Price for SDR based solutions mimicking cellular basestations has gone down rapidly. Meanwhile Hardware can be bought at low price and software protocol stacks can be downloaded from the internet free of charge from Open Source Servers.
This poses a new security risk on cellular phones. They can undesirably camp on fake basestations, who mimics belonging to the regular network by sending faked network identity codes. This would open the door for protocol attacks or internet access with man in the middle.
During the course of the master thesis protocol traces of logging onto a network or cell selection with regular and fake Basestation should be inspected and compared. Suspicious signatures in protocol flow with SDR based infrastructure mimicking should be identified.
Signature should be classified and rated in terms of their probability to distinguish a fake BS from a regular B S. It is expected that especially the comparison of protocol traces during regular cell handover versus handover to a fake BS will reveal signatures that could be explored as indicators for fake BS.
A portable framework shall be implemented to enable the consideration of input from multiple sensors for signature generation (e.g., sensors for layer 1-3 protocol messages). The framework shall adopt an extensible design, where it shall be possible to add new sensors as well as new evaluation/signature generation algorithms.
Based on the framework sensors shall be designed and implemented.
The focus within this master thesis is on sensors for Layer 3 messages. Evaluation algorithms shall be developed to calculate the final result that represents the security status of the network (i.e., the likelihood of being connected to a fake basestation). These evaluation algorithms shall attempt to identify fake basestation signatures within the available sensor data.
Within the scope of this master thesis an implementation which bases its calculations on collected modem protocol traces will be sufficient.
Practical studies should be conducted using a publically available network versus a network based on SDR. Intel will provide a test mobile platform for protocol tracing and protocol analysis tools. Intel and FAU jointly will provide means for SDR based network mimicking.
At the end of the study a conclusion should be made how realistic a fake BS identification based on protocol inspection could be.
Inside this Business Group
Good understanding of telecommunication protocols LTE/3G/2G and 3GPP specifications basic programming knowledge Know how about Open LTE BTS test setup
Intel is one of the largest suppliers of chips for the communications market. The Intel Communications group is focused on designing and building communications technologies such as Ethernet connectivity products, optical components, communications processing solutions and broadband products.