Open Source GSM Network At Dutch Hacker Convention

solevita writes "Harald Welte, who's been interviewed previously by Slashdot, has written on his blog about operating an Open Source GSM network at the recent HAR2009 conference. Photographs and a description of the setup, run under license of the Dutch regulatory authority, are provided; essentially the setup consisted of a pair of BTS' (Base Transceiver Stations) running at 100mW transmit power each and tied to a tree. In turn these provided access to the Base Station Controller (BSC), in this case a Linux server in a tent running OpenBSC. The system authenticated users with a token sent via SMS; in total 391 users subscribed to the service and were able to use their phones as if they were on any other network. Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future."

Re:What are the costs?

[MBCook]

I'm not surprised that little walkie-talkies might not work over long distances. FRS radios (which may not be legal for commercial purposes) are limited to 1/2 watt.

Amateur Radio would certainly work, with handhelds easily available that do 5W (such as the Yaesu VX-7R) or you could get models designed for cars that do much more.

The only problem with ham radio is you aren't allowed to use it for business purposes, so for anything other than chatting between farm hands you couldn't use it.

The only real problem I've seen with little radios like the VX-7R tend to be that the interfaces are horrible. They come from the "here is 20 buttons and 3 function keys, plus holding means something" school of interface design. I don't know if there are any with better interfaces.

Ooh! I know what you need. GMRS radios can be up to 50 watts and used for commercial purposes (I'm pretty sure). You need a license, but there is no test, just a fee (according to Wikipedia).

Re:What are the costs?

[bushing]

Can someone put a figure on the cost of equipment involved? This would be very useful for folks on large farms where radio (read Walkie-talkies) do not cut it.

The setup seems to be:

• two BTS with two TRX each - Each BTS is a surplus Siemens BS-11, which they are selling for 300 Euro. (I almost bought one at 25C3, until I realized they were almost 46 Kg each)
• two antennas -- included in the purchase price of the BS11
• E1-to-PCI interface card - 350 EUR

So, I'd call that about 1000 EUR, not including the Linux PC driving the whole setup.

Re:What are the costs?

[DarthBart]

Yes, my father and I ran a GMRS radio system with a phone patch many many years ago. The primary customer was my uncle with his well drilling & service company, along with a few realtors.

There was a 50 watt repeater on the top of a hill, running on the 450Mhz band.

Re:what it means

[rwwyatt]

I am going to speak in regards to GSM and UMTS networks as I know the protocol

There are security messages in Wireless Networks. There is Authentication and Ciphering in GSM/GPRS/EDGE/WCDMA/HSPA/HSPA+. In addition, there is integrity protection of signalling messages in WCDMA/HSPA,HSPA+ networks. There are a few messages which can not be ciphered/integrity protected for obvious reasons such as the initial Location Update Request/Attach Request. Yes, certain authentication algorithms have been compromised GSM A5/2. It has been superceeded by A5/3.

It is true that malware has made it onto cellular devices (Blackberry in UAE and Symbian come to mind). It is almost impossible for someone to remotely access the phone without such software existing on the device for voice frames.

Yes, the redirecting of packets/frames is a legal requirement in many jurisdictions. It usually has to be accompanied with a warrant from a relevant law enforcement agency otherwise the specific phone company employee faces criminal charges. The usual redirection is done in the MSC or SGSN and I have never seen a case where it was done at the basestation.

Re:GSM? Future? WTF?

[Grieviant]

I suggest you educate yourself before criticising a technology that has served the world (as well as the U.S.) for a good several decades.

UMTS, a 3G technology, uses GSM's Mobile Access Part (MAP) and voice codecs. It's basically GSM with a new air interface. Handsets using UMTS can also use 'old' GSM when there's no 3G coverage.

Actually, you should educate yourself beyond skimming Wiki articles.

GSM has been around only since the early 90s (less than 2 decades).

Saying UMTS is "basically GMTS with a new air interface" is completely misleading. GSM is an FDMA / TDMA hybrid, meaning the channels are allocated across frequency but each channel can support multiple time-multiplexed voice streams. UMTS is most commonly CDMA direct sequence spread spectrym, which is an entirely different multiple access method than FDMA / TDMA. All users communicate over the entire spectrum simultaneously, where a unique spreading code provides interference mitigation (processing gain) at the receiver. In addition to different access methods, GSM and UMTS also use different modulation methods (GSM is a spectrally efficient MSK, UMTS is QPSK I believe.

In short, they are entirely different from a telecom standpoint. Multi-mode phones can support both standards only because the RF frequencies are sufficiently close and they have completely separate processing algorithms for each built-in, not because there's a wealth of technical similarities between the two standards. Adoption of the same voice codec is a trivial similarity.