CN117676554A - Safety acquisition method and device for concealing and acquiring 4G network user identification code - Google Patents
Safety acquisition method and device for concealing and acquiring 4G network user identification code Download PDFInfo
- Publication number
- CN117676554A CN117676554A CN202310373748.5A CN202310373748A CN117676554A CN 117676554 A CN117676554 A CN 117676554A CN 202310373748 A CN202310373748 A CN 202310373748A CN 117676554 A CN117676554 A CN 117676554A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- base station
- message
- downlink
- uplink
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 30
- 238000001514 detection method Methods 0.000 claims abstract description 22
- 230000001939 inductive effect Effects 0.000 claims abstract description 3
- 230000008569 process Effects 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 2
- 239000007924 injection Substances 0.000 claims description 2
- 238000010295 mobile communication Methods 0.000 abstract description 2
- 238000000605 extraction Methods 0.000 description 7
- 238000013468 resource allocation Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 239000000243 solution Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000873 masking effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000008054 signal transmission Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- CSRZQMIRAZTJOY-UHFFFAOYSA-N trimethylsilyl iodide Substances C[Si](C)(C)I CSRZQMIRAZTJOY-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a security acquisition method and a security acquisition device for concealing and acquiring a 4G network user identification code, which relate to the technical field of mobile communication security and comprise a signal receiving module, a signal transmitting module, a GPS module and a control module; the signal receiving module comprises an uplink detection component and a downlink detection component which are respectively used for receiving uplink and downlink messages of the target user terminal, and acquiring and sharing uplink and downlink control information of the target user by utilizing the unencrypted characteristic of the DCI message; the signal transmitting module is used for temporarily transmitting a control message to the target user terminal at a higher power than the base station at a specific moment according to the information provided by the receiving module, and inducing the target user terminal to actively report own international mobile subscriber identification code in the response message.
Description
Technical Field
The invention relates to the technical field of mobile communication security, in particular to a security acquisition method and device for concealing and acquiring a 4G network user identification code.
Background
4G is one of the most widely deployed and used cellular technologies. By encrypting the communication between the user terminal device and the base station, the 4G system can not only realize the communication, but also protect the security and privacy of the user. In a 4G network, a specific subscriber is usually represented by two digital identifiers, one is an International Mobile Subscriber Identity (IMSI), which consists of a Mobile Country Code (MCC), a Mobile Network Code (MNC) and a Mobile Subscriber Identity (MSIN), typically 15 digits, in binary code format, which is a globally unique identifier for the subscriber, stored on the SIM card of the subscriber and kept unchanged, already being a fingerprint identifier of a person; the other is a temporary mobile subscriber identity TMSI, temporarily assigned by the 4G system or temporarily generated by the user terminal equipment, which has a correspondence to the IMSI but may be constantly changed, and different from the user data, physical layer and MAC layer control messages in 4G are transmitted in unencrypted form, in which the international mobile subscriber identity of the user is replaced by the temporary mobile subscriber identity of the user for security reasons, to protect the privacy of the user. It is difficult for others, except the operator, to obtain the international mobile subscriber identity of the 4G network subscriber.
In specific scenes such as case detection, the collection of 4G network user information has become an important auxiliary method, and safety requirements such as the international mobile subscriber identification code of a user bypassing an operator to acquire the 4G network exist, so that a great deal of attack method research aiming at the 4G network system is promoted, and particularly, the safety and privacy of a wireless link between a base station and user terminal equipment are an active research field.
In general, attacks against 4G systems can be classified into active attacks, which typically rely on fake base stations to which the attacker terminal device is connected, and passive attacks, which also include more hidden attack techniques, such as message masking, which have recently emerged. Passive attacks are mainly implemented by means of specific sniffers, including passive downlink traffic sniffers (from base station to user terminal devices) built using software defined radio. The downlink sniffer can be used as a localization deployment tool to break the coding of phone calls and obtain traffic fingerprint information. Passive uplink and downlink sniffing have also been proposed for user identification and tracking in combination, but there is no practical implementation. Unlike downlink sniffing, uplink sniffing has so far been implemented using active techniques only and relies on false base stations.
The following drawbacks or problems remain in connection with the prior art: the existing attack method for acquiring the international mobile subscriber identity of the user terminal completely depends on a false base station, but the attack needs to enable the user terminal to be connected to the false base station, and an attacker needs to continuously transmit under high power, so that the attack is easily detected by a management department and operators of operators and causes corresponding precautionary measures to invalidate the attack.
Disclosure of Invention
The invention aims to solve the defects in the prior art, and provides a safe acquisition method and device for concealing and acquiring a 4G network user identification code.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a safety device for concealing and acquiring a 4G network user identification code comprises a signal receiving module, a signal transmitting module, a GPS module and a control module;
the signal receiving module comprises an uplink detection component and a downlink detection component which are respectively used for receiving uplink and downlink messages of the target user terminal, and acquiring and sharing uplink and downlink control information of the target user by utilizing the unencrypted characteristic of the DCI message;
the signal transmitting module is used for temporarily transmitting a control message to the target user terminal at a higher power than the base station at a specific moment according to the information provided by the receiving module, and inducing the target user terminal to actively report own international mobile subscriber identification code in the response message;
the GPS module mainly provides a time reference for other modules, ensures that a device and a base station can keep time synchronization with certain high precision, and ensures that a control message sent by the signal transmitting module meets the time sequence requirement of a 4G network protocol;
the control module controls the signal receiving module, the signal transmitting module and the GPS module to cooperatively work, and the acquired various information is stored locally according to different users for later retrieval and analysis according to the user RNTI.
Preferably, the downlink sounding components are capable of independently analyzing data on the downlink, the uplink sounding components are not capable of independent operation, and corresponding scheduling information needs to be provided by the downlink sounding components.
A security device for concealing and acquiring a 4G network user identification code is provided, and a security method for concealing and acquiring the 4G network user identification code is provided, which comprises the following steps:
s1, in a 4G network system, when a user terminal roams to an area covered by a base station, system information broadcast by the base station is received;
s2, when the user terminal tries to connect to the base station, firstly, random access preamble information is sent in the uplink, meanwhile, the uplink detection component receives the random access preamble information sent in the uplink by the user terminal, and the random access preamble information is shared to the downlink detection component after decoding;
s3, the user terminal waits for the base station to reply the random access response, and meanwhile, the downlink detection assembly also monitors the corresponding downlink control channel and waits for the random access response in a random access response window;
s4, after receiving the lead code, the base station allocates corresponding resources for the user terminal and sends random access response through the downlink,
s5, after receiving the random access response, the user terminal sends an RRC (radio resource control) link request according to the uplink resources allocated by the base station;
s6, the base station then sends an RRC link establishment message;
s7, the user terminal is connected to the network, and then the user terminal sends an RRC link establishment completion message which also contains an attachment request or a service request;
s8, the signal transmitting module attacks the user terminal, and the signal transmitting module uses the injected identity request message as a response to the service request or the attachment request;
s9, the user terminal responds to the identity request message by using the identity of the mobile user identification code, and the signal receiving module can receive and decode the message so as to acquire the international mobile user identification code of the user terminal;
s10, an authentication process is carried out between the user terminal and the base station;
s11, after the authentication process is successfully completed, the subsequent communication is carried out in an encryption mode;
preferably, in S4, the random access response includes a preamble identifying a specific user terminal, a newly allocated RNTI, time adjustment information, initial uplink scheduling information, and the random access response is transmitted in a plain text form, which is visible to the downlink probing component.
Preferably, in the step S7, during the attack period, the signal transmitting module sends the identity request message to the specific user terminal with a power 3dB higher than the base station according to the information accumulated by the signal receiving module under the scheduling of the control module, so as to cover other control messages normally sent by the base station, so that the user terminal only receives the message sent by the signal transmitting module in a very short attack time and responds to the message according to the protocol specification, and reports the own international mobile subscriber identity, thereby successfully completing the attack.
The beneficial effects of the invention are as follows:
the proposed device for extracting the permanent identifier of the user equipment is realized by using uplink and downlink joint detection and specific message injection conforming to the protocol specification of the 4G network system on the basis of the uplink and downlink joint detection, and the safety extraction device injects information into the 4G system, so that the information conforms to the protocol specification of the 4G system and can not be perceived by the base station, and the existing attack detection technology is difficult to detect.
Drawings
Fig. 1 is a diagram of an overall deployment architecture of a security acquisition method for covertly acquiring a 4G network subscriber identity.
Fig. 2 is a block diagram of a security acquisition device for concealing and acquiring a 4G network subscriber identity code according to the present invention.
Fig. 3 is a schematic diagram of an access procedure of a user terminal accessing a 4G network system according to the present invention.
Fig. 4 is an attack schematic diagram of a security acquisition device for concealing and acquiring a 4G network user identification code according to the present invention.
Reference numerals in the drawings: 101. a signal receiving module; 102. a signal transmitting module; 103. a GPS module; 104. and a control module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
Embodiment one:
as shown in fig. 2, a security acquisition device for concealing and acquiring a 4G network subscriber identity code is characterized by comprising a signal receiving module 101, a signal transmitting module 102, a GPS module 103 and a control module 104;
the signal receiving module 101 includes an uplink sounding component and a downlink sounding component, which are respectively configured to receive uplink and downlink messages of the target user terminal, and acquire and share uplink and downlink control information of the target user by using the unencrypted characteristic of the DCI message;
wherein the downlink sounding component can independently analyze data on the downlink, the uplink sounding component cannot independently operate, and the downlink sounding component needs to provide corresponding scheduling information.
It is worth mentioning that the way uplink and downlink probing components work in combination is possible due to the unencrypted DCI messages on the downlink control channel.
The signal transmitting module 102 is configured to temporarily send a control message to the target user terminal at a higher power than the base station at a specific moment according to the information provided by the receiving module, and induce the target user terminal to actively report its own international mobile subscriber identity in the response message;
the GPS module 103 mainly provides a time reference for other modules, so that a certain high-precision time synchronization between a device and a base station can be ensured, and a control message sent by the signal transmitting module is ensured to meet the time sequence requirement of a 4G network protocol;
the control module 104 controls the signal receiving module 101, the signal transmitting module 102 and the GPS module 103 to work cooperatively, and stores the acquired various information to the local according to different users for later retrieval analysis according to the user RNTI.
In the above technical solution, the signal receiving module 101 receives the radio frequency signals between the user terminal and the base station on the uplink and the downlink, records all the communications between the two, but does not attempt to break encryption, the secure acquisition device has a stable clock, and uses the GPS time reference to achieve time synchronization with the base station, because the base station also uses the GPS signal as the time reference, so that the drift between the clocks of the base station and the secure acquisition device can be ignored, and both can be considered to be time synchronized.
It should be noted that in a 4G system, control information and user data are carried over different physical channels, each physical channel uses predefined resource blocks according to specifications, user data is carried over physical layer shared channels, and control channels manage how users access and use shared channels, specific allocation information of resource blocks is defined in Downlink Control Information (DCI) which is transmitted by a base station to a user terminal through a downlink control channel, each DCI message is identified by a 16-bit RNTI digital address and specifies a receiver through the identification, DCI messages are unencrypted, and the protocol specifications of the 4G system are also disclosed, which provides a possibility for the passive probing-based attack method proposed herein.
DCI messages of different formats have different functions, specifically as follows:
the DCI format 0 message defines uplink resource allocation information, only user terminals receiving the corresponding resource allocation can transmit on the uplink shared channel, and modulates the transmission information according to coding parameters specified in the DCI format 0 message, and the DCI format 0 message is only used to specify how the user terminals use the uplink.
The DCI format 1 message defines downlink resource allocation information specifying which resource blocks the user terminal should decode and which parameters the user terminal should use to decode messages on the downlink shared channel carrying user data and other system information such as the configuration of the base station, etc.
As shown in fig. 1, the security acquisition device is placed between the ue and the 4G system base station, detects uplink and downlink wireless communication signals between the ue and the base station, and since the physical layer and part of the MAC layer messages are not encrypted, the acquisition device can decode the DCI message, acquire uplink and downlink channel allocation information for the ue and detect the access procedure between the ue and the base station, inject a specific message with higher power when appropriate, and modify uplink resource allocation of the target ue, and induce the ue to report its IMSI in the return message, thereby realizing the security acquisition of the international mobile subscriber identity of the target ue.
Embodiment two:
as shown in fig. 1 to fig. 4, a security acquisition device for concealing and acquiring a 4G network subscriber identity is provided, and a security acquisition method for concealing and acquiring a 4G network subscriber identity is provided, which comprises the following steps:
s1, in a 4G network system, when a user terminal roams to an area covered by a base station, system information broadcast by the base station is received;
s2, when the user terminal tries to connect to the base station, firstly, a random access preamble message is sent in an uplink, meanwhile, in a physical layer, an uplink detection component receives the random access preamble message sent in the uplink by the user terminal, and the random access preamble message is shared to a downlink detection component after decoding;
it should be noted that the preamble message includes a specific preamble and its RNTI;
s3, the user terminal waits for the base station to reply the random access response, and meanwhile, the downlink detection assembly also monitors the corresponding downlink control channel and waits for the random access response in a random access response window;
s4, after receiving the preamble, the base station allocates corresponding resources for the user terminal and sends a random access response through a downlink;
in the above technical solution, the random access response includes a preamble identifying a specific ue, a newly allocated RNTI, time adjustment information, and initial uplink scheduling information, and the random access response is transmitted in a plain text form and is visible to the downlink probing component, so after receiving these information, the subsequent downlink probing component can distinguish the DCI message sent to the specific ue according to the RNTI and decode it correctly.
(1) For newly connected users, if the DCI format 1 message is a DCI format 0 message, the subsequent downlink data can be correctly decoded and assembled to obtain an uplink message, and if the DCI format 0 message is a DCI format 0 message, uplink resources allocated by the base station to the user terminal are included, so that the DCI format 1 message is transmitted to the uplink sounding component, and the uplink sounding component decodes the received uplink data and assembles to obtain the uplink message.
(2) For connected users, the allocated RNTI is not exchanged with plain text, but is encoded into a CRC of the DCI message, which cannot be obtained directly, and a new method is required. For such connected user terminals, the downlink sounding component calculates an inverse OFDMA transform to receive the frequency signal and performs channel adjustment and frequency offset correction. The positions of all possible DCI messages are then traversed, the recorded RNTIs are found, and attempts are made to decode them with different RNTIs. Depending on the format of the decoded DCI message, the downlink sounding component may either use it to decode the downlink control message to obtain an upper layer message or share with the uplink sounding component for subsequent successful decoding of the uplink message.
In the listening process, the control module 104 will schedule the downlink and uplink receiving actions at the same time, and under normal conditions, the ue learns the timing of the physical layer message from the synchronization signal sent by the base station, and similarly, the extracting device implements synchronization with the base station by receiving the synchronization signal, because only the downlink detecting component can receive the message sent by the base station, the uplink and downlink detecting components of the security extracting device need to share the timing and the physical layer message number, otherwise, the uplink detecting component cannot receive the uplink physical layer message at the correct time, and for accurate synchronization, the detecting module needs to have the same time reference, which is implemented by the same GPS timing module.
For each physical layer message, the uplink and downlink probing components record the physical layer message index and the exact time it receives itself, and if the timestamps of the same physical layer message index do not match, the uplink probing module must discard its own time samples and adjust its reception time to achieve perfect synchronization of the uplink and downlink probing components.
Since the location where the security extraction device is placed is difficult to be consistent with the base station, the time when the uplink message sent by the user terminal arrives at the base station and arrives at the security extraction device is difficult to be completely consistent because of the difference of propagation delays, but the fine error does not affect the correct decoding of the message by the uplink sounding component, and meanwhile, since the security extraction device is a separate device, the security extraction device can also perform fine time correction.
S5, after receiving the random access response, the user terminal sends an RRC (radio resource control) link request according to the uplink resources allocated by the base station;
s6, the base station then sends an RRC link establishment message;
s7, the user terminal is connected to the network, and then the user terminal sends an RRC link establishment completion message which also contains an attachment request or a service request;
as shown in fig. 4, S8, the signal transmitting module 102 attacks the user terminal, and the signal transmitting module 102 uses the injected identity request message as a response to the service request or the attach request;
it is worth mentioning that the 4G system protocol allows the network core to obtain the IMSI number of the user terminal at any time by sending an identity request, e.g. it is specified in the 4G system protocol that before creating the security context (i.e. before S7 in fig. 3), the base station may send an identity request to the terminal device without any integrity protection to obtain the international mobile subscriber identity, and the attacker may inject an identity request message as a response to the service request or the attach request, since the security context is not set before the service request or the attach request.
S9, the user terminal responds to the identity request message by using the identity of the mobile user identification code, and the signal receiving module 101 can receive and decode the message so as to acquire the international mobile user identification code of the user terminal;
s10, an authentication process is carried out between the user terminal and the base station;
s11, after the authentication process is successfully completed, the subsequent communication is carried out in an encryption mode;
in the above technical solution, during the attack period, the signal transmitting module 102 will send an identity request message to a specific user terminal with a power 3dB higher than that of the base station according to the information accumulated by the signal receiving module 101 under the scheduling of the control module 104, so as to cover other control messages normally sent by the base station, so that the user terminal only receives the message sent by the signal transmitting module 101 in a very short attack time and responds to it according to the protocol specification, and reports its own international mobile subscriber identity, thereby successfully completing the attack.
It should be noted that, even if the legal base station continues the connection process, the signal transmitting system of the security extraction device will transmit the message with higher power, so as to cover the message of the legal base station, and when the attack happens, the timing and frequency of the message transmitted by the signal transmitting system are completely consistent with those of the message of the base station, but the power is 3dB higher, so that the original message can be replaced by the message of the signal transmitting system, and for the user terminal, the message of the signal transmitting system cannot be distinguished from the legal message.
For the base station, the signal transmission system may temporarily modify the uplink allocation for a specific user terminal during the attack through the DCI format 0 message, so that the base station cannot receive the identity response sent by the user terminal, and thus cannot perceive the existence of the attack.
From the perspective of the base station, the user terminal does not immediately start the authentication process for various possible reasons such as poor signal reception, accords with the specification of the 4G network system protocol, can immediately perform authentication after the attack is completed, and returns to the normal interaction process.
It should be noted that the attack using the identity request message is only a specific method for the security extraction device to obtain the international mobile subscriber identity of the user terminal, however, the attacker is not limited thereto, and may create other attack messages conforming to the 4G network protocol specification, so as to trigger the user terminal to transmit the international mobile subscriber identity in plaintext form, for example, to trigger service rejection when the identity of the user terminal cannot be obtained from the network, or to send a control message for obtaining the international mobile subscriber identity of the user.
Masking analysis of the attack of this embodiment:
the security acquisition method for the hidden acquisition of the 4G network user identification code only needs an attacker to carry out a very small number of transmissions, and the power is only slightly higher than that of a legal base station;
the identity request message exchange procedure initiated by the signal transmission module appears normal to the ue, since the core network can start the ue identification procedure at any time according to the 4G network protocol specification, even after it receives an attach request or a service request, so from the ue's protocol level our attack will not raise any alarm nor any problem is noticed by the base station, since the uplink resource allocation of a specific ue is temporarily modified during the attack;
from the base station's point of view, the connection with the user terminal is simply stopped, which may be for a number of reasons, such as poor reception due to weak signals arriving at the user terminal, etc.
Whereas the current detection mechanisms for the international mobile subscriber identity capturer work mainly by detecting pseudo base stations, these mechanisms work either by comparing the open source position of the base station with the measurement reports of the user or special detection equipment, or by detecting anomalies in the behaviour of the base station observed by the user terminal, these techniques do not work in case of our attacks, since the user terminal is connected to a real base station, and therefore the behaviour and position of the proposed device is legal for the user terminal.
Thus, at least with respect to the currently proposed attack detection techniques, our attack is hidden.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should make equivalent substitutions or modifications according to the technical scheme of the present invention and the inventive concept thereof, and should be covered by the scope of the present invention.
Claims (5)
1. The safety acquisition device for concealing and acquiring the 4G network user identification code is characterized by comprising a signal receiving module (101), a signal transmitting module (102), a GPS module (103) and a control module (104);
the signal receiving module (101) comprises an uplink detection component and a downlink detection component which are respectively used for receiving uplink and downlink messages of the target user terminal, and acquiring and sharing uplink and downlink control information of the target user by utilizing the unencrypted characteristic of the DCI message;
the signal transmitting module (102) is used for temporarily transmitting a control message to the target user terminal at a higher power than the base station at a specific moment according to the information provided by the receiving module, and inducing the target user terminal to actively report own international mobile subscriber identification code in the response message;
the GPS module (103) mainly provides a time reference for other modules, ensures that a device and a base station can keep time synchronization with certain high precision, and ensures that a control message sent by a signal transmitting module meets the time sequence requirement of a 4G network protocol;
the control module (104) controls the signal receiving module (101), the signal transmitting module (102) and the GPS module (103) to work cooperatively, and stores the acquired various information to the local according to different users for later retrieval and analysis according to the user RNTI.
2. The security acquisition device for covertly acquiring a subscriber identity of a 4G network of claim 1, wherein the downlink probing assembly is capable of independently analyzing data on the downlink, the uplink probing assembly is not capable of independently operating, and the downlink probing assembly is required to provide corresponding scheduling information.
3. The security acquisition device for covertly acquiring the 4G network subscriber identity according to claim 1, which is a security acquisition method for covertly acquiring the 4G network subscriber identity, comprising the following steps:
s1, in a 4G network system, when a user terminal roams to an area covered by a base station, system information broadcast by the base station is received;
s2, when the user terminal tries to connect to the base station, firstly, random access preamble information is sent in the uplink, meanwhile, the uplink detection component receives the random access preamble information sent in the uplink by the user terminal, and the random access preamble information is shared to the downlink detection component after decoding;
s3, the user terminal waits for the base station to reply the random access response, and meanwhile, the downlink detection assembly also monitors the corresponding downlink control channel and waits for the random access response in a random access response window;
s4, after receiving the lead code, the base station allocates corresponding resources for the user terminal and sends random access response through the downlink,
s5, after receiving the random access response, the user terminal sends an RRC (radio resource control) link request according to the uplink resources allocated by the base station;
s6, the base station then sends an RRC link establishment message;
s7, the user terminal is connected to the network, and then the user terminal sends an RRC link establishment completion message which also contains an attachment request or a service request;
s8, the signal transmitting module (102) attacks the user terminal, and the signal transmitting module (102) uses the injection identity request message as a response to the service request or the attachment request;
s9, the user terminal responds to the identity request message by using the identity of the mobile user identification code, and the signal receiving module (101) can receive and decode the message so as to acquire the international mobile user identification code of the user terminal;
s10, an authentication process is carried out between the user terminal and the base station;
s11, after the authentication process is successfully completed, the subsequent communication is carried out in an encryption mode.
4. A method for securely obtaining a 4G network subscriber identity according to claim 3, wherein in S4 the random access response comprises a preamble identifying a specific subscriber terminal, a newly allocated RNTI, time adjustment information, initial uplink scheduling information, and the random access response is transmitted in plain text form, visible to the downlink probing component.
5. A method for obtaining the security of the 4G network subscriber identity according to claim 3, wherein in S7, during the attack, the signal transmitting module (102) will send the identity request message to the specific subscriber terminal with a power 3dB higher than the base station according to the information accumulated by the signal receiving module (101) under the schedule of the control module (104), thereby covering the other control messages normally sent by the base station, so that the subscriber terminal only receives the message sent by the signal transmitting module (101) and responds to it according to the protocol specification in a very short attack time, and reports the own international mobile subscriber identity, thereby successfully completing the attack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310373748.5A CN117676554A (en) | 2023-04-10 | 2023-04-10 | Safety acquisition method and device for concealing and acquiring 4G network user identification code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310373748.5A CN117676554A (en) | 2023-04-10 | 2023-04-10 | Safety acquisition method and device for concealing and acquiring 4G network user identification code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117676554A true CN117676554A (en) | 2024-03-08 |
Family
ID=90085163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310373748.5A Pending CN117676554A (en) | 2023-04-10 | 2023-04-10 | Safety acquisition method and device for concealing and acquiring 4G network user identification code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117676554A (en) |
-
2023
- 2023-04-10 CN CN202310373748.5A patent/CN117676554A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7729693B2 (en) | Method of controlling and analyzing communications in a telephone network | |
| EP0848567B1 (en) | Cellular mobile radio network discovery method and apparatus therefor | |
| EP2661113A1 (en) | Systems and methods for identifying rogue base stations | |
| EP1995985B1 (en) | Method, measuring system, base station, network element and measuring device | |
| EP1982430B1 (en) | Methods of determining the direction of arrival of a locator signal of a mobile device | |
| US20150312766A1 (en) | System and method for enforcing communication policies | |
| US11115815B2 (en) | Radio frequency (RF) emitter detector | |
| JP6081377B2 (en) | System and method for measuring the position of a cellular communication device | |
| Kotuliak et al. | {LTrack}: Stealthy tracking of mobile phones in {LTE} | |
| US10820206B2 (en) | Method and fake base station for detecting subscriber identity | |
| CN103200645B (en) | A kind of gsm system communication control and specific user's communication support system and method | |
| EP1514444B1 (en) | Wireless communication system, apparatus and method | |
| CN109219049B (en) | Pseudo base station identification method, pseudo base station identification device and computer readable storage medium | |
| Abodunrin et al. | Some dangers from 2g networks legacy support and a possible mitigation | |
| WO2007088344A1 (en) | Acquiring identity parameter | |
| CN117676554A (en) | Safety acquisition method and device for concealing and acquiring 4G network user identification code | |
| US11405787B2 (en) | Physical signal overshadowing attack method for LTE broadcast message and the system thereof | |
| CN110995704A (en) | Hidden DoS attack method and system based on brute force cracking | |
| WO2017013127A1 (en) | Method for detecting remote access of a universal integrated circuit card (uicc) | |
| CN106937286B (en) | A kind of user access authentication method and device | |
| CN105916128B (en) | The synchronous method of short message and/or incoming information, synchronization system and server | |
| Wu et al. | Reconnaissance and Experiment on 5G-SA Communication Terminal Capability and Identity Information | |
| EP4297460A1 (en) | Method and apparatus for identity collection | |
| CN112567780A (en) | Pseudo base station identification method and device | |
| Sørseth | Location disclosure in lte networks by using imsi catcher |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |