Cases of familiar GSM/SIP convergence have been described in Net and, in particular, in Habrahabr dozens of times.This article is about some other things.
Tottoli GSM happened to participate in a project aimed to deploy a local GSM network on the territory of a company office, having an entry to public network connected to existing office PBX.
Project task:
Maximize the risk of data leak in GSM network.
The whole architecture has been fit into one piece of OsmoBTS - UmDESK (MSC / HLR / VLR / AuC / SMSC). This project is very flexible, it allows anyone to deploy their own applications and create new services. Well, quite important is the price as well. The software and hardware stack is described in open source, so there's no point in retelling the essence.
In our configuration, the following was obtained:
Radio interface
The frequencies usage legitimacy issue is fully shouldered by a customer, and the responsibility also lies on his side. Nevertheless, in order not to attract too much attention, the radio-frequency spectrum was scanned for free frequencies and busy ARFCN channels were determined.
The scanning resulted the selection of two free channels.
OsmoBTS was configured to fully attenuate the signal behind the walls of the organization and support sufficient signal level within the allowed area.
Subscribers' part
All employees received SIM-cards with pre-installed profiles (IMSI / KI / MSISDN) and specially developed applets. Authentication triplets were put in the HLR white list/ UmDESK. The HLR was configured to allow any SIM to register in local network, yet only white listed SIMs were allowed to make calls.This gave us an opportunity to track "guest" handsets on the network level, using it as an IMSI-catcher. An image of local network was loaded into a SIM card, allowing the SIM connect only to the local network. This was achieved by storing of network parameters into SIM card PLMN area using a special applet. This was achieved by storing of network parameters into SIM card PLMN area using a special applet. Thus, an employee has been automatically passed to the network as soon as he reached the local network coverage area to it without the possibility of switching to another network (for example, a similar virtual BTS "active interception complex").
SIP PBX
To organize OsmoBTS and hardware interaction the libusrp library is used. Then, using oSIP and oRTP libraries the OsmoBTS creates SIP-calls, which, in turn, are sent to the Asterisk PBX. Client’s side has billing and additional services.
Here are a few criteria set by a customer:
- Employees must be mobile and have access to special services at any time.
- Employees can use their regular mobile devices
- All services should be available despite the OS used.
- Data traffic should be available to Security Department for analysis.
- All internal communications shouldn't get to host-operators' equipment.
- It is necessary to minimize the threat of traffic interception by the air.
- Guest subscriber can't use the host operator services staying in the network.
- Guest subscriber has manageable opportunity to make calls in local network.
- Unite offices located in different countries into a single network.
But the appetite comes with eating. The customer suggested following additional tasks:
- Employees need to have an option to use the SIM outside the local network.
- Employees need to have all services available outside the local network.
- In public networks it is required to change authentication parameters (IMEI/IMSI).
- The ability to share confidential information with instant messages in an encrypted form.
- Employees' mobile devices must know how to detect false BTS outside the local network.
- Employees' mobile devices must detect attacks of active interception systems.
- All traffic (GSM/SMS/DATA/USSD) should be available to the company's Security Department for analysis outside the local network.
- All Internet traffic, both inside the local network and outside the local network, must pass through the APN of the customer and be analyzed using DPI.
If this project provokes interest, we will prepare an article with illustrations and notes in our Tottoli GSM blog.