Upload
zahid-ghadialy
View
7.254
Download
3
Embed Size (px)
DESCRIPTION
Collecting Big Data in an Increasingly Complex Mobile World, presented by Moray Rumney, Lead technologist, Agilent in The Future of Wireless International Conference 2013 (#FWIC2013)
Citation preview
Collecting Big Data in
an Increasingly
Complex Mobile World
Moray Rumney
Lead technologist
1st July 2013
Copyright Agilent Technologies 2013
1
Moray Rumney Collecting Big Data
1st July 2013 2
Agenda
Collecting wireless data – some big questions
Vulnerability of systems
IMSI catching
Geo-location techniques
TMSI tracking
Some future-looking game changers?
2
Moray Rumney Collecting Big Data
1st July 2013 3
Collection of wireless data – some big questions
1. What can be collected?
2. Where can it be collected?
3. Who can collect it?
4. Why do they want to collect it?
5. What level of transparency and consent should be required?
3
Moray Rumney Collecting Big Data
1st July 2013 4
1 What can be collected?
This is an easy question to answer.
Everything!
However, this covers a very large range of possibilities requiring
different levels of effort
Only the data that can be collected with reasonably low cost and
effort needs to be considered in the short to medium term
4
Moray Rumney Collecting Big Data
1st July 2013 5
2 Where can it be collected?
This is also an easy question to answer.
Everywhere!
Again, this covers a very large range of possibilities requiring
different levels of effort and so as with the “What” question only
the more probable cases need to be looked at
5
Moray Rumney Collecting Big Data
1st July 2013 6
3 Who can collect it?
Fortunately the answer to this question is not quite:
Anyone!
On the network side, access to data is typically limited to
operators and government agencies although there is concern
concern in the US and UK over potential vendor “back doors”
However, on the air interface (including wireless backhaul) the
physical signals cannot be hidden and so there exists a
theoretical possibility that anything carried over the air could be
monitored by anyone.
However, technical and cost constraints significantly limit what
can be monitored to a much smaller subset
6
Moray Rumney Collecting Big Data
1st July 2013 7
4 Why do they want to collect it?
This question has a wide range of answers so:
It depends
A possible list in order of altruism / legality could be:
1. National security
2. Network optimization
3. Business development and marketing (operator)
4. Business development and marketing (3rd party)
5. Commercial exploitation
6. Criminal activity
7. Espionage
7
Moray Rumney Collecting Big Data
1st July 2013 8
5 What level of transparency and consent should
be required?
This question also has a wide range of answers so:
It depends
At the national security end of the scale data gathering is
obviously covert and done without individual consent
For network operation/optimization it is unlikely individual
subscribers would have any issues for appropriate use
For business development or marketing carried out by the
operator, transparency and consent start to become issues
When this activity is carried out by a 3rd party with whom the
subscriber has no contract there is clearly public concern even
though using current technology, individuals are not identified
8
Moray Rumney Collecting Big Data
1st July 2013 9
Vulnerability
The ease with which location or other meta data and even
subscriber payload can be collected varies widely depending on
the technology
Older systems such as GSM have weaknesses which can be
exploited
Improvements in newer systems are welcome but the old
vulnerabilities remain and why attack a fortified 4G door if there
is an open 2G window next to it?
9
Moray Rumney Collecting Big Data
1st July 2013 10
Vulnerability by system
GSM – TDMA system so easy to correlate transmissions with
individual users, encryption has been cracked, authentication
issues
W-CDMA – CDMA harder to intercept than TDMA, adds network
authentication
LTE – TDMA system, backhaul not encrypted as standard, use
of various forms of MIMO increase difficulty of intercept
Wi-Fi – Very easy target for “Man in the middle” attack, VPN is
essential for any security
Bluetooth – Can be tracked but perhaps only 10% of users have
it enabled
10
Moray Rumney Collecting Big Data
1st July 2013
Types of identity and geo-location data collection
11
Covert
Overt
Legal Illegal
TMSI
tracking
Legal
interception
X-Interface
IMSI
catching
A-GPS
Now
Operator
tracking
Silent
SMS
Moray Rumney Collecting Big Data
1st July 2013 12
IMSI catcher
Classic “Man in the middle” attack exploits vulnerability in GSM
Back in the late 1980s base stations were big, high-tech,
expensive and owned by trusted operators
In the system design the BTS authenticates the MS
But no one though that the MS should authenticate the BTS
Nowadays a GSM cell can be emulate using something the size
of a USB dongle which can act as a femtocell
12
Moray Rumney Collecting Big Data
1st July 2013 13
Security risks beyond IMSI catching
IMSI catching is fairly basic. For a more in-depth view of what is
possible with more sophisticated methods see:
Hijacking mobile data connections
13
Moray Rumney Collecting Big Data
1st July 2013 14
Geo-location techniques
Many geo-location techniques exist with varying degrees of
sophistication and accuracy driven by a variety of use cases
including E911 requirements
• Cell ID
• Observed Time difference of arrival
• Assisted GPS
• Network-based algorithms
• 3rd party techniques (TMSI tracking)
14
Moray Rumney Collecting Big Data
1st July 2013 15
Location tracking using Temporary Mobile
Subscriber Identity (TMSI)
TMSI was designed as an alternative to the IMSI to prevent
identification or tracking subscribers and is allocated as part of
the authentication of the mobile by the network and is changed
periodically or when changing cell
Location update procedure occurrs in increments of 6 minutes
Four byte TMSI is used to address the mobile over the air
Algorithms for TMSI pre-calculation can be developed leading to
more exposure of individuals
Basic location accuracy comes from proximity to the receiver.
More sophisticated triangulation methods are possible.
Shopping malls are a common deployment area
15
Moray Rumney Collecting Big Data
1st July 2013 16
Window shopping from a plane
“The Centre” Livingston, Scotland
16
Moray Rumney Collecting Big Data
1st July 2013 17 17
Would this
message put
you off entering?
Moray Rumney Collecting Big Data
1st July 2013 18
Example of large-scale collection of geo-location
using TMSI tracking
Major public event at sports stadium
60,000 spectators
Seven 3rd party receivers with approx. 100m range around
stadium
40,000 detected TMSI
Post processing showed people movements and density,
journey times and routes which were valuable for future event
planning
Alternative methods such as face recognition are not so
effective
18
Moray Rumney Collecting Big Data
1st July 2013 19
The use of TMSI for paging is not always
guaranteed so personal tracking is possible:
http://nion.modprobe.de/blog/archives/705-E-Plus-GSM-privacyTMSI-allocation-leak.html
19
Moray Rumney Collecting Big Data
1st July 2013 20
Two future factors that may change the future of
data collection
LTE-D
Public concerns
20
Moray Rumney Collecting Big Data
1st July 2013 21
LTE proximity services and LTE-Direct (LTE-D)
A potentially revolutionary development in mobile comms is
taking place in 3GPP Release 12 with a study item into device
to device (D2D) communications.
In its first phase, LTE-D will focus on proximity services whereby
a UE equipped with a transmitter operating in the downlink band
will broadcast an “expression” of capability which provides e.g.
information about commercial services.
The target for this is UE in the local area not the eNB
Broadcasts of expressions are scheduled to avoid interference
Future developments could lead to direct UE to UE comms and
a whole new set of possibilities and issues
21
Moray Rumney Collecting Big Data
1st July 2013 22
Public concerns
We are in a twilight zone in the evolution of communications
where the realization of what is being collected will become
widely known which is going to lead to a backlash.
Future data collection and its uses will come under much closer
scrutiny with more opt in than opt out clauses.
International borders may complicate legislation.
Contractual agreements that provide mutual benefit should
succeed but on the back of this there will e many more
exploitative potential which could limit the success of the
genuine opportunities.
We don’t want to enable the “Internet of Thieves”
22
Moray Rumney Collecting Big Data
1st July 2013 23
Who provides your public Wi-Fi?
GCHQ?
23
Moray Rumney Collecting Big Data
1st July 2013
Thank you for listening!