GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio. McAbee, C., Tummala, M., & McEachen, J. In 2015 48th Hawaii International Conference on System Sciences, pages 5422–5431, HI, USA, January, 2015. IEEE. Paper doi abstract bibtex This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.
@inproceedings{mcabee_gsm_2015,
address = {HI, USA},
title = {{GSM} to {UMTS} {Network} {Handover} {Vulnerability} {Testing} {Using} {Software}-{Defined} {Radio}},
isbn = {978-1-4799-7367-5},
url = {http://ieeexplore.ieee.org/document/7070467/},
doi = {10.1109/HICSS.2015.638},
abstract = {This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.},
language = {en},
urldate = {2020-05-20},
booktitle = {2015 48th {Hawaii} {International} {Conference} on {System} {Sciences}},
publisher = {IEEE},
author = {McAbee, Carson and Tummala, Murali and McEachen, John},
month = jan,
year = {2015},
pages = {5422--5431}
}
Downloads: 0
{"_id":"Av7jF3PRddbWeXx3h","bibbaseid":"mcabee-tummala-mceachen-gsmtoumtsnetworkhandovervulnerabilitytestingusingsoftwaredefinedradio-2015","authorIDs":[],"author_short":["McAbee, C.","Tummala, M.","McEachen, J."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","address":"HI, USA","title":"GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio","isbn":"978-1-4799-7367-5","url":"http://ieeexplore.ieee.org/document/7070467/","doi":"10.1109/HICSS.2015.638","abstract":"This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.","language":"en","urldate":"2020-05-20","booktitle":"2015 48th Hawaii International Conference on System Sciences","publisher":"IEEE","author":[{"propositions":[],"lastnames":["McAbee"],"firstnames":["Carson"],"suffixes":[]},{"propositions":[],"lastnames":["Tummala"],"firstnames":["Murali"],"suffixes":[]},{"propositions":[],"lastnames":["McEachen"],"firstnames":["John"],"suffixes":[]}],"month":"January","year":"2015","pages":"5422–5431","bibtex":"@inproceedings{mcabee_gsm_2015,\n\taddress = {HI, USA},\n\ttitle = {{GSM} to {UMTS} {Network} {Handover} {Vulnerability} {Testing} {Using} {Software}-{Defined} {Radio}},\n\tisbn = {978-1-4799-7367-5},\n\turl = {http://ieeexplore.ieee.org/document/7070467/},\n\tdoi = {10.1109/HICSS.2015.638},\n\tabstract = {This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots. The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the OpenBTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Airprobe’s GSM-receiver module.},\n\tlanguage = {en},\n\turldate = {2020-05-20},\n\tbooktitle = {2015 48th {Hawaii} {International} {Conference} on {System} {Sciences}},\n\tpublisher = {IEEE},\n\tauthor = {McAbee, Carson and Tummala, Murali and McEachen, John},\n\tmonth = jan,\n\tyear = {2015},\n\tpages = {5422--5431}\n}\n\n","author_short":["McAbee, C.","Tummala, M.","McEachen, J."],"key":"mcabee_gsm_2015","id":"mcabee_gsm_2015","bibbaseid":"mcabee-tummala-mceachen-gsmtoumtsnetworkhandovervulnerabilitytestingusingsoftwaredefinedradio-2015","role":"author","urls":{"Paper":"http://ieeexplore.ieee.org/document/7070467/"},"downloads":0,"html":""},"bibtype":"inproceedings","biburl":"https://bibbase.org/zotero/21h","creationDate":"2020-05-22T18:11:30.354Z","downloads":0,"keywords":[],"search_terms":["gsm","umts","network","handover","vulnerability","testing","using","software","defined","radio","mcabee","tummala","mceachen"],"title":"GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio","year":2015,"dataSources":["NpxDwkFvCjNmGYFSj"]}