General Packet Radio Service security is the packet-switched extension to GSM, it is 2.5G, provides packet-switched data services, usually charges based on volume of data transmitted and it is suited to crowded traffic. Some of the applications would include typical data services like messaging, downloading, corporate LAN access and browsing. It allows the ability of users to use the same phone in a number of network-related countries, short message service which allows users to send and receive 126 characters text messages, allows data transmission and reception, fax transmission and reception across GSM network at a speed of 9600 bps, forwarding of calls to another number, conferencing of calls to multiple parties simultaneously. It allocates scarce radio resources more efficiently by supporting virtual connectivity, migrates traffic that was previously sent using circuit switched data to GPRS instead reducing SMS center and signaling channel loading by migrating some traffic that previously sent using SMS to GPRS instead of using the GPRS/SIM interconnect that is supported by the GPRS standards. GPRS is a new non-voice value added service that allows information to be sent and received across a mobile telephone network. Enabling GPRS on a GSM network requires the addition of two core modules, the Gateway GPRS Service Node and the Serving GPRS Node. GGSN acts as a gateway between GPRS network and Public Data Networks such as IP, it also connects to other GPRS networks to facilitate GPRS roaming. SGSN provides packet routing to and from the SGSN service area for all users in that service area.
GPRS network connects to the Internet, corporate networks and other network service providers who provide services to subscribers. Subscribers are then exposed to viruses like worms, denial of service attaks, trojan horses and other malicious network traffic. Threats would include availability as attackers may be able to flood the link from PDN to the mobile operator with network traffic that prohibits legitimate traffic to pass, confidentiality as there is no protection of data from an MS to the public data network or corporate network, hence it is assumed that other parties are able to viewed the data if IP security or application layer security is not used. Authentication and authorization would also be a threat unless layer 2 or layer 3 tunnels are used at the GGSN to the corporate network, it is also possible for one MS to access the corporate network of another customer. Source address of network traffic cannot be relied upon for authentication and authorization purposes because MS or hosts beyond the MS can create packets with any addresses regardless of IP address assigned to the MS. Solutions to GPRS threats would be using logical tunnels from GGSN to corporate networks because it is not possible to route traffic from the Internet to a corporate network or between corporate network at all. In order to implement this, users have to make sure GGSN can logically separate corporate networks in layer 2 and layer 3 tunnels. If the connection to the corporate network is via the Internet, use IPSec to connect GGSN to the corporate network. Another way would be using traffic rate limiting because it prioritize IPSec traffic from corporate networks over that traffic on connections to Internet. This will ensure attacks from Internet cannot disrupt mobile intranet services, also consider using a separate physical interface for internet traffic separate from corporate internet traffic.
References:
Hi Hui Si, many good points on this topic. You have clearly described and explained what GPRS is and how it works. The threats you have mentioned is also clear and concise. Informative posts with a lot of information can be found here!
ReplyDeleteHowever you can do it in point form as it's pretty hard to read. The image is kinda small and I can't zoom it in. Overall, the post can be improved but nevertheless, good job.
Hello Hui Si, You have mention some possible attack that the GPRS network might encounter such as denial-of-service attack. However, do you know that there are many different kind of dos attack.
ReplyDeleteAnother suggestion is you should paragraph your content nicely so that it is easier for readers to read.
Your post can be further improved! :)
Hello Hui Si! The content of your GSM aspect is very much in detail, which is good. However, you have not indicated that the features of the GSM is related to security, which is very misleading in some cases. It would be better to specify them. You have also stated certain security threats and explained them in detail. To improve on the overall look, short forms should only be included after they are written in full form first. E.g. BTS, BSC, etc. Lastly, solutions for DoS was not stated. It will also be better to paraphrase the content as they are too cramped together. In general, not bad! :D
ReplyDeleteHi Hui Si,
ReplyDeleteWhen I open up your link , first thing that came to my mind is that it very messy and wordy. To user this will be a super turn off, the next thing they will do is to close your link before even reading it. Think you should organize your information properly, some ways might be to pharagraph your information don't put it all in one chunk makes it very hard for reader to read.
But still good job done on the information part as there was a lot of revelent informtaion on GPRS can see that you did do your research.
hi, the content of the post is good , however, your post is very difficult to read. Maybe your can split it into a few paragraph in order to make us read easily. but at least the post is relevant.
ReplyDeleteThe content of your post is sufficient, but the layout of your content is alittle hard to read. you can divide your content into sections so that the reader will have better understanding of the contents.
ReplyDeleteHi, Hui Si, i found out that the contents in your post is sufficient enough for the readers who are already familiar with mobile network for general. But it would be more great if you expand the short terms and explain them about generally. So that even beginners could read it but your post is still good though :)
ReplyDelete