Nokia Wireless

Mobile Technology Overview
Ed Gibbs Technologist ISSA - September 20, 2001
Sacramento, California
1 NOKIA FILENAMs.PPT/ DATE / NN
Ed Gibbs Biography
Prior: Digital Equipment Corporation, Lockheed-Martin, Dow Jones & Company, and a few start-ups that dont exist anymore!
Focus on Firewalls, VPN, internetworking, 802.11, Mobile Data including WAP, and carrier infrastructure
Recently completed chapter for Eoghan Caseys new book Handbook of Computer Crime to be published in October/Nov. Collecting digital evidence within a cellular and 802.11 network
Contact Information: Nokia, 313 Fairchild Drive, Mountain View, CA 94043 Mobile: +1 650-868-9091 E-mail: Ed.Gibbs@Nokia.com
Introduction
Why is understanding Cellular networking important? As voice and data merge over cellular networks, you may be tasked securing both Wireless data handsets are inescapable Carrier infrastructures are very complex to what degree should one become acquainted? Just the basics thats what well cover here today As security experts, theres significant value in obtaining this knowledge to prepare you for the future Carriers have enjoyed closed networks, opening them up to the Internet is a major challenge
NOKIA
FILENAMs.PPT/ DATE / NN
Types of Cellular Networks
NOKIA
Analog Mobile Phone Service

What is AMPS: Commercially available in 1970 by Bell Telephone Laboratories Geographic areas are subdivided into smaller areas which are commonly known as cells Each cell has its own antenna that is set to operate at distinct transmission frequencies pattern, each with 7-cell
different frequencies to avoid interference 824Mhz to 894Mhz with 30Khz of bandwidth separation per assigned channel for Transmit/Receive
Communications occur at a set frequency in each direction AMPS is still widely used today
Digital Advanced Mobile Phone Service

D-AMPS is far more complex than AMPS and supports two modes of operations Voice traffic is digital AMPS used for channel setup and signaling IS-54 Uses Time-Division Multiple Access (TDMA) to divide the radio channels used by AMPS IS-136 (D-AMPS 1900) supports dual-mode, dual-band:
Dual-Mode: Analog or Digital 800Mhz cellular frequency used by AMPS 1900Mhz frequency spectrum Personal Communications Service (PCS) Allows for pages and short message services (SMS) of up to 239 characters
NOKIA
Time Division Multiple Access

TDMA separates users by assigned time slots, which minimizes interference from other simultaneous transmissions Disadvantage: When changing cells (handoff), the assigned time-slot in the new cell may already be occupied however this is a capacity problem Transmission (uplink/downlink or send/receive) is allocated two slots: One used at a defined frequency for uplink Second used at a particular frequency for downlink Extends battery life-time of handset by only transmitting a portion of time instead of a continuous transmission
AT&T, Cingular (Eastern/Central US) uses TDMA Cingular formally PacificBell uses a technology called GSM which is not compatible with TDMA
Code Division Multiple Access

CDMA (IS-95) offers 6-10x the capacity of TDMA and uses codes to separate users as opposed to TDMA, which uses assigned time slots
Uses broadband spread-spectrum developed in the 1940s for military purposes and uses a direct sequence technique, with the spreading sequence based on a pseudorandom binary sequence Also uses the 800Mhz and 1900Mhz frequency bands. When using 800Mhz AMPS mode, more AMPS channels needed to obtain frequency for CDMA (operator must clear 1.23Mhz/30khz or 41 channels) to accommodate When in 1900Mhz mode, CDMA uses PCS
Directly supports IP packet data protocols Sprint, SBC uses CDMA
Global System for Mobile Communications

GSM developed in Europe in 1980s and became an international standard 13 years later There are two standards: European: 900Mhz (International Standard) North American 800Mhz (900Mhz used by Government) and 1900Mhz GSM PCS

North American GSM and European GSM are not compatible due to their frequency Tri-mode phones are available that operate at 800Mhz, 900Mhz, and 1900Mhz
Uses TDMA framework but not compatible Subdivides each radio channel into eight time slots; DAMPS subdivides into six time slots Over 250 GSM Networks are presently operating in 110 countries Data rates: 9.6Kbps to 14.4Kbps Carriers: Pacific Bell (now Cingular), VoiceStream, and now AT&T Wireless
NOKIA FILENAMs.PPT/ DATE / NN
GSM
GSM uses the Subscriber Information Module (SIM card) which comes in two forms credit card sized format and thumb tip size Embedded in the card is a microprocesor, ROM and RAM Also contains data such as: The subscribers phone number which is referred to as the MSISDN (Mobile Subscriber ISDN Number) The IMSI (International Mobile Subscriber Identity). The IMSI is globally unique to a particular subscriber The subscribers PIN which is used to prevent unauthorized use of the mobile device Authentication Keys
10
NOKIA
Carrier Infrastructure
11
NOKIA
Simple Architecture
Core Network
Mobile Dev ice Radio Access Network
Subscriber Inf ormation
Switch
To other Networks Billing Records
Base Station
Radio Link Network Operations and Maintenance
12
NOKIA
Detailed Architecture
Core Netw ork
BT S
BSC
BT S
VLR
BT S Mobile Phone
HLR
MSC
Charging Gatew ay
BT S
To other netw orks (e.g. PSTN)
LIG SMSc
Connected to all elements in the core network
BSC
BT S
BT S
Connected to all BSCs
OMC
Radio Access Netw ork
13
NOKIA
Network Operation Parameters

The adjunct processor handling operational issues may handle records that drill down deep into the network operation details. These records can cover such items as: A subscribers phone call attempt Whether the attempt was successful Whether the call was ended normally or was dropped Date and time of the call Signal strength of the subscribers mobile device as seen by the BTS In what cell site was the call set up In what cell site sector was the call set up Handover information
What channel was used

What frequency/time slot/PN number was used
14
NOKIA
Surveillance & Tracking
15
NOKIA
Methods of Tracking
AOA: By knowing the direction from which a wireless signal is received (via the use of special antennas at the cell site), Angle of Arrival techniques calculate the location of a mobile device. This technology is deployed at the cell sites of the network operator.
TDOA: Time Difference of Arrival technology uses the difference in time that it takes for a wireless signal to arrive at multiple cell sites to calculate the location of the mobile device.
This technology is deployed at the cell sites of the network operator.
E-OTD: Enhanced Observed Time Difference involves a mobile device receiving the signals from at least three base stations, while a special receiver in the network (at a known position) also receives these signals.
The mobile device location is calculated by comparing the time differences of arrival of the signals from the base stations at both the mobile device and the special receiver. This technology is deployed at cell sites and in the mobile device itself.
16
NOKIA
Methods of Tracking
Triangulation is a process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction of the received signal from two or three different points Time delay response can be used in conjunction with triangulation to determine how far away the signal is between multiple points
When a cell phone is turned on its communicating! Call or standby mode

Tracking is often difficult if not impossible in some situations Signal reflection, distortion, weak signal, etc.
17
NOKIA
Triangulation & Timed Response

Base Z
Base X
Cell Phone Base Y
Measured Response Time + Direction
18
NOKIA
Lawful Interception
GSM & UMTS
Gs
MSC/VLR
Gp Gf Gr
SGSN Gn
3G GPRS backbone
GGSN
EIR
HLR
Gi
PDN
19
NOKIA
Functional Roles
User 5 Law Enforcement Authority (LEA) 4
3
Network Operator
4 Target User
2 2 4
Authorisation Authority (AA)
Equipment Manufacturer Host/Terminal
20
NOKIA
Authorizing interceptions
Authorizing Agency (AA) Authorizes session using the web interface at the LIC
21
NOKIA
Enabling interceptions
Law Enforcement Agency (LEA) Starts interception at the LIC
22
NOKIA
E911 Update
August 2000: FCC adopted an Order to implement the Wireless Communications and Public Safety Act of 1999 (911 Act), enacted on October 26,1999.
Implemented in two phases: First Phase Reveals cell phone number and base-station caller is using Second Phase Pinpoints location accurate within 50-100 meters
October 1, 2001 Deadline will not be met All major carriers will file an extension with the FCC Location based service and tracking software not in place
Only %10 of law enforcement is equipped to handle E911

Official Web-site http://www.fcc.gov/e911/
Steps to 3rd Generation within the US

Introduction of 3rd generation radio
2003-2005
New multimedia services Mass market cost of service (WCDMA) 2Mbps
2002
Enhanced speed and capacity (EDGE)
2001-2002
Internet-like IP packet services for mass market (GPRS) 144Kbps
2000
Landline-like circuit services (HSCSD) & Interactive messaging (USSD)
1997
Basic GSM data at 9.6 kbit/s & Smart messaging
Evolution
GPRS Architecture
Firewall
VPN
VPN
Firewall
25
NOKIA
WAP
26
NOKIA
Wireless Application Protocol (WAP)

De-facto world standard for wireless information and telephony services on digital mobile phones and other wireless terminals
"Internet in Every Pocket"

General environment for wireless applications Internet or Intranet-like services and content to mobile terminals Network, bearer and manufacturer independent Started 1997 by Nokia, Ericsson, Motorola and Unwired Planet Now close to 500 member companies The first release for commercial products
Objectives:

WAP Forum

WAP 1.1 (June 99)
WAP 1.2 (December 99)

WAP System Architecture
Client
WML
WMLScript WTAI
WAP Gateway
WML Encoder
Web Server
CGI Scripts etc. WML Decks with WML-Script
WSP/WTP
WMLScript Compiler Protocol Adapters
HTTP
Content
Etc.
28
NOKIA
Common WAP Deployment Scenarios

Customer Technical Architecture Business Model
Total Corporate Solution
Typical WAP Enabled 'Web Destination Site'
Open WAP Portal + Content providers and Merchants Closed WAP Key Portal e.g. Operator / ISPEnterpr. hosted Mobile
29 NOKIA
Dial-in Server
WAP Content & Applications Server/Gateway Server (s)
xSP hosted
Wireless Transport Layer Security

WTLS provides encryption from the mobile handset to the WAP Gateway WTLS to SSL conversion on WAP gateway must decrypt WTLS and re-encrypt to SSL Vulnerability: Clear-text Four classes: Class 0: No Security Class 1: Server Authentication (dh_anon)
Available today Available today
Class 2: Signed Server Certificate
Class 3: Signed Client Servificate
Coming Soon
30
NOKIA
WTLS
31
NOKIA
Wireless Identity Module (WIM)

Wireless PKI Capability WIM has five implementation possibilities Terminal HW (terminal SW) Integrated reader I.e. "dual slot" Additional chip, "Dual chip" WIM inside SIM = SWIM
External reader
32
NOKIA
WAP Modes
The four modes for WAP communications are:

Mode UDP Port WTLS Security Connectionless 9200 No Connection 9201 No Connectionless 9202 Yes Connection 9203 Yes
33
NOKIA
GSM Security
Security in WAP
WAP can secure communication between terminal and WAP gateway.
Wireless Network
Terminal
For communications between gateway and origin server, other means e.g. SSL are required.
FIREWALL
Leased modem pool

FIREWALL
Internet
Company WAP Gateway intranet
Origin Server
Internet Security
34
NOKIA
Future Example
1. Choosing the movie 2. Choosing the payment method 3. Entering the PIN-code 4. Downloading tickets to the chip 5. Confirming the downloading and loyalty points
35
NOKIA
EMPS: Many ways to use it

In the Cinema: Printing the tickets from terminal with bluetooth
36
NOKIA
Corporate Impact
37
NOKIA
Cellular Phones Outnumber PCs

Currently there are 350 million mobile phone subscribers. By 2003 there will be more than 1 billion! Of these, around 600m are likely to be using WAP compatible products to access the web, compared to a PC installed base of around 400m
1200 1000 800 600 400 200 0 1997
38 NOKIA
Cellular Subscribers. Source: EMC 1999 PC installed base. Source: Dataquest 1999
1998
1999
2000
2001
2002
2003
Mobile Phone will be a new online Channel

Mobile phones are becoming media phones WAP (Wireless Application Protocol) brings standard way to connect mobile customers to content services Now near 300 million mobile phone users, by 2003 there will be more than 1 billion!
WAP
GSM 50 Milj. Users
TV
Radio
WWW Internet
15
35
Years
Today there are more than 150 million GSM subscribers world wide
Is youre organization ready?

Mobile data is here today Accessibility Modems

Internal External
Internet Portal
Encryption WTLS SSL VPN Device
Applications
40
NOKIA
Terms
2G Second Generation Phone Service What we have today! 2.5G - GPRS 3G Third Generation Packet Switched Radio
BTS Base Transceiver Station

BSC Base Station Controller GGSN GPRS Gateway Server Node HLR Home Location Registry LIG Lawful Interception Gateway MSC Mobile Switching Center SMSc Small Message Service Center PSTN Public Switched Telephone Network SGSN Serving GPRS Support Node VLR Visitor Location Registry
Questions?
Thank You for listening Danke fr Ihre Aufmerksamkeit Kiitos huomiostanne Muchas gracias por atencin Merci pour votre attention
Ed.Gibbs@Nokia.com

Nokia Wireless

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Nokia Wireless

Enviado por

Direitos autorais:

Formatos disponíveis

Mobile Technology Overview

Ed Gibbs Technologist ISSA - September 20, 2001

Types of Cellular Networks

Analog Mobile Phone Service

Digital Advanced Mobile Phone Service

Time Division Multiple Access

Code Division Multiple Access

Global System for Mobile Communications

Mobile Dev ice Radio Access Network

Subscriber Inf ormation

To other Networks Billing Records

Radio Link Network Operations and Maintenance

To other netw orks (e.g. PSTN)

Connected to all BSCs

Radio Access Netw ork

Network Operation Parameters

What channel was used

Surveillance & Tracking

When a cell phone is turned on its communicating! Call or standby mode

Triangulation & Timed Response

Cell Phone Base Y

Measured Response Time + Direction

Authorisation Authority (AA)

Equipment Manufacturer Host/Terminal

Only %10 of law enforcement is equipped to handle E911

Steps to 3rd Generation within the US

Enhanced speed and capacity (EDGE)

Wireless Application Protocol (WAP)

"Internet in Every Pocket"

WAP 1.1 (June 99)

WAP 1.2 (December 99)

WAP System Architecture

WMLScript Compiler Protocol Adapters

Common WAP Deployment Scenarios

Total Corporate Solution

Typical WAP Enabled 'Web Destination Site'

WAP Content & Applications Server/Gateway Server (s)

Wireless Transport Layer Security

Available today Available today

Class 2: Signed Server Certificate

Class 3: Signed Client Servificate

Wireless Identity Module (WIM)

Leased modem pool

Company WAP Gateway intranet

EMPS: Many ways to use it

Cellular Phones Outnumber PCs

Mobile Phone will be a new online Channel

Is youre organization ready?

Encryption WTLS SSL VPN Device

BTS Base Transceiver Station

Você também pode gostar