Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction & Final Summary

Published bySukarno Agus Iskandar Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction & Final Summary"— Presentation transcript:

1 Introduction & Final Summary

2 Introduction Name = Aria Lesmana
Plans for next 5 years = After graduating from UI, I want to work in an IT position that specializes in networking or programming, then continue my study to the Master/Magister Degree DoB = 5 Jan 1998 = Hobbies = reading comics, videogaming, swimming, running Skills = C Programming, Java Programming, Cisco Networking, Embedded/Digital System Designing

3 Where I come From My Country of Origin & Hometown = Bogor, West Java, Indonesia Culture of My Hometown = Popular site in my Hometown = Bogor Botanical Garden

4 Knowledge Learned LTE Background Knowledge & History LTEInspector
LTE Attacks and Vulnerabilities from LTEInspector Findings LTE platforms (srsLTE,openLTE,OAI) What is Open Air interface (OAI)

5 LTE Background Knowledges
LTE is a standard mobile communication developed by 3GPP that has the goal of being the next generation of mobile communication, LTE standardization began in 2004, proposed in 2004 Toronto conference by NTT Docomo, first deployed commercially in 2009 In LTE there are 2 plane data: -User Plane Data: Belongs in the application layer of OSI layer. User Plane data is intended for the user. LTE uses OFDMA (Orthogonal Frequency-Division Multiplexing Access) as multiple access technology -Control Plane Data: Control Plane Data is the data which are necessary for successful delivery of user plane data. Fulfilled by advancement in Radio Technology such as: - Multi Carrier In downlink there are 4 transport channels: Paging channel, Broadcast channel ,Downlink shared channel , and Multicast channel. - MIMO (Multiple-Input and Multiple-Output) - Application of Packet Switching on Radio Interface In Uplink there are 2 transport channels: Uplink Shared Channel and Random Access Channel.

6 LTE architecture UE: the cellular device equipped with a SIM card.
Home Subscriber Server (HSS): The HSS stores UEs’ identities (e.g., IMSI and IMEI) and subscription data (e.g., QoS profile) E-UTRAN: network between a UE and the eNodeB, and between pairs of eNodeBs Serving Gateway (SGW): transports the user traffic between the mobile terminals and external networks and interconnects the radio access network with the EPC network. eNodeBs : facilitates the connection between the UE and the EPC. EPC: framework for providing converged voice and data on 4G LTE network. Consists of: PDN (Packet Data Network) Gateway (PGW): connects the EPC network to the external networks. Routes traffic to and from PDN. Mobility Management Entity (MME): manages attach, paging, and detach procedures of the UEs and keeps track of locations of the UEs residing in its designated tracking area. Policy and Charging Rules Function (PCRF): node responsible for real-time policy rules and charging in EPC network.

7 LTEInspector What is LTEInspector :Tool for testing and exposing vulnerabilities on LTE protocols Design Overview Adversary model = Dolev-Yao-style network adversary Adv+c Capabilities: - Eavesdrop the public communication channel - Drop or modify any messages in the public communication channel. - Impersonating a legitimate protocol participant and can inject messages in the public communication channel on the victim’s behalf. - Adheres to all cryptographic assumptions. Adv+c can decrypt an encrypted message only if it possesses the decryption key.

8 LTEInspector components:
- Abstract LTE Model = model of the LTE protocol from the point of view of an UE and a MME - Adversarial model instrumentor = incorporate the presence of an adversary (Madv) - General-purpose Model Checker (MC) = takes as input Madv and a desired abstract property (φ), and checks to see whether all possible executions of Madv satisfy φ - Validating counterexamples with cryptographic protocol verifier (CPV) = check each sub-step of counterexample (π) that requires manipulating some crytographically-protected message type - Testbed experimentation = If a π is feasible, this attack is realized in a testbed.

9 LTE Attacks and Vulnerabilities
Attacks Against Attach Procedure Attacks Against Detach Procedure Attacks Against Paging Procedure Authentication Relay Attack

10 LTE Platforms srsLTE OAI openLTE

11 Open Air Interface (OAI)
Open-source software-based implementation of 3GPP LTE Release 8/9 Spanning the full protocol stack of 3GPP standard Including features from LTE-Advanced (Rel 10/11/12), LTE-Advanced-Pro (Rel 13/14), going on to 5G Rel (15/16/…) - E-UTRAN (eNB, UE) - EPC (MME, S+P-GW, HSS) Realtime RF and scalable emulation platforms Works with many SDR platforms (ExpressMIMO2, USRP, LimeSDR, …)

Download ppt "Introduction & Final Summary"

Similar presentations

TTCN-3 Based Automation Framework for LTE UE Protocol Stack Testing

TTCN-3 Based Automation Framework for LTE UE Protocol Stack Testing
1 LTE / HSPA / EPC knowledge nuggets Red Banana Wireless Ltd – Copyright 2013 Connecting to the IMS www.red-banana.org www.4g-seminar.com Connecting to.

1 LTE / HSPA / EPC knowledge nuggets Red Banana Wireless Ltd – Copyright 2013 Connecting to the IMS Connecting to.
LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,
Network Based Services in Mobile Networks Context, Typical Use Cases, Problem Area, Requirements IETF 87 Berlin, 29 July 2013 BoF Meeting on Network Service.

Network Based Services in Mobile Networks Context, Typical Use Cases, Problem Area, Requirements IETF 87 Berlin, 29 July 2013 BoF Meeting on Network Service.
LTE Call Flow and MS Attached Procedures

LTE Call Flow and MS Attached Procedures
IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.

IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Network-Based Mobility Management in the Evolved 3GPP Core Network.

Network-Based Mobility Management in the Evolved 3GPP Core Network.
Network-Based Mobility Management in the Evolved 3GPP Core Network

Network-Based Mobility Management in the Evolved 3GPP Core Network
Copyright© 2005 NTT DoCoMo, Inc. All rights reserved Localized Mobility Management for 3GPP All IP Network ~ with New Access Technology~ Katsutoshi Nishida.

Copyright© 2005 NTT DoCoMo, Inc. All rights reserved Localized Mobility Management for 3GPP All IP Network ~ with New Access Technology~ Katsutoshi Nishida.
Cellular Networks Guest lecture by Li Erran Li, Bell Labs COS 461: Computer Networks 4/18/2012 W 10-10:50am in Architecture N101 1 Cellular Core Network.

Cellular Networks Guest lecture by Li Erran Li, Bell Labs COS 461: Computer Networks 4/18/2012 W 10-10:50am in Architecture N101 1 Cellular Core Network.
CSci5221: 3G/4G Cellular Network Architecture Overview 1 Cellular Voice/Data Architectures: A Primer Basics of Cellular Networks Survey of 2G/3G Cellular.

CSci5221: 3G/4G Cellular Network Architecture Overview 1 Cellular Voice/Data Architectures: A Primer Basics of Cellular Networks Survey of 2G/3G Cellular.
Summary of 3GPP TR 33.868 3GPP2 TSG-S WG4 S40-20120725-003 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.
SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.

SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.
Understanding 3GPP Bearers LTE / HSPA / EPC ‘knowledge nuggets’ Neil Wiffen - nwiffen@red-banana.org More free downloads at www.red-banana.org Public.

Understanding 3GPP Bearers LTE / HSPA / EPC ‘knowledge nuggets’ Neil Wiffen - More free downloads at Public.
Chapter 7- Mobile and Wi-Fi Networks Taking signals on and off the air Connections to other networks Need to manage spectrum Managing and billing for services.

Chapter 7- Mobile and Wi-Fi Networks Taking signals on and off the air Connections to other networks Need to manage spectrum Managing and billing for services.
Support for CSFB Tony Lee David Wang David Wang June/15/2009 VIA Telecom grants.

Support for CSFB Tony Lee David Wang David Wang June/15/2009 VIA Telecom grants.
Design of Multi-RAT Virtualization Architectures in LTE-Advanced Wireless Network Location: 國立暨南國際大學電機系 Source: ICIC Express Letters, vol. 8, no. 5, May.

Design of Multi-RAT Virtualization Architectures in LTE-Advanced Wireless Network Location: 國立暨南國際大學電機系 Source: ICIC Express Letters, vol. 8, no. 5, May.

Similar presentations

Ads by Google