Abstract
Critical for identification of the potential sources of evidence in every network forensics investigation is the definition of the system architecture. The mobile network architecture has two main definitions, one concerning the network deployments before the 3GPP consolidated the mobile standardization, and one for the 3GPP networks onwards. Forensic investigators need to know both of them; the real-world network deployments include elements from different generations, so the uncovering of mobile network evidence requires knowledge of how every generation operates in practice. This chapter provides a detailed overview of the pre-3GPP network architecture, defining the critical elements for recognizing, acquiring, analyzing, and interpreting potential mobile network evidence.
TopIntroduction
This chapter introduces the basic elements and protocols from the pre-3GPP networks. The Global System for Mobile (GSM) as the de-facto second generation (2G) standard is described in terms of the reference network architecture, user and network identifiers, wireless radio interface, security aspects, and protocols supporting mobile telephony delivery. The enhancement introduced for GSM to support packet data in form of a 2.5G evolution with the General Packet Radio Service (GPRS) and 2.75G with Enhanced Data rates for Global Evolution (EDGE) are also described. The resulting architecture provides useful insights into the mobile network operations that retained to a great extent in the later 3GPP generations. Both GSM and GPRS/EDGE are of significant forensics importance because they layout the fundamental principles of mobile service operations.
Key Terms in this Chapter
PDP: Packet data protocol.
UMTS: Universal mobile telecommunication system.
TID: Tunnel identifier.
2.5G: Enhancement of the GSM architecture to handle packet data traffic. Introduction of the general packet radio service (GPRS).
Cc: Country code.
TBF: Temporary block flow.
LAI: Location area identity.
MGW: Media gateway.
RR: Radio resource.
PBCCH: Packet broadcast control channel.
RAI: Routing area identity.
Clip: Calling line identification presentation.
SM: Session management.
ARFCN: Absolute radio frequency channel numbers.
MSISDN: Mobile subscriber ISDN number.
FAC: Final assembly code.
SDH: Synchronous data hierarchy.
FACCH: Fast associated control channel.
SS#7: Signaling system no. 7.
CAP: CMAMEL application part.
4G: 4 th generation of mobile networks. The 4G technologies are long term evolution (LTE) and the advanced version, LTE-advanced. Colloquially, the terms LTE/LTE-A are used as a synonym for 4G as they are the only global standard for mobile communication from the fourth generation.
APN: Access point name.
IMEI: International mobile equipment identity.
IN: Intelligent network subsystem.
C1: Cell selection algorithm 1.
A3: Algorithm 3; used for authentication with a secret key Ki.
Map: Mobile application part.
RACH: Random access channel.
RXLEV: Received signal level.
TLLI: Temporal logical link identity.
SCH: Synchronization channel.
RAN: Radio access network.
A8: Algorithm 8; used for Kc derivation with a secret key Ki.
Ba: BCCH allocation list.
GMSK: Gaussian mean shift keying.
RF: Radio frequency.
SVN: Software version number.
NSS: Network subsystem.
LMSI: Local mobile subscriber identity.
PAGCH: Packet access grant control channel.
SCTP: Streaming control transmission protocol.
GSM: Global system for mobile communication.
BSIC: Base station identity code.
MSC: Mobile switching center.
UDP: User datagram protocol.
ISO/IEC: International Standardization Organization/International Electrotechnical Commission.
BSSMAP: BSS mobile application part.
SM-TP: Short message transport protocol.
ISI: Inter symbol interference.
SMS: Short message service.
OSS: Operator specific services.
GPRS: General packet radio service.
MNC: Mobile network code.
ISDN: Integrated services digital network.
MM: Mobility management.
CLIR: Calling line identification restriction.
MCC: Mobile country code.
IP: Internet protocol.
BTS: Base station transceiver.
MTP: Message transfer part. It has 3 layers referred to as MTP-1, MTP-2, and MTP-3, respectively.
TCH: Traffic channel.
PLMN: Public land mobile networks.
GSN: GPRS supporting node.
HLR: Home location register.
ISUP: ISDN user part.
DTAP: Direct transfer application part.
P-TMSI: Packet temporary mobile subscriber identity.
PPCH: Packet paging channel.
C2: Cell selection algorithm 2.
PDTCH: Packet data transfer channel.
TAC: Type approval code.
PTCCH: Packet timing advanced control channel.
RAC: Routing area code.
USF: Uplink state flag.
AGCH: Access granting channel.
LAPD: Link adaptation protocol D.
SDCCH: Standalone dedicated control channel.
USSD: Unstructured supplementary service data.
BTSM: BTS management.
BSS: Base station subsystem.
2G: 2 nd generation of mobile networks. The most dominant technology is the global system for mobility (GSM).
BSC: Base station controllers.
ITU: International Telecommunication Union.
2.75G: Further enhancement of the GPRS in the radio segment with the enhanced data rates for global evolution (EDGE) network update.
PCU: Packet control unit.
8PSK: 8-symbol phase shift keying.
WWW: Worldwide web.
HPLMN: Home public land mobile network.
3GPP: 3 rd generation partnership project.
EDGE: Enhanced data rates for global evolution.
MSN: Mobile subscriber number.
CGI: Cell global identification.
MSIN: Mobile subscriber identification number.
SRES: Signature response.
BSSAP+: Enhanced BSSAP.
TMSI: Temporal mobile subscriber identity.
NSAPI: Network service access point identifier.
IMESV: IMEI software version.
TDMA: Time division multiple access.
M3UA: MTP-3 user adaptation layer.
MS: Mobile station.
SNDCP: Subnetwork dependent convergence protocol.
BCCH: Broadcast common control channel.
BICC: Bearer independent call control.
BSSGP: BSS GRPS protocol.
PACCH: Packet associated control channel.
DNS: Domain name system.
MSRN: Mobile subscriber routing number.
VLR: Visitor location register.
QAM: Quadrature amplitude modulation.
VOIP: Voice-over-IP.
NCC: Network color code.
NDC: National destination code.
SMSC: SMS center.
SIGTRAN: Signaling transport of SS7 over IP.
AuC: Authentication center.
A5: Algorithm 5; used for ciphering with a ciphering key Kc. There are four versions referred to as A5/1-A5/4, respectively.
UL: Uplink.
3G: 3 rd generation of mobile networks. The most dominant technology is universal mobile telecommunication system (UMTS)
RLC: Radio link control.
FDMA: Frequency division multiple access.
SPC: Signaling point codes.
GSMA: GSM association.
LAPDm: Link adaptation protocol D for the Um interface.
Bcc: BTS color code.
SGSN: Serving GPRS supporting node.
TCP: Transmission control protocol.
RAND: Random number.
FCCH: Frequency correction channel.
LAC: Location area code.
PRACH: Packet random access control channel.
TCAP: Transaction capabilities protocol.
CM: Call management.
LA: Location area.
PHY: Physical layer.
Ki: Secret key used for derivation of the Kc ciphering key used between the MS and the BTS for data confidentiality protection.
VPLMN: Visited public land mobile networks.
MAC: Medium access control.
LLC: Logical link control.
CI: Cell identity.
PCH: Paging channel.
SACCH: Slow associated control channel.
SCCP: Signaling connection control part.
FDD: Frequency division duplex.
MSCS: MSC server.
OSI: Open system for interconnection.
GGSN: Gateway GPRS supporting node.
CAMEL: Customized applications for mobile network enhanced logic.
GMM: GPRS mobility management.
EIR: Equipment identity register.
GTP-U: GPRS tunneling protocol-user.
GTP-C: GPRS tunneling protocol-control.
RXQUAL: Received signal quality level.
PDCH: Packet data channels.
QoS: Quality-of-service.
DL: Downlink.