GSM Interceptor Fast and reliable interception of GSM traffic

Similar documents
INTELLIGENCE MOBILE LOCATOR. World Leader in Supplying INTELLIGENCE Equipment and Training TA08002

Chapter 7 GSM: Pan-European Digital Cellular System. Prof. Jang-Ping Sheu

GSM and Similar Architectures Lesson 08 GSM Traffic and Control Data Channels

Chapter 2: Global System for Mobile Communication

CS6956: Wireless and Mobile Networks Lecture Notes: 3/23/2015

GSM NCN-EG-01 Course Outline for GSM

GSM INTERCEPTION. Cellular Network Monitoring System

Lecturer: Srwa Mohammad

Global System for Mobile Communications

G 364: Mobile and Wireless Networking. CLASS 22, Wed. Mar Stefano Basagni Spring 2004 M-W, 11:40am-1:20pm, 109 Rob

Chapter 8: GSM & CDAMA Systems

Modeling and Dimensioning of Mobile Networks: from GSM to LTE. Maciej Stasiak, Mariusz Głąbowski Arkadiusz Wiśniewski, Piotr Zwierzykowski

Mohammad Hossein Manshaei 1393

GLOBAL SYSTEM FOR MOBILE COMMUNICATION. ARFCNS, CHANNELS ETI 2511 Thursday, March 30, 2017

G 364: Mobile and Wireless Networking. CLASS 21, Mon. Mar Stefano Basagni Spring 2004 M-W, 11:40am-1:20pm, 109 Rob

Section A : example questions

GSM GSM TECHNICAL April 1998 SPECIFICATION Version 5.4.0

EUROPEAN ETS TELECOMMUNICATION September 1994 STANDARD

GSM SYSTEM OVERVIEW. Important Principles and Technologies of GSM

GSM Fundamentals. Copyright 2000, Agilent Technologies All Rights Reserved

Communication Systems GSM

Wireless CommuniCation. unit 5

CS 218 Fall 2003 October 23, 2003

GSM GSM TECHNICAL August 1997 SPECIFICATION Version 5.2.0

Other signalling CRs, GSM Phase 2/2+

Page 1. Problems with 1G Systems. Wireless Wide Area Networks (WWANs) EEC173B/ECS152C, Spring Cellular Wireless Network

An overview of the GSM system

GSM and Similar Architectures Lesson 04 GSM Base station system and Base Station Controller

Access Methods in GSM

GSM GSM TELECOMMUNICATION May 1996 STANDARD Version 5.0.0

King Fahd University of Petroleum & Minerals Computer Engineering Dept

RADIO LINK ASPECT OF GSM

An Introduction to Wireless Technologies Part 2. F. Ricci

MOBILE COMPUTING 4/8/18. Basic Call. Public Switched Telephone Network - PSTN. CSE 40814/60814 Spring Transit. switch. Transit. Transit.

Access Methods and Spectral Efficiency

3GPP TS V8.0.1 ( )

Global System for Mobile

APPLICATION PROGRAMMING: MOBILE COMPUTING [ INEA00112W ] Marek Piasecki PhD Wireless Telecommunication

TS V6.1.1 ( )

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 9: Multiple Access, GSM, and IS-95

ETSI TS V ( )

Mobile Comms. Systems. Radio Interface

Chapter 9 GSM. Distributed Computing Group. Mobile Computing Summer 2003

3GPP TS V5.6.0 ( )

ETSI TS V7.0.1 ( )

Global System for Mobile (GSM) Global System for Mobile (GSM) GSM: History. Second Generation Cellular Systems

Chapter 5. North American Cellular System Based on Time Division Multiple Access

Personal Communication System

Global System for Mobile Communications

Developing Mobile Applications

3GPP TS V ( )

ETSI TS V8.0.2 ( )

WIRELESS TERMINAL EQUIPMENT. ETI TELECOMMUNICATIONS Monday, 10 October 2016

An Introduction to Wireless Technologies Part 2. F. Ricci 2008/2009

3.6. Cell-Site Equipment. Traffic and Cell Splitting Microcells, Picocelles and Repeaters

Wireless WANS and MANS. Chapter 3

Cellular systems 02/10/06

Wireless Telephony in Germany. Standardization of Networks. GSM Basis of Current Mobile Systems

Overview of GSM Architecture

Sniffing GSM signals for everyone

Global System for Mobile (GSM) Global System for Mobile (GSM)

Chapter # Introduction to Mobile Telephone Systems. 1.1 Technologies. Introduction to Mobile Technology

Outline / Wireless Networks and Applications Lecture 18: Cellular: 1G, 2G, and 3G. Advanced Mobile Phone Service (AMPS)

M Y R E V E A L - C E L L U L A R

3GPP TS V8.0.0 ( )

UNIT- 3. Introduction. The cellular advantage. Cellular hierarchy

Roger Kane Managing Director, Vicom Australia

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC Certified)

Chapter- 5. Performance Evaluation of Conventional Handoff

2.4 OPERATION OF CELLULAR SYSTEMS

Cellular Wireless Networks and GSM Architecture. S.M. Riazul Islam, PhD

Mobile Radio Communications

MOBILE TRAIN RADIO COMMUNICATION

Introduction to GSM. Introduction to GSM, page Development of GSM. History of GSM. Market situation. GSM s future development

GSM GSM TECHNICAL May 1996 SPECIFICATION Version 5.1.0

1. Classify the mobile radio transmission systems. Simplex & Duplex. 2. State example for a half duplex system. Push to talk and release to listen.

OMF Case Study Call Drop

Mobile Network Evolution Part 1. GSM and UMTS

Lecture #6 Basic Concepts of Cellular Transmission (p3)

ETSI TS V ( )

EUROPEAN pr ETS TELECOMMUNICATION November 1996 STANDARD

What is a Lane? serial link lane parallel link

Wireless systems. includes issues of

CHAPTER 2. Instructor: Mr. Abhijit Parmar Course: Mobile Computing and Wireless Communication ( )

ETSI EN V8.0.1 ( )

Transcoding free voice transmission in GSM and UMTS networks

ETSI EN V7.3.2 ( )

Fiber Distributed Data Interface

ETSI TS V8.9.0 ( )

DVB-RCS Mesh Networks for Data, VoIP and GSM

Multiple Receiver Strategies for Minimizing Packet Loss in Dense Sensor Networks

GM350 User Guide. GM350 User Guide. Safety Information. English

EUROPEAN ETS TELECOMMUNICATION April 2000 STANDARD

GSM GSM TECHNICAL August 1996 SPECIFICATION Version 5.2.0

TELE4652 Mobile and Satellite Communications

Cellular Network. Ir. Muhamad Asvial, MSc., PhD

F/TDMA Cellular Access and GSM

DJ-MD5 PC Software Guidance

RECOMMENDATION ITU-R M DIGITAL CELLULAR LAND MOBILE TELECOMMUNICATION SYSTEMS. (Question ITU-R 107/8)

Chapter 10. User Cooperative Communications

Transcription:

GSM Interceptor Fast and reliable interception of GSM traffic Maximum accuracy, sensitivity and flexibility Total indefectibility Support for all frequency bands User-friendly operation Wide range of antennas for stationary and mobile use 1

Content System Features 3 1. System overview and screen shoots 4 1.1. Main Screen 4 1.2. Receivers window 5 1.3. Target List 7 1.4. Base Stations List 8 1.5. Tape Recorder window 8 1.6. Protocol window 9 2. Operational Modes 10 2.1. Main Operational Modes 10 2.1.1. Random mode 10 2.1.2. Classmark mode 10 2.1.3. IMSI/TMSI mode 11 2.2. Additional Operational Modes 11 2.2.1. Distance mode 11 2.2.2. Reverse Mode 11 2.2.3. Phone Number mode 11 2.2.4. IMEI mode 12 3. Effective radius 12 4. Decryption 13 5. How to choose the right configuration? 13 5.1 Ability not to miss calls 13 5.2 Ability not to miss a more important call than the one currently intercepted 14 5.3 Number of simultaneously intercepted calls 14 Illustrations 1. Fig.1 Main Screen 4 2. Fig.2 Receivers window 5 3. Fig.3 Receivers setup screen 6 4. Fig.4 Target List 7 5. Fig.5 Target List Edit window 7 6. Fig.6 Base Stations List 8 7. Fig.7 Tape Recorder Window 8 8. Fig.8 Protocol Window 9 9. Fig.9 Toolbar 10 10. Fig.10 13 2

System Features: Targeting by Number of Interest Screening GSM communication randomly Number of simultaneously monitored duplex channels Voice and data recording on hard disk Identities for mobile phone authentication Codec types Monitoring channels Outgoing call number determination Incoming call number determination SMS messages interception DTMF tones interception Yes Yes From 1 to 8 Yes IMSI, TMSI, IMEI, Mobile System Classmark, Dialed and Dialing phone numbers, Ki LPT-RPE, EFR BCCH, CCCH, SACCH, SDCCH, FACCH, TCH Yes Yes (if caller ID is available) Yes Yes Encryption types A5.1, A5.2 3

1. System overview and screen shoots GSM INTERCEPTOR is a monitoring system that intercepts traffic in cellular GSM networks. The Interceptor works with all varieties of GSM networks, with all frequency bands and with any type of encryption. No cooperation from the network operator is needed. The system includes both a hardware device and accompanying software. It is housed in an attaché case. 1.1 Main screen Receivers window Protocol windows Tape Recorder window Target List / Base Stations List Fig.1 Main Screen The main operation screen (Fig.1) is divided into 4 main parts: - receivers window - tape recorder window - target list / base stations list - protocol window 4

1.2 Receivers window 1 2 3 4 5 Fig.2 Receivers window 1. Receiver number. 2. Channel/Timeslot number 3. Receiver status. Traffic channel Control channel 4. Signal level indicator of forward and reverse channels - Forward channel - Reverse channel 5. Identity of intercepted call or name of the network operator 5

A double click on the receiver number will open the Receivers setup screen. Fig.3 Receivers setup screen 6

1.3 Target List Fig.4 Target List Fig.5 Target List Edit window 7

1.4 Base Stations List Fig.6 Base Stations List 1.5 Tape Recorder window 1 2 3 4 5 6 7 Fig.7 Tape Recorder Window 1. Receiver number 2. Voice Record Level Indicator 3. TMSI or IMSI number 4. Duration 5. Reset Call button 6. Pause button 7. Speaker ON/OFF button 8

1.6 Protocol Window 1 2 Fig.8 Protocol Window 1. Receiver number 2. GSM network events 9

2. Operational modes 1 2 3 4 5 6 7 Fig.9 Toolbar The system has 3 main operational modes: 1. Random Mode 2. Classmark mode 3. IMSI/TMSI mode Only one of these main modes can be chosen and used at any given time. In addition, the system has 4 more operational modes: 4. Distance mode 5. Phone number mode 6. Reverse channel mode 7. IMEI mode The additional operational modes are used together with main modes. The additional modes can be used together in any combination. 2.1 Main Operational Modes 2.1.1 Random Mode This mode is usually used to intercept all calls to or from a given area if the particular phone number is unknown. 2.1.2 Classmark Mode All mobile phones are distinguished by their classmarks. The classmark is one of the characteristics of mobile phones which is never changed. As soon as some phone conversation is intercepted, the classmark of the active phone is displayed in the protocol window and can be put on the target list. Subsequently, this parameter can be used for monitoring calls made from or to the specific mobile phone. 10

2.1.3 IMSI/TMSI Mode The real mobile phone number is never transmitted over the air in GSM networks. Instead of phone numbers, GSM networks use special identities (IMSI or TMSI) for mobile phone authentication. Using a special technique, the system discovers the identity that corresponds to the particular phone number. These identities are stored in the target list and used for monitoring by specific phone number (see Fig.5). One of these identities (TMSI) is changed from time to time. The system automatically follows all TMSI modifications and automatically updates them in the Target List without intervention of the system operator. 2.2 Additional Operational Modes 2.2.1 Distance mode This mode allows interception of those conversations, and only those conversations, being made to or from mobile phones located at a given distance from Base Stations. The distance can be specified in the Receiver Setup Screen (see Fig.3). This mode may be used effectively when there is some Place of Interest and there are no particular phone numbers or other information about mobile phones for that place. 2.2.2 Reverse Mode When reverse mode is active, only conversations with active reverse channel (i.e. from mobile phones located near the Interceptor) will be intercepted. This mode can be very useful for interception of calls being made to or from a specific area when the Interceptor is in the area. Another very effective implementation is a combination of (main) Random Mode and (additional) Distance and Reverse Modes together with a unidirectional antenna. In this case a Place of Interest can be defined very closely, in terms of distance from one side and by azimuth from other side. 2.2.3 Phone Number Mode When this mode is active, the only calls intercepted will be calls made from or to a phone number defined in the Target List (see Fig.5 Target List Edit window). 11

2.2.4 IMEI mode Some GSM networks use IMEI identity. This parameter can be very useful as it s a characteristic of mobile phones which is never changed. In addition, this identity contains the model of the mobile phone. If IMEI is used by the GSM network, Interceptor will display models of mobile phones in the Protocol Window. 3. Effective radius The Interceptor s effective radius may depend on the direction of transmission. In mobile communication there are two directions: The direction outward from a base station to a mobile phone is considered the forward channel. Normally the system can intercept traffic in the forward channel at a distance of 3 to 10 km and even more, because a signal in the forward channel is strong. The opposite direction, from a mobile phone to a base station, is considered the reverse channel. Normally the system can intercept traffic in the reverse channel at a distance of only 100 to 600 meters, because a signal in the reverse channel is significantly weaker. The exact effective radius for the reverse channel depends on many factors, including walls and their thickness, relative positioning of the system and mobile phone, terrain, and more. As long as base station transmitters and mobile phone transmitters differ in power, the effective radius of the Interceptor will differ according to channel. But in order to hear both sides of the conversation, the Interceptor needs to be close enough for the weaker channel normally 600 meters or less. However, the Interceptor can also be used as a stationary device with unidirectional antennas. In this way, the effective radius for the reverse channel may be increased to as much as 1000 meters. 12

4. Decryption The purpose of security in a cellular telecommunications system is to protect conversations and signaling data from interception. The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available. Part of the enhanced security of GSM is due to the fact that it is a digital system using a speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital modulation, slow frequency hopping, and Time Division Multiple Access (TDMA) time slot architecture. To intercept and reconstruct such a signal requires highly specialized reception, synchronization and decoding equipment. For traffic in GSM networks, there are three encryption options: No encryption A5.2 encryption A5.1 encryption Whether the Interceptor will work with A5.1 or A5.2 encrypted networks depends on GSM networks settings. In some cases it works immediately and in real time. If the Interceptor does not work in particular encrypted network, but network operator agrees to cooperate, some changes in the network definitions can be done. Then the Interceptor will work without any further cooperation with the operator. Besides, with known encryption key (Ki) the system will work with any type of encryption. 5. How to choose the right configuration? Although the obvious answer, and often the best one, is the more channels, the better, still various factors such as budget may make this guideline less useful in practice. For choosing a price/performance level, there are three main performance considerations: 1. Ability not to miss calls 2. Ability not to miss a more important call than the one currently being intercepted 3. Ability to simultaneously intercept numerous calls Let s analyze each of those. 5.1 Ability not to miss calls At the beginning of interception, all existing receivers dedicated to forward channels must to be tuned to the nearest-to-target-phone base stations. Depending on its environment, a mobile phone can communicate with a GSM network via one of several preferred base stations located nearby. 13

In a rural environment or in a small town, there may be 1 2 preferred base stations. In such a case, a GSM Interceptor with 2 forward receiver channels may be enough. But in a big city, where base stations are close to one another, a mobile phone makes its choice among 2 3 or sometimes even more base stations. Then an Interceptor with at least 3 forward receiver channels will be necessary. Base Station 23 Base Station 28 Mobile Phone Base Station 44 Interceptor Base Station 30 Fig. 10 In Fig. 10 the mobile phone may choose among 4 base stations, so the Interceptor needs at least 4 forward receiver channels. If an Interceptor with 2 forward receiver channels is used in this situation, the chances of missing the call will be around 50%. 5.2 Ability not to miss a more important call than the one currently intercepted This is another important feature of the Interceptor. Suppose some call is intercepted. One of the forward receiver channels is then receiving voice traffic of the one of base stations and, if there are no additional free receivers, cannot monitor other calls of the base station. Therefore one of the preferred base stations is not under surveillance. If at this stage another call occurs that is more important, it can be missed. For that reason, it is very important to have a surplus of forward receiver channels over the number of preferred base stations. 5.3 Number of simultaneously intercepted calls For this model of the Interceptor, the number of reverse channels is usually equal to number of forward channels. One of our standard models has 4 forward and 4 reverse channels. In practice, this means that such an Interceptor can monitor and record four conversations simultaneously (including both sides of each conversation). 14

The Interceptors can be produced and supplied in various configurations depending on customer needs and budget. The following system configurations are standard: 2+2, 3+3, 4+4,, 8+8. 8+8 means that the system has 16 receiver channels: 8 forward channels and the other 8 reverse. It means that up to 8 concurrent calls can be intercepted and recorded in the same time. It also means that up to 8 base stations can be covered by the system. 15

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback