Wednesday 4 January 2012

GPRS Security Feature, Threats and Solution




GPRS (General Packet Radio Service) is a mobile data service standard for the GSM cellular network, it was started by ETSI but now it is maintained by 3GPP. By using time division multiple access (TDMA), this standard can provie moderate speed up to 114 kbit/second data transfer. 


A topology map of a cellular system, GPRS resides in the IP packet switched data network.

As seen in the topology map above, GPRS is normally deployed with a voice network in order to provide both voice service and internet services to base stations.


GPRS features
GPRS extends the GSM Packet circuit switched data capabilities and makes the following services possible:
  • SMS messaging and broadcasting
  • "Always on" internet access
  • Multimedia messaging service (MMS)
  • Push to talk over cellular (PoC)
  • Instant messaging and presence—wireless village
  • Internet applications for smart devices through wireless application protocol (WAP)
  • Point-to-point (P2P) service: inter-networking with the Internet (IP)
  • Point-to-Multipoint (P2M) service: point-to-multipoint multicast and point-to-multipoint group calls
http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Services_offered

GPRS Threats
Security Threats in GPRS systems
  • Denial of Service (DOS)
  • A particular victim Mobile host gets terminated
  • Malicious party gets to see all traffic directed to particular Mobile host
  • Session Stealing/Spoofing
  • Eavesdropping and floods the Mobile host with bogus traffic
  • Intercepting packets destined to Mobile host
  • Incompetent Translator
  • Attacker gains physical access via unattended network socket by exercising
  • some ARP requests to DHCP and gets access to IP host and floods the network
  • Simple attack through Intranet to GGSN's Gi interface
  • Attack through GPRS Tunneling Protocol (GTP)

3 comments:

  1. Is there any way that we could do to prevent this threats such as better encryption or authentication standards? What do you mean by incompetent translator?

    ReplyDelete
  2. Just a gentle reminder, the tutorial stated security feature..and not GPRS functions..

    Back to the topic. I realise that you did not mention how these threats can be prevented. I did some research on this and wish to share with you.

    One way is to limit the exposure of the permanent identities (IMSI) of mobile users over the vulnerable radio interface, the additional usage of two complementary temporary identities for each mobile subscriber that is attached to the network has been proposed


    Another way is signalling protection. Which is to address the lack of security measures in the signalling plane of the GPRS backbone, we propose the incorporation of the Network Domain Security (NDS) features into the GPRS security architecture. NDS features, which have been designed for the latter version of UMTS, ensure that signalling exchanges in the backbone network, as well as in the whole wire line network are protected.

    Hope you can understand cos I don't.

    ReplyDelete
  3. Hi boon teck, what i meant by incompetent translator is the protocol translator in the GPRS system breaks the end to end integrity of the data, as the packet header will be changed during translation.

    And zhou ran, thank you for the reminder and sharing, I appreciate it:)

    ReplyDelete