1587: COMMUNICATION SYSTEMS 1 Mobile Communications

1587: COMMUNICATION SYSTEMS 11st hour: Mobile Communications

2nd hour :Introduction to Cyber Security

Dr. George Loukas

University of Greenwich, 2015-2016

Handheld mobile phones

1973

2000

2008

1983

mobile service was only provided by one high powered transmitter/receiver

typically supported about 25 channels

had a radius of about 80km

Prior to cellular radio

1st Gen.: Cellular Networks1984

1-G 2-G 3-G 4-G

Cellular Networks Divide the area into cells using

multiple low power transmitters in each cell tiling pattern to provide full

coverage each with own antenna each with own range of

frequencies served by a base station

consisting of transceiver (transmitter – receiver) and control unit

adjacent cells use different frequencies to avoid crosstalk but cells sufficiently distant can use

same frequency band1-G 2-G 3-G 4-G

Cellular Geometries

11.4

All area is covered nicely,

BUT

antennas (at the centres of the squares) are not equidistant

11

Equidistant

BUT

There are gaps (or overlaps) between the circles

Equidistant

No gaps

11

Squares Circles Hexagons

1-G 2-G 3-G 4-G

Cellular Geometries

11

HexagonsFor the same reasons, hexagons are also very common in board and computer games

Equidistant

No gaps

1-G 2-G 3-G 4-G

Frequency Reuse Power of Base Transceiver

controlled Allows communication within

cell on given frequency Limits power escaping to

adjacent cells

Sharing cell frequencies with nearby (but not adjacent) cells without interfering with each other Allows multiple simultaneous

conversations 10 to 50 frequencies per cell

transceiver

1-G 2-G 3-G 4-G

Frequency Reuse PatternsTypical parameters:

Reuse factor N = number of cells in a repetitious pattern (each cell in the pattern uses a unique band of frequencies)

D = minimum distance between centers of cells that use the same band of frequencies

R = radius of a cell DR

1-G 2-G 3-G 4-G

Frequency Reuse Example

Total area covered = 32 x 6.65 = 213 km2 Total area covered = 133 x 1.66 = 221 km2

Consider a geographical area A divided into (a) 32 hexagonal cells of 1.6 km radius or (b) 133 hexagonal cells of 0.8 km radius. The reuse factor is 7 and there are 336 channels in total. Calculate:i) the number of channels per cellii) the maximum number of concurrent calls that can be handled in Aiii) the total area covered

1-G 2-G 3-G 4-G

336 / 7 = 48 channels per cell

(a) ii) Total channel capacity (number of concurrent calls that can be handled) = 48 x 32 = 1,536 channels

(b) ii) Total channel capacity (number of concurrent calls that can be handled) = 48 x 133 = 6,384 channels

(a) iii) 32 cells, each with radius R = 1.6 kmArea A = 3√3R2/2 = 6.65 km2

(b) iii) 32 cells, each with radius R = 0.8 kmArea A = 3√3R2/2 = 1.66 km2

Increasing Capacity add new channels

frequency borrowing congested cells take frequencies from adjacent

cells assign frequencies dynamically

cell splitting use smaller cells in high use areas

1-G 2-G 3-G 4-G

Increasing Capacity: Cell Splitting

Cells can be divided to provide more capacity.

To use a smaller cell, the power level must be reduced to keep the signal within the cell.

As the mobile units move, they pass from cell to cell, which requires transferring of the call from one base transceiver to another. This process is called a handoff.

The smaller the cells, the more frequent the handoffs.

1-G 2-G 3-G 4-G

Increasing Capacity: Cell Sectoring

Each sector is assigned a separate subset of the cell’s channels.

This reduces transmission power and increases battery life

1-G 2-G 3-G 4-G

Single omni-directional antenna

Three directional antennas (120o sectoring)

Six directional antennas (60o sectoring)

Operation of Cellular SystemA base station (BS) at centre of cell. Each BS has one or more antennas, a controller (handling the call process) and a number of transceivers (for communicating on the channels)

Between the mobile unit and the base station:• Control channels exchange information for setting up and

maintaining calls and establishing a relationship between a mobile unit and the nearest BS.

• Traffic channels carry voice or data connection between users.

Each BS is connected to a Mobile Telecommunications Switching Office (MTSO)

1-G 2-G 3-G 4-G

Call Stages

Monitor for strongest signal

Request connection

Paging

Call accepted

Ongoing Call

Handoff

MTSO

1-G 2-G 3-G 4-G

Design FactorsWhen designing a mobile phone network, we need to take into account:

Geography - Propagation effects (difficult to predict. Often using Okumura/Hata model for path loss)

desired maximum transmit power level at BS and mobile units typical height of mobile unit antennas available height of the BS antenna

Map of base stations around Greenwichfrom http://www.sitefinder.ofcom.org.uk

1-G 2-G 3-G 4-G

2nd Gen.: Digital Networks1991

1-G 2-G 3-G 4-G

2nd Gen Vs. 1st Gen

Digital channels encryption error detection and correction

1-G 2-G 3-G 4-G

Higher data rate

Greater capacity Better security

Shared channel access TDMA (Time division multiple access) FDMA (Frequency division …) CDMA (Code division …)

Thanks to:

Two types of 2G

Uses FDMA, TDMA

Many more subscribers.Covers the whole world, soroaming not an issue

But more interferenceand cells limited to 120 km

Introduced SMS messages

1-G 2-G 3-G 4-G

Uses CDMA

Great capacityVery large cell sizesEven low signal is enough for good qualityDropped calls less likely

But monopoly of a single company bars new entrants in market

Few subscribers

Short Message ServiceIntroduced as part of the GSM standardFirst SMS was sent in the UK over the

Vodafone GSM network (1992).Now, 200,000 SMS are sent every

second

Limited to ~160 charactersLarger SMS messages can be sent, but

need to be split and recombined when received

Includes control information (e.g. destination number, timestamp, data coding scheme …)

Best-effort delivery

Short Message Service Centre (SMSC): store-and-forward

SMS sent to

SMSC

SMS forwarded

if recipient

reachable.

Otherwise,

retry or drop

1-G 2-G 3-G 4-G

3rd and 4th Generation2002, 2010

1-G 2-G 3-G 4-G

Wireless Network Generations 1G 2G 2.5G 3G 4G

Design began 1970 1980 1985 1990 2000Implemented 1984 1991 1999 2002 2010

Provides Analogue voice

Digital voice Higher capacity

packetised data

Higher capacity,

broadband

Completely IP based

Data Rate 1.9 kbps 14.4 kbps 384 kbps 2 Mbps 200 MbpsMultiplexing FDMA TDMA,

FDMA, CDMA

TDMA, FDMA, CDMA

CDMA OFDMA

Core network PSTN PSTN PSTN, packet network

Packet network IP backbone

4-G3-G2-G1-G

Sep-3

9Jan

-40

May-40Se

p-40Jan

-41

May-41Se

p-41Jan

-42

May-42Se

p-42Jan

-43

May-43Se

p-43Jan

-44

May-44Se

p-44Jan

-45

May-45

0100000200000300000400000500000600000700000800000

Shipping lost to u-boats (in tons)

NCZW VUSX PNYM INHZ XMQX SFWX WLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX WCCB GVLI YXEO AHXR HKKF VDRE WEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJW MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOW OPBE KVWM UQFM PWPA RMFH AGKX IIBG

FORCED TO SUBMERGE DURING ATTACK, DEPTH CHARGES.LAST ENEMY LOCATION 08:30, NAVAL GRID AJ 9863, 220 DEGREES, 8 NAUTICAL MILESI AM FOLLOWING THE ENEMYBAROMETER 1014 MILLIBAR TENDENCY FALLING, NORTH NORTH EAST 4, VISIBILITY 10.

AHXR VUSX PNYM INHZ XMQX SFBX BLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX TCCB GVLI YXEO BCZA HKKF VDRE CEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJU MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOM OPBE KVJM UQFM PLPA RMFH AGKX IIBG ABLT STIE ANFQ LOTZ LPTR OURE JVMR SDAL PITC ZSET LGSO HPIY QTLF HCOT PATG HUVX LOUS MEAP DLEF NSQZ MYTR OIFD HGYC SPGO ZEOP GJSL BNDM TYLA FSLV ZBJA

WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

Sep-3

9Jan

-40

May-40Se

p-40Jan

-41

May-41Se

p-41Jan

-42

May-42Se

p-42Jan

-43

May-43Se

p-43Jan

-44

May-44Se

p-44Jan

-45

May-45

0100000200000300000400000500000600000700000800000

Shipping lost to u-boats (in tons)

500 BCSkytale 9th century

Al-Kindi1918

(enigma machine)

1976(Public-Key

cryptography)

CRYPTOGRAPHY

Cryptography

Single-key cryptographyAlso known as symmetric cryptography.

A binary message is encrypted and decrypted using the same secret key.The simplest type of binary encryption/decryption is to XOR each bit of the message with the secret key.

XOR =XOR =XOR =

logicalXOR

Message 1010100101010011010110 Key 0110011001010100110001

Encrypted message 1100111100000111100111

XOR

Cryptographic exerciseXOR =XOR =XOR =

logicalXOR

The hacker is looking for the solutions to the mock test. She knows the approximate format of the URL because that’s what George uses most of the time: http://staffweb.cms.gre.ac.uk/~lg47/lectures/COMP1587/COMP1587-MockTest2015-XXXX.docx She found the XXXX part but encrypted: 00010000 00010100 00000110 00001100 The encryption function is XOR. What is the XXXX part if the key is 01110101?

01110011 0111100101110101 01110101 01110101 01110101XOR00010000 00010100 00000110 00001100

01100101

e01100001

a s ya = 01100001 f = 01100110 k = 01101011 p = 01110000 u = 01110101 z = 01111010b = 01100010 g = 01100111 l = 01101100 q = 01110001 v = 01110110

ASCII TABLE OF CHARACTERS

c = 01100011 h = 01101000 m = 01101101

r = 01110010 w = 01110111

d = 01100100 i = 01101001 n = 01101110 s = 01110011 x = 01111000e = 01100101 j = 01101010 o = 01101111 t = 01110100 y = 01111001

Confidentiality

CONFIDENTIALITY

IntegrityJan. 2010: Spanish PM’s website defaced

June 2010: Stuxnet

CONFIDENTIALITY INTEGRITY

A computer program that altered the motor speeds of an Iranian nuclear facility’s centrifuges.

A common method is to use Cross-site Scripting (XSS)

<script>document.body.background="http://your_image.jpg";</script>

Availability2004: US businessman hires hackers to launch Denial of Service attacks against competitors. $2 million in losses.

2002: UK teenager disables Port of Houston web systems accidentally, while trying to take cyber-revenge over a girl.

2000: Canadian teenager knocks offline Amazon, yahoo, CNN, eBay ….

2008: Georgia accuses Russia of coordinated availability attacks, coinciding with military operations in South Ossetia.

2007: Estonian parliament, newspapers and banks are knocked offline by Russian hacktivists over a political issue

CONFIDENTIALITY INTEGRITY AVAILABILITY

Since then, the group Anonymous have launched several availability attacks for political purposes

A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010

Example DoS: Reflector attack• Send packets to

several computers pretending to be the target

• When they reply, they all send ACK packets to the target

G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010

A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.

CONFIDENTIALITY INTEGRITY AVAILABILITY

Common countermeasures

CONFIDENTIALITY INTEGRITY

Detect unauthorised access

Detect and remove malicious software

Block/filter connections to critical systems

Protect real users by attracting attacks to fake users

Set strict rules for users to reduce security breaches

Cyber-physical attacks

Underlying causes of security failures Monopolies present juicy targets. A single vulnerability affects

millions of people

Deficit of computer security experts in the market

Strong at Windows, Linux and network technologiesAbility to think adversariallyAbility to adapt/learn constantlyWriting well-structured and clear reportsWorking in teams

Job adverts

online

Malware analysisJoanna Rutkowska, Invisible Things Lab

White hat hacker, Google“Security Princess” Parisa Tabriz

Director of Technology StrategyJames Lyne, Sophos

1587: COMMUNICATION SYSTEMS 1 Mobile Communications

Documents

Transcript of 1587: COMMUNICATION SYSTEMS 1 Mobile Communications