A STATISTICAL ANALYSIS AND ASSESSMENT OF THE IMSI-CATCHING THREAT AGAINST MOBILE SECURITY STANDARDS

International mobile subscriber identity (IMSI) catching is a man-in-the-middle attack that utilizes rogue base stations to intercept the IMSIs of mobile users. Attackers can use software-defined radios (SDR) and open source software to create rogue base stations that geolocate or execute other malicious attacks against their targets. Prior work proves that attackers are not limited to targeting either old or new cellular devices since current devices are interoperable with older mobile networks, including GSM. The goal of this thesis is to determine if cellular devices are susceptible to target profiling based on the model or manufacturer of the device. If devices can be profiled, then can attackers improve rogue base stations to capture devices faster? To answer this, we created an enclosed test network using SDRs and OpenBTS to mimic GSM base stations. We strived to eliminate the factors that devices use to select base stations. We then presented an IMSI-catching program that can configure base stations, capture IMSIs, and log base station selection data for analysis. Finally, we conducted a set of experiments to assess if cellular devices have connection preferences that can be profiled. The results of the experiments suggest that we were not able to successfully eliminate some decision-making factors. However, more rounds and an examination of the factors that could have affected the outcome are required to make any conclusions on the selections that were exhibited.
Lieutenant, United States Navy
Approved for public release. distribution is unlimited