Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

SDR based project featuring Jamming and Sniffing capabilitie

No description
by

on 18 July 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of SDR based project featuring Jamming and Sniffing capabilitie

SDR based project featuring Jamming and Sniffing capabilities to intercept GSM communication for Monitoring and Control

Project Team
Group Members :
Rana Arslan Ahmad Muhammad Tayyab
E10-117 E10-065
Ahmad Jan Noman Arshad
E10-007 E10-073

Supervisor
Mr. Hammad A. Khan (C@RE)

Co-supervisor
Mr. Mian Jehanzeb (C@SE)

Project Scope
Contents
Project Scope
Motivation
Applications
Funding Details
Outcomes
Private Cellular Network
High Power Output capability
GSM Jammer
GSM Interceptor
Man-in-the-Middle Attack
Decrypting GSM phone calls
Conclusion
References
Motivation
Providing GSM cellular communication in un-served / under-served areas

Jamming cellular communication in sensitive areas whenever required

Sniffing cellular communication to intercept a possible security threat

Outcomes
Private cellular network
Private cellular network(Cont’d)
Established Cellular network

Enhanced range up-to hundred meters(tested)

Ability to exchange messages

Voice call service in progress

To understand and implement GSM system on SDR platform, creating cellular network
and to block & sniff cell phones when required

Outcomes
Private cellular network
High Power Output capability

GSM Jammer


GSM Interceptor

Private cellular network
Power amplifier is used for:
GSM Jammer Application
Increase range of cellular network

High Power Output capability
High Power Output capability(Cont’d)
40W (13.8V, 10A max) power amplifier imported from USA

Input power requirement of power amplifier (10-50mW)

Transmitter (daughter board) Max Output Power (200mW)

System Diagram
High Power Output capability
(Block Diagram)
(Results)
Transmitting Power before Amplification
A 30dB attenuation has been added before inputting the power to spectrum
analyzer as safety precaution Peak power shown on spectrum analyzer is
-18.11dBm which is equivalent to 15.45mW(after removing attenuation) at
933.13MHz

Transmitting Power after Amplification
A 30dB attenuation has been added before inputting the power to spectrum analyzer as safety precaution Peak power shown on spectrum analyzer is 9.47dBm which is equivalent to 8.85W(after removing attenuation) at 933.13MHz

GSM Jammer
GSM Jammer
Automatically jam IED

Two techniques for jamming purpose are
Signal Jamming
(USUALLY USED)

Forced BTS selection
Transmitted 2W signal for testing purpose

Power controlled by setting source to 13.8V & 2A

Tested in indoor environment

11 Users registered (jammed)
GSM Jammer (Cont'd)
GSM Jammer
System diagram
GSM Interception
GSM Interception
Monitor and control the GSM communication

Did extensive research

Multiple techniques implemented are:

Man-in-the-Middle(MITM) Attack
Airprobe
Man-in-the-Middle
(MITM) Attack
MITM Attack
Hardware Overview
Man-in-the-Middle Attack (Cont’d)
Decrypting GSM Phone Calls
Decrypting GSM Phone Calls
A new technique of GSM eavesdroping investigated by our project group
It requires following tools:
GnuRadio
Airprobe
Kraken
Decrypting GSM Phone Calls (Cont’d)
“Recorded Data Off the Air”
Decrypting GSM Phone
Calls (Cont’d)“Decoding Calls”
Airprobe decodes control traffic

Airprobe decodes unencrypted voice traffic

Airprobe also decodes voice traffic if encryption key is known
Decrypting GSM Phone
Calls (Cont’d)
“Decoded Control Traffic”
Decrypting GSM Phone Calls (Cont’d)
Secret key can be extracted from recorded traffic

“Kraken” used as cracking tool

Kraken finds the secret key in a set of rainbow tables
Conclusion
We scrutinized GSM using:
OpenBTS
Osmocom-BB
Airprobe
And many more…


Conclusion
Capturing the GSM signals off the air
remains the bottleneck

Channel hoping prevents correct capture
of GSM packets

Online decryption is much difficult job

Requires very fast signal processing

Requires a lot of automation

Offline analysis can be performed

Conclusion
TITLE
Applications
Security Agencies
VIP convoys
People interested in private cellular network
Can be used to secure sensitive ares
Funding Details
Funded by “Center for Advanced Research in Engineering (C@RE)”

Private Cellular Network (Cont’d)
“Results”
Private Cellular Network (Cont’d)
“Results”
Private Cellular Network (Cont’d)
“Results”
GSM Jammer (Cont’d)
“Results”
GSM Jammer (Cont’d)
“Results”
GSM Jammer (Cont’d)
“Results”
USRP can act as a cell tower towards a mobile phone

But USRP cannot act as a cell phone towards a cell tower

Decrypting GSM Phone
Calls (Cont’d)
The flowchart of the process is:
Decrypting GSM Phone Calls (Cont’d)
“Recording Calls”
GSM data recorded off the air

USRP provides necessary processing blocks

GnuRadio used to record channels
https://wush.net/trac/rangepublic/wiki/BuildInstallRun
https://wush.net/trac/rangepublic/wiki/WikiStart#WherecanIgetthelatestcode
https://wush.net/trac/rangepublic/wiki/yateConfig
https://svn.berlin.ccc.de/projects/airprobe/
https://svn.berlin.ccc.de/projects/airprobe/wiki/WorkingWithTheUSRP
https://svn.berlin.ccc.de/projects/airprobe/wiki/A
https://srlabs.de/airprobe-how-to/
http://bb.osmocom.org/trac/wiki/GSMTAP
http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
http://ferrancasanovas.wordpress.com/cracking-and-sniffing-gsm-with-rtl-sdr-concept/
http://archive.today/9P642
http://bb.osmocom.org/trac/

References
Full transcript