GSM and Security

Part 1: Key GSM Concepts (Day 1)

 

• Cellular concept and radio propagation
  • • Base and mobile stations
    • RF propagation and path loss
    • Antennas and frequency reuse
• Duplexing and multiple access
  • • Time and frequency division duplexing
    • Time and frequency division multiple access
    • Code division multiple access
    • Frequency hopping concept
• Evolution of cellular communications
  • • Circuit and packet switching
    • 3GPP, 3GPP2, and IEEE LAN/MAN standardization
    • 1G to 4G
    • Phone comparisons
• Overview of GSM architecture, protocols, and services
  • • System architecture
    • Protocol layer overview
    • Protocol functions and standards
    • Operating frequencies
    • GSM data: GPRS and EDGE overview
• Addressing and numbering
  • • Cell identities
    • Mobile station identities

 

Part 2: Modulation and Coding for GSM (Day 1)

 

• GSM modulation methods
  • • Modulated signal structure
    • Amplitude, frequency, and phase shift keying
    • Gaussian minimum shift keying (GMSK)
• Error control
  • • Error detection
    • Error correction
    • Automatic repeat request
• Speech coding
  • • Speech quality rating
    • Speech coding methods and complexity
    • GSM speech coding techniques
    • GSM speech frame construction

 

Part 3: GSM Air Interface (Day 2)

 

• GSM TDMA and physical channels
  • • Time slots and their use within a frame
    • Frame structures and hierarchy
    • Physical channels and their properties
    • Uplink and downlink timing
• GSM logical channels
  • • Broadcast channels (BCH): Broadcast control, frequency correction, synchronization
    • Common control channels (CCCH): Paging, random access, access grant
    • Dedicated control channels (DCCH): Stand-alone dedicated control channels
    • Associated control channels (ACCH): Slow and fast
    • Traffic control channels (TCH): Full rate, half rate, cell broadcast
• GSM burst family: Mapping logical channels to physical channels
  • • Normal
    • Frequency correction
    • Synchronization
    • Access
    • Dummy
• Radio subsystem link control
  • • Radio performance requirements
    • Channel measurements
    • Transmission power control
    • Channel failure disconnect
    • Power conservation

 

Part 4: GSM Protocols and Call Processing (Day 2)

 

• Call routing and termination
  • • Routing calls to the MS
    • Call termination
• Handover
  • • Intra-MSC handover
    • Handover decision process and timing
    • MAP and inter-MSC handover
• Key Performance Indicators (KPI)
  • • Speech quality
    • Bit and frame error rate
    • Dropped call rate
    • Call and handover success rates

 

• Quality-of-Service (QoS) requirements
  • • The QoS challenge
    • General QoS categories
    • QoS parameter negotiation
    • QoS management
• General Packet Radio Service (GPRS)
  • • Network architecture
    • Protocol structures
    • GPRS on the GSM air interface
    • Medium access control
    • Radio link control
    • Mobility management
• Enhanced Data Rates for GSM Evolution (EDGE)
  • • EDGE modulation and coding
    • EDGE air interface protocols
    • MAC and RLC procedures
• Key Performance Indicators (KPI)
  • • Reliability
    • Throughput
    • Delay

 

Part 7: Location-Based Services (Day 4)

 

• Introduction to LBS
  • • Definitions
    • Classifications and applications
• Location management
  • • Location update and paging
    • Location management in circuit and packet switched networks
• Location services methods and performance
  • • Accuracy requirements
    • Cell identity and timing advance (TA)
    • Enhanced observed time difference (E-OTD)
    • Uplink time difference of arrival (U-TDoA)
    • Assisted GPS
• LBS operation
  • • Patterns and privacy
    • Architecture and protocols

 

Part 8: Communication Security (Day 4)

 

• Wireless security challenges
  • • Threat categories and attack methods
    • General security setup process
• Attacks in mobile environments
  • • Illicit use
    • Spoofing
    • Man-in-the-middle
    • Interception of data
    • Denial of service
• Mobile malware
  • • Basics and characteristics of malware
    • Types of malware: Worm, virus, phishing, etc.
    • Examples of malware in mobile devices
• Cryptography basics
  • • Symmetric cryptography
    • Asymmetric cryptography
    • Public key infrastructure
    • Digital signature
    • Cryptographic attacks
• Access control and authentication
  • • Weak and strong authentication schemes
    • Attacks on authentication
    • Authorization and access control
• Smart card security
  • • Smart card basics
    • Smart card communication
    • Invasive and non-invasive attacks on smart cards
• GSM security
  • • GSM security model
    • Basic attacks on GSM
    • GSM encryption algorithms
    • Advanced attacks on GSM
    • Improving GSM security
• Overview of 3G network security
  • • Access and domain security
    • Mitigating GSM security weaknesses
    • Attacks on 3G networks

 

Part 9: Beyond GSM (Day 5)

 

• Universal Mobile Telecommunications System (UMTS)
  • • Network structure and protocols
    • Overview of code division multiple access
    • Summary of the UMTS air interface
    • CAMEL: Bringing intelligent networking to GSM and UMTS
• High-Speed Packet Access (HSPA)
  • • HSDPA (down link) and HSUPA (up link)
    • Review of the HSPA air interface
• Long-Term Evolution (LTE)
  • • Network structure and protocols
    • Overview of orthogonal frequency division multiplexing (OFDM)
    • Summary of the LTE air interface
• Technology comparisons
  • • Summary of cdmaOne
    • Summary of cdma2000
    • Summary of WiMax
    • GSM vs cdmaOne
    • UMTS vs cdma2000
    • LTE vs WiMAX
• Wrap-up
  • • Course Recap and Q/A
    • Evaluations