Publicado:
2024-04-02Número:
Vol. 18 Núm. 1 (2024)Sección:
Visión InvestigadoraComparison of GSM Link Quality Performance: OpenBTS versus Test Equipment
Comparación del rendimiento de la calidad de enlace GSM: OpenBTS versus equipo de prueba
Palabras clave:
Frequency error, GSM, OpenBTS, Phase Error, Intrusion detection (en).Palabras clave:
Detección de intrusos, Error de frecuencia, Error de Fase, GSM, OpenBTS (es).Descargas
Resumen (en)
The implementation of wireless communication systems such as GSM on SDR (Software Defined Radio) platforms is increasingly common not only in order to reduce costs in the deployment of a network, but also to find and exploit vulnerabilities in the security of systems with this technology. The development of BTS (Base Transceiver Station) in GSM based on free software and SDR as OpenBTS has allowed different investigations such as IMSI catcher implementations and man-in-the-middle attacks by impersonating a real cell. This Research show and analyze the physical parameters for a channel in the GSM900 band with OpenBTS on a USRP N210 compared to a vector signal generator. There was defined 5 scenarios to evaluate the quality of the GSM burst with different configurations. The experiment analyzes the frequency error, phase error and power vs. time for the downlink channel. Results shown that it is possible to detect a fake cell implemented with OpenBTS by analyzing the behavior of its parameters in relation to the specialized equipment or the actual cell. The measured parameters are also a reference for the normal operation of OpenBTS over USRP N210. These parameters can be used for the detection of false BTS or identification of errors in the deployment of networks with this technology.
Resumen (es)
La implementación de sistemas de comunicación inalámbrica como GSM en plataformas SDR (Software Defined Radio) es cada vez más común no solo con el fin de reducir costos en el despliegue de una red, sino también para encontrar y explotar vulnerabilidades en la seguridad de sistemas con esta tecnología. El desarrollo de BTS (Base Transceiver Station) en GSM basado en software libre y SDR como OpenBTS ha permitido diferentes investigaciones como implementaciones de catcher IMSI y ataques man-in-the-middle al hacerse pasar por una celda real. Esta investigación realiza un muestro y análisis de los parámetros físicos de un canal en la banda GSM900 con OpenBTS en un USRP N210 en comparación con un generador de señales vectoriales. Fueron propuestos 5 escenarios para evaluar la calidad de la ráfaga GSM con diferentes configuraciones. El experimento analiza el error de frecuencia, el error de fase y la potencia frente al tiempo para el canal de enlace descendente. Los resultados mostraron que es posible detectar una celda falsa implementada con OpenBTS analizando el comportamiento de sus parámetros en relación con el equipo especializado o la celda real. Los parámetros medidos también son una referencia para el funcionamiento normal de OpenBTS sobre USRP N210. Estos parámetros se pueden utilizar para la detección de falsas BTS o identificación de errores en el despliegue de redes con esta tecnología.
Referencias
5gamericas, “5gamericas: Statistics - Latin America.” [Online]. Available: http://www.5gamericas.org/en/resources/statistics/statistics-latin-america/.
A. Navarro Cadavid, A. Arteaga, L. Vargas, J. Renteria, and M. Arciniegas, “Spectrum Monitoring System and Benchmarking of Mobile Networks Using Open Software Radios SIMONES,” IEEE Lat. Am. Trans., vol. 13, no. 11, pp. 3592–3597, 2015.
M. Iedema and H. Samra, Getting Started with OpenBTS. 2015.
A. Dubey, D. Vohra, K. Vachhani, and A. Rao, “Demonstration of vulnerabilities in GSM security with USRP B200 and open-source penetration tools,” in Proceedings - Asia-Pacific Conference on Communications, APCC 2016, 2016, pp. 496–501.
B. Harmat et al., “The Security Implications of IMSI Catchers,” in International Conference on Security and Management (SAM’15), 2015, pp. 57–62.
Mesud Hadžialić; Mirko Škrbić; Kemal Huseinović; Irvin Kočan; Jasmin Mušović, “An Approach to Analyze Security of GSM Network,” 22nd Telecommun. forum TELFOR 2014, 2014.
S. Ghafoor, K. N. Brown, and C. J. Sreenan, “Experimental evaluation of a software defined radio-based prototype for a disaster response cellular network,” in Proceedings of the 2015 2nd International Conference on Information and Communication Technologies for Disaster Management, ICT-DM 2015, 2016, pp. 57–63.
K. Guevara, M. Rodriguez, N. Gallo, G. Velasco, K. Vasudeva, and I. Guvenc, “UAV-based GSM network for public safety communications,” in Conference Proceedings - IEEE SOUTHEASTCON, 2015, vol. 2015-June, no. June.
T. Di. Putri and T. Juhana, “Mobile-openbts implementation of natural disaster victims search,” in Proceedings - ICWT 2017: 3rd International Conference on Wireless and Telematics 2017, 2018, vol. 2017-July, pp. 149–154.
J. Mpala and G. Van Stam, “Open BTS, a GSM experiment in rural Zambia,” Africomm, Yaounde, Cameroon, pp. 1–9, 2012.
M. Zheleva, A. Paul, D. L. Johnson, and E. Belding, “Kwiizya: Local Cellular Network Services in Remote Areas,” in MobiSys, 2013, July, p. 417.
L. Angrisani, P. Daponte, and M. D'Apuzzo, “A measurement method based on time-frequency representations for testing GSM equipment,” IEEE Trans. Instrum. Meas., vol. 49, no. 5, pp. 1050–1056, 2000.
A. Aiello and D. Grimaldi, “Frequency error measurement in GMSK signals in a multipath propagation environment,” IEEE Trans. Instrum. Meas., vol. 52, no. 3, pp. 938–945, 2003.
E. P. G. Pinto, J. D. A. Monroy, and J. C. M. Quintero, “Analyzing OpenBTS Performance as a viable network solution for IoT devices,” Ingeniare, vol. 31, pp. 1–11, 2023.
F.H. Partiansyah, S. Kusmaryanto, R. Ambarwati, and S.H. Pramono, “Experimental Study of USRP N210 as Simple GSM OpenBTS 5.0 for Remote Areas,” 2022 11th Electrical Power, Electronics, Communications, Controls and Informatics Seminar (EECCIS), Malang, Indonesia, pp. 185-190, 2022.
K. Paul, “Introduction to GSM and GSM mobile RF transceiver derivation.
Union Internacional de Telecomunicaciones., “Definiciones de sistema radioeléctrico determinado por programas informáticos (RDI) y sistema radioeléctrico cognoscitivo (SRC),” vol. 2152, 2009.
T. ETSI Specification, “Digital cellular telecomm mmunications system (Phase e 2+) (GSM); GSM/EDGE Multiplexing and multiple access on the radio path (3GPP TS 45.0.002 version 13.3.1 Release 13)”.
J. M. HUIDOBRO, Comunicaciones móviles: sistemas GSM, UMTS Y LTE, 2012th ed.
ETSI, Digital cellular telecommunications system (Phase 2+); Release independent frequency bands; Implementation guidelines (3GPP TS 05.14 version 7.2.0 Release 1998), vol. 0. 2001, pp. 0–31.
ETSI, Digital cellular telecommunications system (Phase 2+); Radio transmission and reception (3GPP TS 45.005 version 12.4.0 Release 12), vol. 0. 2008, pp. 0–40.
T. Specification, “ETSI TS 145 002,” vol. 0, pp. 0–112, 2014.
T. ETSI Specification, Technical Specification Group GSM/EDGE Radio Access Network; Digital cellular telecommunications system (Phase 2+); Modulation TS 05.04, vol. 0. 2003, pp. 1–28.
3GPP, 3rd Generation Partnership Project; Technical Specification Group GSM/EDGE Radio Access Network; Digital cellular telecommunications system (Phase 2+); Radio subsystem synchronization. 1999.
ETSI, Digital cellular telecommunications system (Phase 2 and Phase 2+); Base Station System (BSS) equipment specification; Radio aspects (3GPP TS 11.21 version 8.6.0 Release 1999), vol. 0. 2008, pp. 0–40.
ETSI, EN 300 910 Digital cellular telecommunications system (Phase 2+); Radio transmission and reception (GSM 05.05 version 8.5.1 Release 1999), vol. 1. 1999, pp. 1–10.
Keysight Technologies, “Understanding GSM/EDGE Transmitter and Receiver Measurements for Base Transceiver Stations and their Components.”
E. No. O. . U. S. A. Gbadamosi A. M. Aibinu, “Towards Independent Measurement of End to End Bit Error Rate in GSM Network,” pp. 1–4, 2014.
R. Communications, “Laboratory works in Radio Communications GSM Transceiver Measurements.” Prentice-Hall Inc, 1995.
T. ETSI Specification, 3GPP TS 05.05 3rd Generation Partnership Project; Technical Specification Group GSM/EDGE Radio Access Network; Radio transmission and reception, vol. 0. 2005.
E. Research, “USRP Hardware Driver and USRP Manual Version: 003.010.001.001-41-g6abf277.” [Online]. Available: http://openbts.org/hardware/.
R. Networks, C. C. Attribution-sharealike, and U. License, “OpenBTS Application Suite,” 2014
Agilent Technologies, “Making the Phase and Frequency Error Measurement.” [Online]. Available: http://literature.cdn.keysight.com/litweb/pdf/ads2001/vsaedgemeas/gsmmeas6.html.
Cómo citar
APA
ACM
ACS
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver
Descargar cita
Visitas
Descargas
Licencia
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial 4.0.
atribución- no comercial 4.0 International