Research On Hidden Point Attack Of Wireless Mobile Communication Networks Based On USRP

With the rapid development of mobile communication technology,wireless mobile communication networks have been used in various aspects of people's lives such as information exchange,mobile bank,and mobile payment.Due to the openness of wireless channels,mobile stations are vulnerable to monitor,interception and other attacks.Hidden fixed-point attacks can only aim at a specific target without affecting other mobile stations,so it is more aggressive.Therefore,the study of hidden fixed-point attacks on the target mobile station in wireless mobile network can provide a technical means for the security departments to monitor and chase the criminals.On the other hand,only a thorough research on the attack means can protect the network better.At the same time,it also provides reference for the next generation of wireless mobile communication network security design.This paper mainly analyzes the vulnerabilities of security protocol in Global System for Mobile Communication(GSM)network,designs and implements a scheme for monitoring,intercepting,falsifying,and disguising target sending messages,which only knows the target mobile phone number on the target mobile phone in GSM network.Meanwhile,based on the attack scheme of GSM network,a hidden fixed-point attack scheme for the target mobile station in the Long-Term Evolution(LTE)network is designed.The main work of this paper is as follows:1.Analysis of security flaws in GSM network.Based on the study of the basic architecture and protocol stack of GSM network,we focus our research on GSM network security mechanisms and security protocol vulnerabilities.2.Designed and implemented a targeted attack scheme for a target mobile station in GSM network.First,we use the HLR-lookup query to get the approximate location of the Mobile Station and use Silent-SMS to complete the precise location of the Mobile Station(MS).Secondly,we use the Universal Software Radio Peripheral(USRP)and Open BSC to build a GSM attacking Base Transceiver Station(BTS)and connect the target MS to attacking BTS.At the same time,the C118 cell phone and Osmocom BB are used to build an attacking phone which is used to achieve a man in the middle attack on the target mobile station so that the attacking phone completely replaces the identity of the target MS in GSM network.Then,we achieved interception,monitoring,falsification,and disguise of targeted mobile messages(including SMS and voice).Finally,we perform an International Mobile Subscriber Identification Number Detach attack on the target mobile station.3.Designed a targeted attack scheme for a target MS in LTE network.First,we use USRP and Open LTE to build the LTE attacking BTS and let the target mobile station connect to the attacking BTS.Secondly,the LTE attacking BTS sends the RRC connection release signaling to the MS and carries the GSM attacking BTS parameter information,it indicates that the target MS reconnects to the GSM attacking BTS from the LTE attacking BTS,and the MS falls back from 4G LTE network to 2G GSM network.At last,the target MS is attacked in the GSM network to intercept,monitor and tamper with the target mobile station SMS and voice message.