Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Matthews Lab
Search
Search
Appearance
Log in
Personal tools
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
P2p mobile carriers
(section)
Page
Discussion
British English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= 15. References = [imei] Digital cellular telecommunications system (Phase 2+); Network architecture (GSM 03.02), page 9, https://www.etsi.org/deliver/etsi_gts/03/0302/05.01.00_60/gsmts_0302v050100p.pdf [vlr-update] Security in the GSM system, https://pdfs.semanticscholar.org/b0c8/493e0c6b6e5e08d870a1b318401236e07e82.pdf [u/sim-mem] SIM/USIM cards, http://cedric.cnam.fr/~bouzefra/cours/CartesSIM_Fichiers_Anglais.pdf [ss7-tracking] SS7: Locate. Track. Manipulate, https://www.slideshare.net/3G4GLtd/ss7-locate-track-manipulate-75689546 [any-time-interrogation] User Location Tracking Attacks for LTE Networks Using the Interworking Functionality, http://dl.ifip.org/db/conf/networking/networking2016/1570236202.pdf [imsi-catcher] The Messenger Shoots Back: Network Operator Based IMSI Catcher Detection, https://www.sba-research.org/wp-content/uploads/publications/providerICdetection.pdf [typhoon-box] Drone Warfare in Waziristan and the New Military Humanism, page 4, https://www.journals.uchicago.edu/doi/pdfplus/10.1086/701022 [aka-tracking] New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols, https://eprint.iacr.org/2018/1175.pdf [remote-uicc] 3GPP TSG SA WG3 Security – S3#30 , ftp://www.3gpp.org/tsg_sa/WG3_Security/TSGS3_30_Povoa/Docs/PDF/S3-030534.pdf [lawful-interception] GSM and 3G Security, http://www.blackhat.com/presentations/bh-asia-01/gadiax.ppt [emergency-location] ETSI TR 103 393 V1.1.1 (2016-03), page 12, https://www.etsi.org/deliver/etsi_tr/103300_103399/103393/01.01.01_60/tr_103393v010101p.pdf [breaking-a1-3] Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication, https://link.springer.com/chapter/10.1007/978-3-540-45146-4_35 [snow-weaknesses] Selected Areas in Cryptography: 9th Annual International Workshop, page 48 [kasumi-attack] A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephonym, https://www.iacr.org/archive/crypto2010/62230387/62230387.pdf [a5-2] Ian Goldberg, David Wagner, Lucky Green. The (Real-Time) Cryptanalysis of A5/2. Rump session of Crypto’99, 1999. [a5-1] Another Attack on A5/1, https://pdfs.semanticscholar.org/7b90/26428bf21b3b3c2208f50187a4922f90b0d8.pdf [carrier-milenage] TS 135 205 - V13.0.0 - Universal Mobile Telecommunications System (UMTS); LTE; 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1'', f2, f3, f4, f5 and f5''; Document 1: General (3GPP TS 35.205 version 13.0.0 Release 13), page 5, https://www.etsi.org/deliver/etsi_ts/135200_135299/135205/13.00.00_60/ts_135205v130000p.pdf [sim-cloning] SIM cards: attack of the clones, https://www.kaspersky.com.au/blog/sim-card-history-clone-wars/11091/ [stingray] LTE security, protocol exploits and location tracking experimentation with low-cost software radio , https://arxiv.org/abs/1607.05171 [msc-impersonation] User Location Tracking Attacks for LTE Networks Using the Interworking Functionality, http://dl.ifip.org/db/conf/networking/networking2016/1570236202.pdf [remote-adpu] Smart cards; Remote APDU structure for UICC based applications (Release 6, https://www.etsi.org/deliver/etsi_ts/102200_102299/102226/06.09.00_60/ts_102226v060900p.pdf [aka-protocol] Security analysis and enhancements of 3GPP authentication and key agreement protocol, https://ieeexplore.ieee.org/abstract/document/1413239 [gsm-crypto] MOBILE PHONE SECURITY SPECIALIZING IN GSM, UMTS, AND LTE NETWORKS, http://sdsu-dspace.calstate.edu/bitstream/handle/10211.3/123895/Lewis_sdsu_0220N_10457.pdf [2g-auth] Authentication and related threats in 2g/3g/4g networks, https://coinsrs.no/wp-content/uploads/2016/08/metochi2016-Borgaonkar-authentication-in-2g3g4g-networks.pdf [3g-auth] 3G Networks By Sumit Kasera, Nishit Narang, page 449 [5g-auth] A Formal Analysis of 5G Authentication, https://arxiv.org/pdf/1806.10360.pdf [4g-auth] AUTHENTICATION AND KEY AGREEMENT IN 3GPP NETWORKS, https://airccj.org/CSCP/vol5/csit54413.pdf [3gpp-auth] Confidentiality Algorithms, http://www.3gpp.org/specifications/60-confidentiality-algorithms [new-call] Module Interfaces (GSM Originating Call), https://www.eventhelix.com/gsm/originating-call/gsm-originating-call-cell-mobile-network-fixed-network-level-view.pdf [t-imsi] ETSI TS 101 347 V7.8.0 (2001-09), (page 31), https://www.etsi.org/deliver/etsi_ts/101300_101399/101347/07.08.00_60/ts_101347v070800p.pdf [gsm-101] https://www.slideshare.net/gprsiva/gsm-presentation-shaikot [gsm-protocol-stack] http://archive.hack.lu/2012/Fuzzing_The_GSM_Protocol_Stack_-_Sebastien_Dudek_Guillaume_Delugre.pdf [enigma] Enigma: Decentralized Computation Platform with Guaranteed Privacy, https://enigma.co/enigma_full.pdf [secret-contracts] Defining Secret Contracts, https://blog.enigma.co/defining-secret-contracts-f40ddee67ef2 [msg-integrity] From GSM to LTE-Advanced Pro and 5G: An Introduction to Mobile Networks and Mobile Broadband, https://books.google.com.au/books?id=AEozDwAAQBAJ&pg=PT269&lpg=PT269 [xposed] Development tutorial, https://github.com/rovo89/XposedBridge/wiki/Development-tutorial [rild] Radio Layer Interface, https://wladimir-tm4pda.github.io/porting/telephony.html [baseband-ki-extraction] Attacking the Baseband Modem of Mobile Phones to Breach the Users’ Privacy and Network Security, http://ccdcoe.eu/uploads/2018/10/Art-16-Attacking-the-Baseband-Modem-of-Breach-the-Users-Privacy-and-Network-Security.pdf [java-card] Java Card, https://docs.oracle.com/en/java/javacard/3.1/guide/index.html [sim-os] [DEFCON 21] The Secret Life of SIM Cards, https://www.youtube.com/watch?v=WMII5G98AdM [op-key] 3GPP TR 35.934, http://www.arib.or.jp/english/html/overview/doc/STD-T63V12_00/5_Appendix/Rel12/35/35934-c00.pdf [closed-auth] Everyday Cryptography: Fundamental Principles and Applications, page 503 [java-card-attacks] Malicious Code on Java Card Smartcards: Attacks and Countermeasures, https://link.springer.com/chapter/10.1007/978-3-540-85893-5_1 [tower-count] Number of telecom towers in the United States by company in 2018, https://www.statista.com/statistics/521985/telecom-towers-in-the-united-states/ [foam-protocol] Foam Protocol, https://foam.space/publicAssets/FOAM_Whitepaper.pdf [eap-tls] The EAP-TLS Authentication Protocol, https://tools.ietf.org/html/rfc5216 [5g-security] 5G Security: Standard and Technologies, https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Documents/3_Haiguang_Wang_Final1.pdf [5g-optional-tls] Security aspects of NextGen System (5G), https://uk5g.org/media/uploads/resource_files/5G-Security-TS33501.pdf [5g-masa] (WO2017152871) AUTHENTICATION MECHANISM FOR 5G TECHNOLOGIES , https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2017152871 [volte-ipsec] VoLTE Service Description and Implementation Guidelines, https://www.gsma.com/futurenetworks/wp-content/uploads/2014/05/FCM.01-v1.1.pdf [ux-response] Response time in man-computer conversational transactions, https://dl.acm.org/citation.cfm?id=1476628 [p-tmsi] 3GPP TS 24.301, https://www.arib.or.jp/english/html/overview/doc/STD-T63V12_20/5_Appendix/Rel9/24/24301-9b0.pdf [guti] GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier, https://www.ndss-symposium.org/wp-content/uploads/2018/03/NDSS2018_02A-4_Hong_Slides.pdf [5g-spec] ETSI TS 124 501 V15.1.0, https://www.etsi.org/deliver/etsi_ts/124500_124599/124501/15.01.00_60/ts_124501v150100p.pdf [premise-1] ETSI TR 123 912 V3.0.0, https://www.etsi.org/deliver/etsi_tr/123900_123999/123912/03.00.00_60/tr_123912v030000p.pdf [location-updates] 3GPP TS 23.236 V9.0.0, http://www.arib.or.jp/english/html/overview/doc/STD-T63V9_21/5_Appendix/Rel9/23/23236-900.pdf [tid-allocation-4g] ETSI TS 129 118 V11.9.0, https://www.etsi.org/deliver/etsi_ts/129100_129199/129118/11.09.00_60/ts_129118v110900p.pdf [tid-allocation] ETSI TS 124 008 V11.17.1, https://www.etsi.org/deliver/etsi_TS/124000_124099/124008/11.17.01_60/ts_124008v111701p.pdf [tmsi-implementation] Privacy through Pseudonymity in Mobile Telephony Systems, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.432.8241&rep=rep1&type=pdf [knox] Knox Platform, https://www.samsungknox.com/en/knox-platform [torrent] The BitTorrent Protocol Specification, http://www.bittorrent.org/beps/bep_0003.html [bitcoin] Bitcoin: A Peer-to-Peer Electronic Cash System, https://bitcoin.org/bitcoin.pdf [scuttlebutt] a decent(ralised) secure gossip platform, https://www.scuttlebutt.nz/ [mobile-network-overview] Mobile Networks Overview (2G / 3G / 4G-LTE), https://www.slideshare.net/HamidrezaBolhasani/mobile-networks-overview-2g-3g-4glte [ike-5g] ETSI TS 124 502 V15.0.0, https://www.etsi.org/deliver/etsi_ts/124500_124599/124502/15.00.00_60/ts_124502v150000p.pdf [voip-gprs] Voice over IP over GPRS, https://pdfs.semanticscholar.org/328b/9a2f6d8673ab7b4f1407eb8d7c6c9d3b7a84.pdf [4g-link-security] NIST Special Publication 800-187 Guide to LTE Security, https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-187.pdf [3g-4g-security] So what is the encryption in 3G/4G networks?, https://medium.com/asecuritysite-when-bob-met-alice/so-what-is-the-encryption-in-3g-4g-networks-139b8c0da3eb [hex-call] Packet Call - GSM, http://www.sharetechnote.com/html/BasicCallPacket_GSM.html [ciphering] Security Mechanisms in UMTS, https://pdfs.semanticscholar.org/15bd/5e647a495961fd388ab763da72b30ab6a5f1.pdf [op-specific] 3GPP TS 55.205 V8.0.0, http://www.qtc.jp/3GPP/Specs/GSM_GERAN/55205-800.pdf [java-card-reverse] Reversing the Operating System of a Java Based Smart Card , https://www.researchgate.net/publication/262604854_Reversing_the_Operating_System_of_a_Java_Based_Smart_Card [oscilloscope] Reverse engineering of Java Card applets, https://is.muni.cz/th/gkgiy/bc.pdf [adpu] The blackbox in your phone, https://fahrplan.events.ccc.de/camp/2011/Fahrplan/attachments/1867_sim.pdf <span id="outro"></span>
Summary:
Please note that all contributions to Matthews Lab may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Matthews Lab:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
