Wednesday, January 4, 2012
GPRS Security Feature, Threats and Solution
General packet radio services, also known as “GPRS” or “2.5G”, is a packet oriented mobile data service on both the 2G and 3G global system for mobile communications. It was standardized by European Telecommunications Standards Institute (ETSI) and was now maintained by the 3rd Generation Partnership Project (3GPP). The usage is charged based on volume of data.
Similar to the GSM security features, the security features for GPRS network includes:
• GPRS User Identity Confidentiality
• GPRS Authentication
• GPRS Ciphering
When Mobile Station (MS) initiates a connection to GPRS network, it has to be authenticated before allow to have access. The authentication process is initiated and controlled by Serving GPRS Support Node (SGSN), having the same functions as Mobile Station Controller (MSC). Therefore, they are usually co-located.
GPRS network will need this GPRS Confidentiality feature. The ciphering scope is between GSM and GPRS is different. GSM scope is between BTS and MS while GPRS scope is between SGSN and MS. The new ciphering algorithm GPRS-A5 is used because of the nature of GPRS traffic.
One of the threats of GPRS is that the connections are easily tapped as proven by a crypto specialist. As GPRS uses the GPRS-A5 encryption algorithm, which is a variant of the A5 algorithm designed for packet-oriented connections.
Some of the solutions are using VPN firewalls for company with GPRS users and set up POP server for internet based email so email will not be received from GPRS network.
Reference
http://en.wikipedia.org/wiki/General_Packet_Radio_Service
http://www.sans.org/reading_room/whitepapers/wireless/security-path-gprs-3g-mobile-telephone-network-data-services_165
http://www.tml.tkk.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf
http://www.h-online.com/security/news/item/GPRS-connections-easily-tapped-1321018.html
http://www.emo.org.tr/ekler/fedcaffc4aba6e5_ek.pdf
Subscribe to:
Post Comments (Atom)
Hi yian hock, the video was very long but still i enjoy knowing the hacker how it can hack into the phone. You have provide lots of information for the threat that will attack GSM phone, but it will better if you can add in more visual aid of threat in the post that will be much better.
ReplyDeleteThe GPRS diagram can you put in more information and briefly explain how the diagram work. A video in the GPRS post will be much better as it can help to introduce the concept of the GPRS and how the technology works.
Andy Kong Ka Weng
1006412I
Hi there Yian Hock. The information are descriptive and well explained, just a little long somehow. In addition, you added image which allows me to understand better on what you're trying to explain. In overall, great job ! I like it.
ReplyDeleteHi Yian Hock, after reading your blog entry, it has made me further realize the threats that exist in GSM and GPRS. The blog post is overall very informative and I enjoy watching the video as well, about how the hacker has the ability to hack into the phone.
ReplyDeleteAs for the images provided, they are very informative and helpful in making me understand better. However for the GPRS post, there is no video provided which is kinda disappointing as I would love to know how GPRS is different from GSM.
Overall, I find the blog post very interesting
Koh Kaijie Derrick
1004000D
Hi Yian Hock,
ReplyDeleteGreat job for the effort in putting pictures/diagrams and videos for the explanation for both GPRS and GSM. You also highlighted some points in green which helps the reader to focus on the important points. As for the picture wise, maybe you can expand the picture a little bigger so that words can be seen clearly.