GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio. McAbee, C.; Tummala, M.; and McEachen, J. In 2015 48th Hawaii International Conference on System Sciences, pages 5422–5431, HI, USA, January, 2015. IEEE.
GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio [link]Paper  doi  abstract   bibtex   
This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.
@inproceedings{mcabee_gsm_2015,
	address = {HI, USA},
	title = {{GSM} to {UMTS} {Network} {Handover} {Vulnerability} {Testing} {Using} {Software}-{Defined} {Radio}},
	isbn = {978-1-4799-7367-5},
	url = {http://ieeexplore.ieee.org/document/7070467/},
	doi = {10.1109/HICSS.2015.638},
	abstract = {This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.},
	language = {en},
	urldate = {2020-05-20},
	booktitle = {2015 48th {Hawaii} {International} {Conference} on {System} {Sciences}},
	publisher = {IEEE},
	author = {McAbee, Carson and Tummala, Murali and McEachen, John},
	month = jan,
	year = {2015},
	pages = {5422--5431}
}
Downloads: 0