Analysis of false Communication Base Station Information Interception

Analysis of false Communication Base Station Information Interception

0 × 01 current network simulation base station usage and impact analysis

With the development of mobile communication technology, base stations of various mobile communication systems are more and more established, which may cause mutual interference, resulting in a decline in link quality and a decrease in system capacity. A total of 58 networks, 55 switches, 1500 base stations and 165000 user terminals have been built and run in China. The most serious and harmful impact on wireless networks is the simulation base station system.

The simulation base station system simulates the mobile communication wireless base station system and background analysis system, and uses the mobile network system network number (MNC), frequency resources, and so on to disguise as the adjacent area of the mobile base station, A simulated mobile base station is set at the information retrieval point. High-power wireless signal transmission is used to force the user terminal (mobile phone) to register the signal of the simulated base station. The user information is obtained through background analysis, such as IMSI, IMEI, and mobile phone number. This system is a monitoring instrument developed by relevant departments for security reasons. Because the frequency used overlaps with the public mobile network frequency, it may cause harmful interference to the mobile communication system, and thus the user cannot use the mobile network service normally. In addition, the Digital cluster system is mostly used by powerful departments (such as public security and fire fighting). The consequences of faults are much more serious than those of other mobile communication systems.

Interference computing Analysis

In wireless network design, the interference determination calculation and analysis method is often used because of its simple method and convenient use. The interference determination calculation and analysis method is used to analyze a specific interference scenario to generate a spectral relationship between the interference transmitter and the receiver, calculate the following evaluation equation for the four different frequency ranges of the affected receiver:

 Ptx(f)-MCL(f)≤Lext(f)　（1） 

Among them, f is the frequency of consideration; Ptx (f) is the transmit power of the transmitter generating interference on frequency f; MCL (f) it is the isolation between the transmitter and the receiver on the frequency f, and the Lext is the maximum interference level acceptable to the receiver on the frequency f.

Generally, the four frequency ranges are as follows: a) the receiver's working channel. In most cases, it corresponds to the out-of-band stray radiation of the transmitter. B) The first adjacent channel of the receiver's working channel, which corresponds to the useful signal emission or out-of-band radiation of the transmitter. C) The receiver shall focus on the out-of-band radiation, adjacent frequency leakage or stray radiation of the transmitter. D) In addition to the receiver's receiver band, the transmitter carrier frequency is considered as the maximum transmit power of the transmitter.

Main features of simulation base stations

After field testing and simulation, the simulation base station has the following features:

1. The network is unclear when the user occupies the signal of the simulation base station. 2. Because the coverage of the simulation base station is extremely limited, after the user occupies the signal of the simulation base station, it will occupy the normal network at any time after a certain period of time. 3. The user must perform a location update to return the signal from the simulation base station to the normal network; 4. The LAC of the signal of the simulation base station must be reported when the location is updated;

In principle, the signal of the base station is different from that of the normal network. (generally, the signal of the base station is 0, 65534, or 65535)

Calculate the update frequency of the location of the abnormal LAC and the CI to be updated to the normal network to determine the approximate location of the simulation base station.

Simulation base station peripheral interference Solution

1. Avoid switching to the simulation base station: Modify the PLMN and NCC of the base station. For example, if the NCC of a simulation base station is 7, change PLMN to, and 6, and change the NCC of the surrounding base station to 0 ~ 6. Modify the adjacent area;

2. Avoid reselection to the simulation base station: for the simulation base station frequency. Modify the frequency of the base station around it (modify the frequency of the base station containing 91,84, 83,79) and modify the adjacent area accordingly.

0 × 02 positioning and Research on Simulation Base Station Based on Road Test Data Analysis

Locating and troubleshooting Case Analysis of simulation base stations

 

According to the data DT test, during the Dahe Road (Culture road to Tianhe Road) test, when the nearby community is used to reselect to the BCCH = 74, CI = 25, MS performs the LAC update, an error occurred while updating the LAC. Check BCCH = 74, NCC = 4, BCC = 3, LAC = 10069 for the CI = 25 community. The current network does not have this community, therefore, when the LAC is updated, a message indicating that the LAC update is rejected will fail. For example:

CI = 25 the reception level of the residential area on Fengqing road is around-40dBm, RXP is set to-110, C2 offset is 50, and MS is reselected to the residential area when it passes through the road section.

On-site inspection of the signal source, it was found that the signal was sent by the antenna next to the pole at the junction of Dahe Road and Tianhe Road. Photo of the antenna location:

On this antenna, the frequency scanner scans frequency at frequency 74 and finds that the intensity of frequency 74 can reach about-20 dBm. The location of the area on the map:

On-site test data Case Analysis

The test selects the location of the simulation base station. The test tool is professional road test mobile phone (Handy), professional test mobile phone (SAGEM), general test mobile phone and professional frequency scanner (Amway frequency scanner ).

Test Device

Amway frequency scanner: confirms the frequency of use as a mobile frequency band through frequency scanning;

Handy road test device: a professional road test mobile phone that records the test status;

SAGEM mobile phone: Professional Mobile Phone testing, capable of collecting false base station frequency and other information;

Ordinary test mobile phone: Installs mobile phones in engineering mode and can collect information such as frequency of pseudo base stations;

Testing Site simulation base station antenna Image

Test mobile phone information

Test site scanning image:

Test Description of three cases‍

Idle

From the test, we can see that the signal of the simulation base station is very strong and the C2 parameter settings are extreme, which makes it easy for mobile users to reselect to the zone in this region, resulting in frequent network disconnection.

Idle locks

Lock frequency test No. 82, found that the LAC Of the 33 community will change frequently, the LAC from 10677 to 50188.

Call status

It can be seen that the same frequency (82) of the 5-mile store 1 and the pseudo base station near the pseudo base station are the same, but the BSIC is inconsistent. The cell phone measures the neighboring area of the 82-frequency point in the call status, due to the high power of the pseudo base station, it may cause serious frequency interference to the peripheral mobile base stations with the same frequency, which may cause User Switching failure and disconnection.

It can be seen that only wulidian 1 shares the same frequency with the simulation base station.

Determine the coverage of pseudo Base Stations

The pseudo base station antenna points to the West. The coverage range is as far as m, and the back direction and lateral direction are about M.

Main Problems and impacts of simulated base stations discovered during testing

From the test, we can see that the MCC, MNC, frequency point, and other resources used by the simulation base station are all dedicated resources of China Mobile;

The mobile phone number of China Unicom is used for testing. It is found that the pseudo base station has no effect on China Unicom;

The parameter settings of pseudo base stations are extreme. For example, when the pseudo base station power is too large and the LAC changes frequently, the C2 parameter settings are extreme. Nearby users can easily select the simulation base station, which has a great impact on users' usage.

User perception: force the user to re-select the simulated mobile system. During this period, the user will not be able to normally enjoy the normal services provided by the mobile operator (off-network). Generally, the mobile user will temporarily be out of the network for 8 to 12 seconds, some mobile phone users must switch on to the next network;

Frequency Interference: The simulation mobile system steals the frequency resources of mobile operators, which can cause strong interference to the surrounding wireless environment;

Network Congestion

Complaints increase: As the device causes the user's mobile phone in the surrounding area to appear out of the network, the Complaints increase significantly.

0 × 03 simulation base station Interference Analysis Summary

1. Summarize the basic features of the simulation base station to lay a good foundation for timely discovery of the simulation base station.

2. Use signaling process analysis to identify issues in the region where the simulation base station is located, improving troubleshooting efficiency.

3. Use a road test device to determine the impact of the simulated base station on the surrounding wireless environment, which provides a powerful basis for avoiding and reducing the impact.

4. Use the parameter modification solution to effectively avoid the impact of the simulation base station on the wireless environment in the surrounding area.