has so many vulnerabilities like eavesdropping and handset cloning because it was work on analog domain while the 2G network works on digital environment and uses different sort of encryption algorithm to protect the data.
It is good practice to first describe the initial architecture of GSM network so that you can easily understand the security holes. Now consider the basic diagram.
Just like a computer network, GSM network also use some authentication process to allow SIM (user) to enter into the network, just assume there are 4 operator that provides GSM services and you have purchased a connection from 1 service provider, now it does not mean that your mobile phone cannot detect the signal of other three network, your cell phone can get the signal of 4 operators but it only can connect to the network of that appropriate SIM because the network identify its user by SIM.
Telecommunication has a broad field and it contain different areas like Optical fiber network, mobile and wireless network and satellite network etc. We have considered wireless network specially for GSM network, GSM or global system for mobile communication is a 2G network but when it provides GPRS (data) service it can call 2.5G network.
The 1G network or AMPS has so many vulnerabilities like eavesdropping and handset cloning because it was work on analog domain while the 2G network works on digital environment and uses different sort of encryption algorithm to protect the data.
It is good practice to first describe the initial architecture of GSM network so that you can easily understand the security holes. Now consider the basic diagram.
SIM Subscriber Identity Module HLR Home Location Register
MS Mobile Station VLR Vistor Location Register
BTS Base Transceiver Station EIR Equipment Identity Register
BSC Base Station Controller AC Authentication Center
MSC Mobile services Switching Center PSTN Public Switched Telecomm Network
VLR Visitor Location Register ISDN Integrated Services Digital Network
Just like a computer network, GSM network also use some authentication process to allow SIM (user) to enter into the network, just assume there are 4 operator that provides GSM services and you have purchased a connection from 1 service provider, now it does not mean that your mobile phone cannot detect the signal of other three network, your cell phone can get the signal of 4 operators but it only can connect to the network of that appropriate SIM because the network identify its user by SIM.
Understand The Phenomena Of Authentication In GSM
The SIM (Subscriber Identity Module) is a small and smart card contain both programming and information. SIM contain a temporary cipher key for encryption, temporary subscriber identity(TIMSI) and International Mobile Subscriber Identity (IMSI). It also contain a PIN (Personal Identification Number) and a PUK (PIN unblocking key).
SIM stores a 128-bit authentication key provided by the service provider, IMSI is a unique 15-digit number that has a three part.
- Mobile Country Code (MCC)
- Mobile Network Code(MNC)
- Mobile Subscriber Identity (MSIN)
Now as you have seen the importance of IMSI, if you have a IMSI of another user than you can identify yourself on the network by the identity of the other user (So dangerous).
But what, is authentication a only way to crack into GSM network? answer is no.
The air interface i mean Um interface between the handset and BTS is encrypted by A5 algorithm but the interface between BTS to BSC and BSC to MSC is usually does not encrypted and normally uses Microwave link or in cases it uses optical fiber link or depends on the geographical area. So the point is that if someone start sniffing on that link so the GSM has not defined any standard to protect this sniffing, so now you can understand the main hole in GSM network.
About The Author:
This guest post has been written by Irfan Shakeel, Irfan is a Telecommunication engineer and a IT security Geek, Irfan wrote so many article for different blogs and he is currently running a blog related to Ethical Hacking and Penetration testing.