Security

There are three areas of security considered here:

a) Identity Theft - Could someone use mobile phone services and charge your account.
b) Phone-Tapping – Could someone use a femtocell solution to intercept your voice or data calls.
c) Bill Avoidance – Could a femtocell be used to avoid paying for services provided.

These are described in more detail below.

Identity Theft

Femtocells use the same authentication schemes to prove the identity of the end user as are used by mobile phone networks around the world. This is the same for both GSM and UMTS (3G) systems which are the most common. A SIM card (Subscriber Identification Module – a small chip the size of a thumbnail) holds a small electronic circuit with a coded secret. When a mobile phone first registers with a mobile network, a set of numbers are used to query the SIM card and the response compared with a set of answers provided by the network operator’s online database (the HLR or Home Location Register). These numbers change every time a registration is performed, and the method to generate them is known only to the SIM card and HLR.

Whilst the method of transporting the numbers and comparing them is standardised, the algorithm to create the numbers is not, and can potentially be different for every SIM card. Therefore, intercepting the information transferred would not provide a key which could be reused with other phones. Also, even if the key and algorithm was identified, this may not work with other batches of SIM cards or other operators. Up to now, the GSM SIM card security scheme has not been compromised, and even if it was broken for one operator or phone, this doesn’t mean that it is unlocked for any other subscribers. It would also be possible for operators to upgrade to a more complex scheme in the future.

Standard femtocells simply transfer these security messages from the mobile phone to the operator’s network, and so are not otherwise involved in the authentication process. Therefore, there is no security loophole to exploit, even if the messages could be intercepted. For the SIP based architecture proposed as a future alternative, it may be necessary for the femtocell itself to perform the authentication. This would involve comparing the two sets of numbers received from the mobile device and HLR. Whilst this may not allow easy breaking of the SIM code/algorithm, it could open up access into the operators network (e.g. access to the HLR) which they may not be comfortable with. Therefore, it would be expected that authentication continue to take place in the operator’s network, and the femtocell rely on that before allowing even “free” voice or data calls through the system.

Phone Tapping

A common concern of early mobile phone users was that their conversations might be overheard. Older, analogue networks often did not use any encryption over the air, and thus could easily be listened to by anyone in range. Digital networks, like GSM and UMTS, encode the voice and data messages sent from the mobile device to the basestation, effectively avoiding that problem. The other weak link is from the basestation to the operators central switching centres. Femtocells typically encrypt their voice and data traffic using secure tunnels (IPsec) between the femtocell and the operators network. This is may be more secure than when using the mobile phone outdoors, where no encryption is used.

Bill Avoidance

This falls in the same class as bypassing your electricity or gas meter, so that services can be obtained for free. Where all calls or data traffic are controlled by and routed through the core network, it is difficult to see how billing and charging functions could be avoided. However, if the femtocell itself becomes the controlling network element (ie the MSC or GSN function), then there is a risk that the femtocell could be compromised to achieve that purpose. We have seen considerable efforts to “hack” and unlock the iPhone, as well as re-engineering consumer boxes such as TiVo players, Xbox games machines etc. If it becomes possible to do this for a femtocell, then any core billing functions may be at risk. Vendors have proposed including a SIM card in the femtocell itself, in order to validate that the owner of the device is known, and thus stolen or compromised units can be disconnected from the network.

Hits : 21210

Comments   

#1 Anonymous said: 
>> bill avoidance

Translation: it may be difficult for a carrier to rent subscribers a low-power radio link from in or near the subscriber's home to equipment that the subscriber installs, provides power and backhaul for, shelters, and swaps out if it breaks. If the carrier actually *does* something for every call, it's easier to charge money for it. Some carriers consider this extremely unfair.
0 Quote 2007-10-29 13:02
 
  • 4

    more

    Residential

    Residential

    A significant number of users continue to report poor mobile coverage in their homes. There will always be areas which are uneconomic for mobile operator to reach. They range from rural areas

    ...
  • 4

    more

    Enterprise

    Enterprise

    The term Enterprise addresses any non-residential in-building including hotels, convention centres, transport hubs, offices, hospitals and retail outlets. It's not just intended for businesses to

    ...
  • 4

    more

    Urban

    Urban

    Urban small cells (sometimes also named metrocells) are compact and discrete mobile phone basestations, unobstrusively located in urban areas. They can be mounted on lampposts, positioned on the

    ...
  • 4

    more

    Rural

    Rural

    A rural small cell is a low power mobile phone base station designed to bring mobile phone service to small pockets of population in remote rural areas. These could be hamlets, small villages or

    ...
Categories
Backhaul Timing and Sync Chipsets Wi-Fi LTE TDD Regional

Popular Categories

Follow us on...

footer-logo

Search