Mobile Communications - University of Greenwich

download report

Transcript Mobile Communications - University of Greenwich

1587: COMMUNICATION SYSTEMS 1
1st hour: Mobile Communications
2nd hour :Introduction to Cyber Security
Dr. George Loukas
University of Greenwich, 2015-2016
Handheld mobile phones
Prior to cellular radio

mobile service was only provided by one high
powered transmitter/receiver

typically supported about 25 channels

had a radius of about 80km
1st Gen.: Cellular Networks
1-G
2-G
3-G
4-G
Cellular Networks

Divide the area into cells using
multiple low power transmitters
in each cell




tiling pattern to provide full
coverage
each with own antenna
each with own range of frequencies
served by a base station


consisting of transceiver (transmitter
– receiver) and control unit
adjacent cells use different
frequencies to avoid crosstalk

but cells sufficiently distant can use
same frequency band
1-G
2-G
3-G
4-G
Cellular Geometries
Squares
1.4
1
All area is
covered nicely,
Circles
Hexagons
1
1
1
Equidistant
Equidistant
BUT
BUT
antennas (at the
centres of the
squares) are not
equidistant
1-G
1
There are gaps (or
overlaps) between
the circles
2-G
3-G
No gaps
4-G
Cellular Geometries
For the same reasons, hexagons are also very
common in board and computer games
Hexagons
1
1
Equidistant
No gaps
1-G
2-G
3-G
4-G
Frequency Reuse

Power of Base Transceiver
controlled



transceiver
Sharing cell frequencies with
nearby (but not adjacent)
cells without interfering with
each other


1-G
2-G
Allows communication within
cell on given frequency
Limits power escaping to
adjacent cells
Allows multiple simultaneous
conversations
10 to 50 frequencies per cell
3-G
4-G
Frequency Reuse Patterns
Typical parameters:

Reuse factor N = number of cells in a
repetitious pattern (each cell in the
pattern uses a unique band of
frequencies)

D = minimum distance between centers
of cells that use the same band of
frequencies

R = radius of a cell
1-G
2-G
3-G
4-G
Frequency Reuse Example
Consider a geographical area A divided into (a) 32 hexagonal cells of 1.6 km radius or
(b) 133 hexagonal cells of 0.8 km radius. The reuse factor is 7 and there are 336
channels in total. Calculate:
336 / 7 = 48 channels per cell
i) the number of channels per cell
ii) the maximum number of concurrent calls that can be handled in A
iii) the total area covered
(a) ii) Total channel capacity (number of
concurrent calls that can be handled)
= 48 x 32 = 1,536 channels
(a) iii) 32 cells, each with radius R = 1.6
km
Area A = 3√3R2/2 = 6.65 km2
Total area covered = 32 x 6.65 = 213 km2
1-G
2-G
(b) ii) Total channel capacity (number of
concurrent calls that can be handled)
= 48 x 133 = 6,384 channels
(b) iii) 32 cells, each with radius R = 0.8 km
Area A = 3√3R2/2 = 1.66 km2
Total area covered = 133 x 1.66 = 221 km2
3-G
4-G
Increasing Capacity
 add
new channels
 frequency


congested cells take frequencies from adjacent cells
assign frequencies dynamically
 cell

borrowing
splitting
use smaller cells in high use areas
1-G
2-G
3-G
4-G
Increasing Capacity: Cell Splitting
Cells can be divided to provide more
capacity.
To use a smaller cell, the power level
must be reduced to keep the signal
within the cell.
As the mobile units move, they pass
from cell to cell, which requires
transferring of the call from one base
transceiver to another. This process is
called a handoff.
The smaller the cells, the more frequent
the handoffs.
1-G
2-G
3-G
4-G
Increasing Capacity: Cell Sectoring
Single omni-directional
antenna
Three directional
antennas (120o sectoring)
Six directional antennas
(60o sectoring)
Each sector is assigned a separate subset of the cell’s channels.
This reduces transmission power and increases battery life
1-G
2-G
3-G
4-G
Operation of Cellular System
A base station (BS) at centre
of cell. Each BS has one or
more antennas, a controller
(handling the call process)
and a number of
transceivers (for
communicating on the
channels)
Each BS is connected to a Mobile
Telecommunications Switching
Office (MTSO)
Between the mobile unit and the base station:
• Control channels exchange information for setting up and
maintaining calls and establishing a relationship between a mobile
unit and the nearest BS.
• Traffic channels carry voice or data connection between users.
1-G
2-G
3-G
4-G
Call Stages
Monitor for strongest signal
M
T
S
O
Request connection
Paging
Call accepted
Ongoing Call
Handoff
1-G
2-G
3-G
4-G
Design Factors
When designing a mobile phone network, we need to take into account:




Geography - Propagation effects (difficult to predict. Often using
Okumura/Hata model for path loss)
desired maximum transmit power level at BS and mobile units
typical height of mobile unit antennas
available height of the BS antenna
Map of base stations around Greenwich
from http://www.sitefinder.ofcom.org.uk
1-G
2-G
3-G
4-G
2nd Gen.: Digital Networks
1-G
2-G
3-G
4-G
2nd Gen Vs. 1st Gen
Higher data rate
Greater capacity
Better security
Thanks to:
Digital channels


encryption
error detection and correction
Shared channel access



TDMA (Time division multiple access)
FDMA (Frequency division …)
CDMA (Code division …)
1-G
2-G
3-G
4-G
Two types of 2G
Uses CDMA
Uses FDMA, TDMA
Great capacity
Very large cell sizes
Even low signal is enough for good
quality
Dropped calls less likely
But monopoly of a single company
bars new entrants in market
Many more subscribers.
Covers the whole world, so
roaming not an issue
But more interference
and cells limited to 120 km
Introduced SMS messages
Few subscribers
1-G
2-G
3-G
4-G
Short Message Service
Short Message Service Centre
(SMSC): store-and-forward
Introduced as part of the GSM standard
First SMS was sent in the UK over the
Vodafone GSM network (1992).
Now, 200,000 SMS are sent every second
Limited to ~160 characters
Larger SMS messages can be sent, but
need to be split and recombined when
received
Includes control information (e.g.
destination number, timestamp, data
coding scheme …)
Best-effort delivery
1-G
2-G
3-G
4-G
3rd and 4th Generation
1-G
2-G
3-G
4-G
Wireless Network Generations
1G
2G
2.5G
3G
4G
Design began
1970
1980
1985
1990
2000
Implemented
1984
1991
1999
2002
2010
Provides
Analogue
voice
Digital voice
Higher capacity
packetised data
Higher capacity,
broadband
Completely IP
based
Data Rate
1.9 kbps
14.4 kbps
384 kbps
2 Mbps
200 Mbps
Multiplexing
FDMA
TDMA, FDMA,
CDMA
TDMA, FDMA,
CDMA
CDMA
OFDMA
Core network
PSTN
PSTN
PSTN, packet
network
Packet network
IP backbone
1-G
2-G
3-G
4-G
May-45
Jan-45
Sep-44
May-44
Jan-44
Sep-43
May-43
Jan-43
Sep-42
May-42
Jan-42
Sep-41
May-41
Jan-41
Sep-40
May-40
Jan-40
Sep-39
Shipping lost to u-boats (in tons)
800000
700000
600000
500000
400000
300000
200000
100000
0
May-45
Jan-45
Sep-44
May-44
Jan-44
Sep-43
May-43
Jan-43
Sep-42
May-42
Jan-42
Sep-41
May-41
Jan-41
Sep-40
May-40
Jan-40
Sep-39
Shipping lost to u-boats (in tons)
800000
700000
600000
500000
400000
300000
200000
100000
0
FORCED TO SUBMERGE DURING ATTACK, DEPTH CHARGES.
LAST ENEMY LOCATION 08:30, NAVAL GRID AJ 9863, 220 DEGREES, 8
NAUTICAL MILES
I AM FOLLOWING THE ENEMY
BAROMETER 1014 MILLIBAR TENDENCY FALLING, NORTH NORTH
EAST 4, VISIBILITY 10.
NCZW VUSX PNYM INHZ XMQX SFWX WLKJ AHSH NMCO CCAK
UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO
HULX WCCB GVLI YXEO AHXR HKKF VDRE WEZL XOBA FGYU JQUK
GRTV UKAM EURB VEKS UHHV OYHA BCJW MAKL FKLM YFVN RIZR
VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOW OPBE KVWM UQFM
PWPA RMFH AGKX IIBG
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
AHXR VUSX PNYM INHZ XMQX SFBX BLKJ AHSH NMCO CCAK UQPM KCSM
HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX TCCB GVLI YXEO
BCZA HKKF VDRE CEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV
OYHA BCJU MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV
RHOM OPBE KVJM UQFM PLPA RMFH AGKX IIBG ABLT STIE ANFQ LOTZ LPTR
OURE JVMR SDAL PITC ZSET LGSO HPIY QTLF HCOT PATG HUVX LOUS MEAP
DLEF NSQZ MYTR OIFD HGYC SPGO ZEOP GJSL BNDM TYLA FSLV ZBJA
May-45
Jan-45
Sep-44
May-44
Jan-44
Sep-43
May-43
Jan-43
Sep-42
May-42
Jan-42
Sep-41
May-41
Jan-41
Sep-40
May-40
Jan-40
Sep-39
Shipping lost to u-boats (in tons)
800000
700000
600000
500000
400000
300000
200000
100000
0
Cryptography
500 BC
Skytale
9th century
Al-Kindi
1918
(enigma machine)
1976
(Public-Key
cryptography)
CRYPTOGRAPHY
Single-key cryptography
logical
XOR
XOR
XOR
XOR
Also known as symmetric cryptography.
A binary message is encrypted and
decrypted using the same secret key.
The simplest type of binary encryption/decryption is to
XOR each bit of the message with the secret key.
Message 1010100101010011010110
Key
0110011001010100110001
Encrypted message 1100111100000111100111
XOR
=
=
=
Cryptographic exercise
logical
XOR
XOR
XOR
XOR
=
=
=
The hacker is looking for the solutions to the mock test. She knows the approximate
format of the URL because that’s what George uses most of the time:
http://staffweb.cms.gre.ac.uk/~lg47/lectures/COMP1587/COMP1587-MockTest2015-XXXX.docx
She found the XXXX part but encrypted: 00010000 00010100 00000110 00001100
The encryption function is XOR. What is the XXXX part if the key is 01110101?
00010000 00010100 00000110 00001100
XOR 01110101 01110101 01110101 01110101
01100101 01100001 01110011 01111001
e
a
s
y
a = 01100001
f = 01100110
k = 01101011
p = 01110000
u = 01110101
b = 01100010
g = 01100111
l = 01101100
q = 01110001
v = 01110110
c = 01100011
h = 01101000
m = 01101101
r = 01110010
w = 01110111
d = 01100100
i = 01101001
n = 01101110
s = 01110011
x = 01111000
e = 01100101
j = 01101010
o = 01101111
t = 01110100
y = 01111001
z = 01111010
ASCII
TABLE OF
CHARACTERS
Confidentiality
CONFIDENTIALITY
Integrity
June 2010: Stuxnet
Jan. 2010: Spanish
PM’s website defaced
A computer program that altered
the motor speeds of an Iranian
nuclear facility’s centrifuges.
A common method is to use Cross-site
Scripting (XSS)
<script>document.body.background="http://your_im
age.jpg";</script>
CONFIDENTIALITY
INTEGRITY
Availability
2000: Canadian teenager
knocks offline Amazon,
yahoo, CNN, eBay ….
2002: UK teenager disables
Port of Houston web systems
accidentally, while trying to
take cyber-revenge over a girl.
2008: Georgia accuses Russia of
coordinated availability attacks,
coinciding with military operations
in South Ossetia.
2004: US businessman
hires hackers to launch
Denial of Service attacks
against competitors. $2
million in losses.
2007: Estonian
parliament,
newspapers and
banks are knocked
offline by Russian
hacktivists over a
political issue
Since then, the
group
Anonymous have
launched several
availability
attacks for
political purposes
A Denial of Service attack (DoS) is any intended attempt to prevent
legitimate users from reaching a specific network resource.
G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
Example DoS: Reflector attack
• Send packets to
several
computers
pretending to be
the target
• When they
reply, they all
send ACK
packets to the
target
A Denial of Service attack (DoS) is any intended attempt to prevent
legitimate users from reaching a specific network resource.
G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
Common countermeasures
Detect and
remove malicious
software
Protect real
users by
attracting
attacks to
fake users
Block/filter
connections to
critical systems
Detect
unauthorised
access
Set strict rules
for users to
reduce security
breaches
CONFIDENTIALITY
INTEGRITY
Cyber-physical attacks
Underlying causes of security failures

Monopolies present juicy targets. A single vulnerability affects
millions of people

Deficit of computer security experts in
the market
Strong at Windows, Linux and network technologies
Ability to think adversarially
Ability to adapt/learn constantly
Writing well-structured and clear reports
Working in teams
White hat hacker, Google
“Security Princess” Parisa Tabriz
Malware analysis
Joanna Rutkowska,
Invisible Things Lab
Director of Technology
Strategy
James Lyne, Sophos