Introduction of GPRS
GPRS which also means (General Packet Radio Service) is a data network architecture that is designed to integrate with existing GSM networks and offer mobile subscribers the “always on” packet switched data services access to corporate networks and the Internet. GPRS provides mobile operators with an opportunity to offer higher-margin data access services to subscribers. Some examples of GPRS threats are identity confidentiality, identity authentication and also confidentiality of both the user data and signaling between the mobile and the GPRS serving node.
Security Features
Identity confidentiality means that it provides privacy to the subscriber so that it will be difficulty to identify the person from their signal over the radio and connections to the SGSN. Identity authentication means it will be performed within the SGSN. Pairs of Random Numbers and Signed responses (RAND & SRES) are obtained from the HLR/AUC and stored within the SGSN.
Threats
Some example of threats GPRS faces are GPRS encryption is limited to the radio access network and also the firewalls are inadequate against attacks that originate from malicious mobile subscribers, network operator personnel and also any other third party that gets access to the GPRS backbone.
Solutions
Example of the GPRS solutions includes stateful packet inspection which means that it uses a security policy that only allows the MS to initiate connections to the public network and implement stateful packet filtering so that the MS never sees traffic that is initiated from the public network. Ingress and egress packet filtering whereby it helps to prevent the possibility of spoofed MS to MS data by blocking incoming traffic with the source addresses which are the same as those assigned to an MS for public network access.
http://netscreen.com/solutions/literature/white_papers/200074.pdf
http://critis06.lcc.uma.es/files/Vulnerabilities%20and%20Possible%20Attacks%20against%20the%20GPRS%20Backbone%20Network.pdf
Hi Nisha, the content of the post is relevant and well explained. Though the font is a bit small, it is clearly labelled. There is clear paragraphing and it is clear. Short terms used like RAND and SRES can be further explained into details to elaborate on the terms used. The introduction into GPRS is good as it gives tells the users a brief explanation of what GPRS is about. More visuals can be added in to give a better understanding on what is written. The links posted can also be hyperlinked to the website instead of having it hardcoded that users are unable to visit the site.
ReplyDelete