Hi folks. Ed and in this video I want to talk to you a little bit about base station spoofing and mobility. And another way it's sometimes referred to is called IMSI catching, where IMSI stands for Individual Mobile Subscriber ID. Let me tell you a little bit about how this whole thing works. So, in early generations of mobility, the original concept was that your handset would connect to tower and who cared about authentication. It was amazing that you could actually make the thing work. Now, in second generation networking we did come to the conclusion we need something a little better. We came up with some algorithms that would actually in some sense connect the handset like make certain the handset is authenticated by the tower. But we didn't do the reverse like the idea that the handset should authenticate the tower seemed dumb, because there wasn't that much infrastructure out there. And you were lucky to find a tower, much less have to worry about authenticating to it. Now there was also a principle that was originating in first generation has lasted forever and it's always been that a handset will try to attach to the strongest signal, whatever's closest. So we knew kind of in the context of 2G mobile networking that we might have a little bit of a problem. If the hands set is really not bothering to authenticate the tower that if there was another smaller, littler tower nearby that somebody put there that maybe you would attach to it. And you started to see people building not nefarious or malicious things around this but very friendly things. Like for a festival you could set up a base station tower that would give people better connectivity in the area and their phones would just attach naturally to this 2G tower. But people figured out quickly that that base station could also be used for nefarious purposes for hacking for listening. So in 3G the idea and again this sort of follows a progression I'm assuming for the most part the global standards, the GSM standards, GSM, the UMTS, the LTE. There are other standards here in the United States, Verizon, are slightly different path but all eventually getting to LTE and beyond. And everybody sort of converges on the same standards, but I'm talking mostly about the more popular global protocols here. But with the 3G networking, UMTS, the idea was, well let's make sure that the handset is doing authentication to the tower, [LAUGH] Okay, so that made sense. If you had a fake tower, then the handset wouldn't want to connect to it even if the signal was stronger. But here's the problem, the problem is that as you roll out mobility infrastructure, focus for the most part on coverage making sure people have good coverage. You have to have a capability and you certainly had to have a capability between 2G and 3G called fall back. And what that means is if my handset is able to do 3G to a 3G tower that's great, but if there's no 3G tower because they just haven't built one in that region yet. I only have 2G Towers then I want the handset to be able to do that as well. So wherever I get the best coverage I connect to it. So even in the context of improved authentication in 3G, you had the support to fall back to the less secure case. Isn't that interesting so even though you fixed in one generation, you had the problem in the previous generation simply because you couldn't just walk away from that. It's a good example of how successive generations inherit the sins of previous designers. Now, look 4G, nice, tight, strong, bidirectional authentication. Certainly the case in 5G and as 2G sort of retires off, this is less of an issue. But I love this as a case study in how one generation of security inherits the problems that may have been introduced in a previous case. Now, as sort of an additional consideration to test, can you think of cases where it would be acceptable to set up a small tower? Say, in an office environment where it's okay, you want people to be connecting to the small tower and they shouldn't even know about it. I mean obviously in your mind you're going to jump to what provides better coverage. But does it also violate privacy, like when would that be acceptable, is it acceptable in a business? Would it be acceptable at a shopping mall? Would it be acceptable at Starbucks? WiFi in some sense place that role to some degree. You're on 5G, you're talking, you're walking to get a cup of coffee, next thing you know you're on WiFi. Is that acceptable, do you want that to be seamless? Do you worry about security and privacy in that consideration? There are no answers to that, it's your opinion. And it's the kinds of things that societies have to decide are considered acceptable or unacceptable. So I hope you'll take that into mind. And I hope you've enjoyed this little introduction to baystation security. I'll see you in the next one.
