Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SS7
OsmocomBB
phones
Outputs:
Attack input: Rainbow 1. Target location
Phone tables 2. Decrypted
number
Silent SMS calls and SMS
HLR lookups
Agenda
Locating a phone
Cracking A5/1
Telcos do not authenticate each other but
leak private user data
The global SS7 network
Locating a phone
Cracking A5/1
GSM calls are transmitted encrypted over
unpredictable frequencies Down-
link
Beacon Phone, Ok,
Uplink
channel are you switch
here? channel
Yes, Encrypted
I am
OK OK
Traffic Unpredictable
channel Voice Voice hopping
Voice Voice
Voice Voice
Voice Voice
GSM spectrum is divided by operators and cells
GSM 900 Operator One cell Channels of
brand allocation allocation one call
960 MHz
Downlink
Cell allocations
and hopping
925 MHz sequences should
be spread over
915 MHz the available
spectrum for
noise resistance
Uplink and increased
sniffing costs
880 MHz
GSM debugging tools have vastly different
sepctrum coverage Frequency
coverage
GSM debugging tools [sniffing bandwidth]
GSM 900 Channels of OsmocomBB USRP-1 USRP-2 Commercial
band one call [200 kHz] [8MHz] [20MHz] FPGA board
[50 MHz]
Downlink
Uplink
Uplink + downlink
Remove uplink filter
sniffer
Agenda
Locating a phone
Cracking A5/1
GSM uses symmetric A5/1 session keys for
call privacy
Operator and Random nonce
phone share a Hash Session key
master key to de- Master key function
rive session keys
Random
Random nonce
nonce and
session key
Communi-
cation A5/1-
encrypted
Operator Home Base station with sess- Cell phone
Location Register ion key
We extract this
session keys
A5/1’s 64-bit keys are vulnerable to time-
memory trade-off attacks
Start 1 2-5 6 7 End
A5/1 keys can be
cracked with
rainbow tables in
seconds on a PC
(details: 26C3’s
talk “GSM SRLY?”)
Second generation
rainbow tables is
available through
Bittorrent
Distinguished points:
Last 12 bits are zero
15
GSM packets are expanded and spread over
four frames
23 byte message
114 bit burst 114 bit burst 114 bit burst 114 bit burst
17
Source:GSM standards
Two phones are enough for targeted Demo
intercept
Plaintext
SI msg.
Kraken Encryption
Encrypted
A5/1 key Kc
SI msg.
cracker
19
GSM network wish list
1. SMS home routing
2. Randomized padding
3. Rekeying before
each call and SMS
4. Frequent TMSI
changes
5. Frequency hopping
GSM should currently be used as an
untrusted network, just like the Internet
Threat Investment Scope Mitigation