Introduction & Final Summary

Slides:



Advertisements
Similar presentations
TTCN-3 Based Automation Framework for LTE UE Protocol Stack Testing
Advertisements

1 LTE / HSPA / EPC knowledge nuggets Red Banana Wireless Ltd – Copyright 2013 Connecting to the IMS Connecting to.
LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,
Network Based Services in Mobile Networks Context, Typical Use Cases, Problem Area, Requirements IETF 87 Berlin, 29 July 2013 BoF Meeting on Network Service.
LTE Call Flow and MS Attached Procedures
IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Network-Based Mobility Management in the Evolved 3GPP Core Network.
Network-Based Mobility Management in the Evolved 3GPP Core Network
Copyright© 2005 NTT DoCoMo, Inc. All rights reserved Localized Mobility Management for 3GPP All IP Network ~ with New Access Technology~ Katsutoshi Nishida.
Cellular Networks Guest lecture by Li Erran Li, Bell Labs COS 461: Computer Networks 4/18/2012 W 10-10:50am in Architecture N101 1 Cellular Core Network.
CSci5221: 3G/4G Cellular Network Architecture Overview 1 Cellular Voice/Data Architectures: A Primer Basics of Cellular Networks Survey of 2G/3G Cellular.
Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.
SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.
Understanding 3GPP Bearers LTE / HSPA / EPC ‘knowledge nuggets’ Neil Wiffen - More free downloads at Public.
Chapter 7- Mobile and Wi-Fi Networks Taking signals on and off the air Connections to other networks Need to manage spectrum Managing and billing for services.
Support for CSFB Tony Lee David Wang David Wang June/15/2009 VIA Telecom grants.
Design of Multi-RAT Virtualization Architectures in LTE-Advanced Wireless Network Location: 國立暨南國際大學電機系 Source: ICIC Express Letters, vol. 8, no. 5, May.
The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE Interface to the network and Devices Chapter.
LTE Architecture KANNAN M JTO(3G).
1 SAE architecture harmonization R RAN2/3, SA2 Drafting Group.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Slide title 48 pt Slide subtitle 30 pt LTE Architecture Overview Prepared by Amr Elshabrawy.
eHRPD (evolved High Rate Packet Data)
Heikki Lindholm , Lirim Osmani , Sasu Tarkoma , Hannu Flinck*, Ashwin Rao  State Space Analysis to Refactor the Mobile Core  University of Helsinki.
Long Term Evolution (LTE) and System Architecture Evolution (SAE)
EHRPD-LTE Inter Technology Spectrum Optimization Source: Qualcomm Incorporated Contact: Jun Wang/George Cherian September 9, 2013 Notice ©2013. All rights.
Features of Long Term Evolution (LTE)
Uplink scheduling in LTE Presented by Eng. Hany El-Ghaish Under supervision of Prof. Amany Sarhan Dr. Nada Elshnawy Presented by Eng. Hany El-Ghaish Under.
Integrating base stations with a software- defined core network Bruno Hernández Zamora.
By Suman(1RV12LDC29).  Long Term Evolution (LTE) promises higher data rates, 100Mbps in the downlink and 50Mbps in the uplink in LTE’s first phase, and.
第四代行動通訊系統 (4G)-- Long Term Evolution Advanced (LTE Advanced)
Chapter 3 LTE Network.
GLOBAL SYSTEM FOR MOBILE COMMUNICATION
3GPP TSG RAN WG2 meeting #92 Nanjing, China 23-27, May 2016 R
1 Wireless Networks Lecture 17 GPRS: General Packet Radio Service (Part I) Dr. Ghalib A. Shah.
EHRPD and LTE-eHRPD/1x Interworking CDG Americas Regional Conference San Diego 11 November 2009 © 3GPP2.
WIMAX AND LTE.
Communication Security Lecture 8: LTE
3GPP R13 Small Data Delivery
Overview of the GSM for Cellular System
助理教授:吳俊興 助教:楊文健 國立高雄大學 資訊工程學系
LTE Long Term Evolution
Long Term Evolution (LTE) and System Architecture Evolution (SAE)
“An Eye View On the Future Generation Of Phones”
3G architecture and protocols
/ Tutorial: Proposed s Narrowband Project 802
教育部補助「行動寬頻尖端技術跨校教學聯盟第二期計畫 -- 行動寬頻網路與應用 -- 小細胞基站聯盟中心」 EPC核心網路系統設計 課程單元 05:Data Services in EPS 計畫主持人:許蒼嶺 (國立中山大學 電機工程學系) 授課教師:萬欽德 (國立高雄第一科技大學 電腦與通訊工程系)
LTE Long Term Evolution
Long Term Evolution (LTE)
An Overview on LTE.
Muhammad Taqi Raza, Fatima Muhammad Anwar and Songwu Lu
Name:Shivalila A H,Shima
Pass Free Cisco Exam in First Attempt | Dumps4download.co.in
WLAN as a Component (WaaC)
Cellular Network.
Global system for Mobile Communications
Dynamic Resource Scheduling Algorithm for Public Safety Network
GPRS Architecture Ayan Ganguly Bishakha Roy Akash Dutta.
Yeremia Nikanor Nugroho ( Niko )
Software interoperability in the NGN Service layer
Security in SDR & cognitive radio
Dept. of Business Administration
教育部補助「行動寬頻尖端技術跨校教學聯盟第二期計畫 -- 行動寬頻網路與應用 -- 小細胞基站聯盟中心」 模組名稱: 「LTE-Small Cell 核心網路架構及服務」 單元-A4:核心網路 (EPC) 與 Internet Cloud 的介接與存取 計畫主持人:許蒼嶺 (國立中山大學 電機工程學系)
LM 7. Cellular Network Security
Native Deployment of ICN in 4G/LTE Mobile Networks Montreal, QC, Canada. Tuesday, July 17, 2018 Prakash Suthar, Milan Stolic, Anil Jangam.
Presentation transcript:

Introduction & Final Summary

Introduction Name = Aria Lesmana Plans for next 5 years = After graduating from UI, I want to work in an IT position that specializes in networking or programming, then continue my study to the Master/Magister Degree DoB = 5 Jan 1998 Email = arixlsmn@gmail.com Hobbies = reading comics, videogaming, swimming, running Skills = C Programming, Java Programming, Cisco Networking, Embedded/Digital System Designing

Where I come From My Country of Origin & Hometown = Bogor, West Java, Indonesia Culture of My Hometown = Popular site in my Hometown = Bogor Botanical Garden

Knowledge Learned LTE Background Knowledge & History LTEInspector LTE Attacks and Vulnerabilities from LTEInspector Findings LTE platforms (srsLTE,openLTE,OAI) What is Open Air interface (OAI)

LTE Background Knowledges LTE is a standard mobile communication developed by 3GPP that has the goal of being the next generation of mobile communication, LTE standardization began in 2004, proposed in 2004 Toronto conference by NTT Docomo, first deployed commercially in 2009 In LTE there are 2 plane data: -User Plane Data: Belongs in the application layer of OSI layer. User Plane data is intended for the user. LTE uses OFDMA (Orthogonal Frequency-Division Multiplexing Access) as multiple access technology -Control Plane Data: Control Plane Data is the data which are necessary for successful delivery of user plane data. Fulfilled by advancement in Radio Technology such as: - Multi Carrier In downlink there are 4 transport channels: Paging channel, Broadcast channel ,Downlink shared channel , and Multicast channel. - MIMO (Multiple-Input and Multiple-Output) - Application of Packet Switching on Radio Interface In Uplink there are 2 transport channels: Uplink Shared Channel and Random Access Channel.

LTE architecture UE: the cellular device equipped with a SIM card. Home Subscriber Server (HSS): The HSS stores UEs’ identities (e.g., IMSI and IMEI) and subscription data (e.g., QoS profile) E-UTRAN: network between a UE and the eNodeB, and between pairs of eNodeBs Serving Gateway (SGW): transports the user traffic between the mobile terminals and external networks and interconnects the radio access network with the EPC network. eNodeBs : facilitates the connection between the UE and the EPC. EPC: framework for providing converged voice and data on 4G LTE network. Consists of: PDN (Packet Data Network) Gateway (PGW): connects the EPC network to the external networks. Routes traffic to and from PDN. Mobility Management Entity (MME): manages attach, paging, and detach procedures of the UEs and keeps track of locations of the UEs residing in its designated tracking area. Policy and Charging Rules Function (PCRF): node responsible for real-time policy rules and charging in EPC network.

LTEInspector What is LTEInspector :Tool for testing and exposing vulnerabilities on LTE protocols Design Overview Adversary model = Dolev-Yao-style network adversary Adv+c Capabilities: - Eavesdrop the public communication channel - Drop or modify any messages in the public communication channel. - Impersonating a legitimate protocol participant and can inject messages in the public communication channel on the victim’s behalf. - Adheres to all cryptographic assumptions. Adv+c can decrypt an encrypted message only if it possesses the decryption key.

LTEInspector components: - Abstract LTE Model = model of the LTE protocol from the point of view of an UE and a MME - Adversarial model instrumentor = incorporate the presence of an adversary (Madv) - General-purpose Model Checker (MC) = takes as input Madv and a desired abstract property (φ), and checks to see whether all possible executions of Madv satisfy φ - Validating counterexamples with cryptographic protocol verifier (CPV) = check each sub-step of counterexample (π) that requires manipulating some crytographically-protected message type - Testbed experimentation = If a π is feasible, this attack is realized in a testbed.

LTE Attacks and Vulnerabilities Attacks Against Attach Procedure Attacks Against Detach Procedure Attacks Against Paging Procedure Authentication Relay Attack

LTE Platforms srsLTE OAI openLTE

Open Air Interface (OAI) Open-source software-based implementation of 3GPP LTE Release 8/9 Spanning the full protocol stack of 3GPP standard Including features from LTE-Advanced (Rel 10/11/12), LTE-Advanced-Pro (Rel 13/14), going on to 5G Rel (15/16/…) - E-UTRAN (eNB, UE) - EPC (MME, S+P-GW, HSS) Realtime RF and scalable emulation platforms Works with many SDR platforms (ExpressMIMO2, USRP, LimeSDR, …)