• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Location Disclosure in LTE Networks by using IMSI Catcher

Sørseth, Christian
Master thesis
Thumbnail
View/Open
17146_FULLTEXT.pdf (9.060Mb)
17146_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2462189
Date
2017
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [2809]
Abstract
Long-Term Evolution (LTE) is currently being deployed in vast areas of

the world and is the latest implemented standard in mobile communication.

The standard is considered to have significant improvements compared to

its predecessors; however, several weaknesses exists. One of the deficiencies

in LTE is that a big portion of the signaling messages is transmitted

without protection. International Mobile Subscriber Identity (IMSI)

Catchers and Paging Catchers exploit this weakness to perform several

attacks against privacy in LTE, which disrupts the communication service

and weakens the credibility of mobile operators.

An IMSI Catcher is essentially a device masquerading itself as com-

mercial Base Station (BS) used to track devices and break subscriber

privacy. In this thesis, IMSI Catchers in LTE networks are studied. An

LTE IMSI Catcher has been implemented using a Universal Software

Radio Peripheral (USRP) and the open source platform OpenAirInterface.

By the help of IMSI Catchers, an attack against subscriber privacy was

conducted. The attack efficiently acquires subscription identities (IMSIs)

within a limited area and then redirects subscribers back to the commer-

cial network. The attack has been carefully tested and successfully proven

feasible. It was found that the IMSI acquisition process is very efficient,

and several IMSIs were collected within a few seconds of operation.

Additionally, Paging Catchers are studied in this thesis. A Paging

Catcher is a tracking device used to perform attacks against subscriber

privacy passively; however, unlike the IMSI Catcher, the Paging Catcher

masquerades itself as a commercial User Equipment (UE). A Paging

Catcher has been implemented using a USRP and the open source plat-

form srsLTE. This thesis verifies that a Paging Catcher attack locates

LTE devices within a limited area and breaks subscriber privacy. The

attack illustrates that the Paging Catcher conveniently receives paging

messages broadcasted by nearby BSs. The paging messages contain Tem-

porary Mobile Subscriber Identities (TMSIs) which is mapped to social

identities. The attack has successfully been proven feasible; however, the

Paging Catcher is dependant of the smart paging feature to locate the

subscriber precisely.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit