[Gsmmap] How is input data used for the monthly report?

Karsten Nohl nohl at srlabs.de
Sat Jan 25 09:58:55 CET 2014


Dear Oliver,

On Jan 24, 2014, at 22:28 , <oliver.ast at telekom.de> <oliver.ast at telekom.de> wrote:

> Hi all,
>  
> I really appreciate your work to bring the mobile networks to a more secure state and I also started to submit own measured data recently :-)
>  
> But I have a question on the report that is generated automatically. If I take e.g. the Jan. '14 report for Germany then I can see in chapter 3 "Attach scenarios" in table 2 that e.g. T-Mobile offers ~9% A5/3 encryption in their network. But this can't be true as Deutsche Telekom activated A5/3 in their complete german network already in December.
>  
> So the question is now where the 9% come from. I would guess there are mainly three options:
> 1. The table does not show the live data but some older stats from 2013
> 2. There is simply not sufficient enough data available since beginning of December (or you consider not only results from the actual month)
> 3. You do not really measure and calculate the A5/3 capability of the network but rather the one from the device. I guess there are several contributors out there running a device without A5/3 support. In such cases all test calls or SMS would always lead to A5/1 (or even non-ciphered) calls. If all of these calls will become part of the statistics on GSMMap.org then this simply will not reflect anymore only the network security status.

A mix of these: We are measuring the percentage of transactions that use A5/3; that is: the intersection of network and handsets supporting the newer algorithm.

We also use historic data until the data either gets too old or is replaced by newer measurements from the same location area. The T-Mobile and Vodafone Germany scores will keep going up as more data is contributed to GSMmap.

> So, if someone in SRLabs could tell me, how the collected data are used for the statistics, this would be really great.
>  
> Also in chapter 1, table 1 the report is talking about the SRLabs GSM metric v2.2. Is this somewhere availabe as an open document?

The metric hasn't been published yet, but has been peer-reviewed and discussed with network operators eager to improve the protection of their users.

Cheers,

     -Karsten


> Thanks for your great work.
>  
> Oliver
>  
>  
> _______________________________________________
> Gsmmap mailing list
> Gsmmap at lists.srlabs.de
> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap




More information about the Gsmmap mailing list