Summary SMS Location Tracking via Delivery Reports arxiv.org
13,659 words - PDF document - View PDF document
One Line
The text discusses a covert attack called SMS location tracking via delivery reports, which accurately determines the location of an SMS recipient using timing features and binary and multi-class classifications, achieving an average accuracy of 68% in Germany, while highlighting the lack of network-based countermeasures and exploring potential solutions.
Key Points
- SMS location tracking via delivery reports is a timing side-channel attack that can reveal the location of message recipients.
- The study shows high accuracy in device classification based on SMS timings, except for Huawei devices.
- The document discusses the heterogeneity of delivery timings between operators in different countries, revealing diversities in networks that affect SMS timings.
- The document includes tables and figures depicting classification accuracy for different locations, as well as information about AT commands, logs related to SMS transmission, and security measures like IPsec and TLS.
- The study explores countermeasures for SMS location tracking, acknowledging the challenges of implementing them.
- The research highlights the effectiveness of inferring location based on SMS delivery reports and addresses challenges and countermeasures against SMS timing attacks.
Summaries
184 word summary
SMS location tracking via delivery reports is a covert attack that accurately determines the location of an SMS recipient. The attack involves two phases: preparation and attack, utilizing six timing features to create a location signature. The research focuses on accurately identifying victim's locations using binary and multi-class classifications, with the MLP model performing the best. The document evaluates the performance of SMS location tracking in Germany, achieving an average accuracy of 68% based on 57 fixed locations. The impact of factors such as geographic separation, network timing, and network changes on the attack's performance is discussed. The document highlights the high accuracy of SMS location tracking via delivery reports and the lack of network-based countermeasures. It explores potential countermeasures and acknowledges implementation challenges. The summary mentions various studies related to SMS location tracking and security issues, including LTE security, protocol exploits, and location leaks over the GSM air interface. A study was conducted on SMS location tracking via delivery reports to classify smartphone devices based on their SMS timings, revealing distinct diversities in networks that affect SMS timings between operators in different countries.
404 word summary
A study was conducted on SMS location tracking via delivery reports to classify smartphone devices based on their SMS timings. The study showed high accuracy in device classification, except for Huawei devices. It also revealed distinct diversities in networks that affect SMS timings between operators in different countries.
The document includes tables and figures depicting classification accuracy for different locations, as well as information about AT commands, SMS transmission logs, and device specifications. It discusses the prediction and attack phase of SMS location tracking using measurements collected by one sender device.
The summary mentions various studies related to SMS location tracking and security issues, including LTE security, protocol exploits, and location leaks over the GSM air interface. It refers to systems like FBS-Radar and Mobileinsight for detecting fake base stations and analyzing cellular network information. It also discusses the use of silent SMS with German police authorities.
The document highlights the high accuracy of SMS location tracking via delivery reports and the lack of network-based countermeasures. It explores potential countermeasures and acknowledges implementation challenges.
The impact of factors such as geographic separation, network timing, and network changes on the attack's performance is discussed. The use of machine learning models for prediction and anomaly detection in SMS location tracking via delivery reports is also emphasized.
The research focuses on accurately identifying victim's locations using binary and multi-class classifications, with the MLP model performing the best. The document evaluates the performance of SMS location tracking in Germany, achieving an average accuracy of 68% based on 57 fixed locations. International experiments showed varying accuracy rates for different operators and countries, with some misclassifications observed for closer geographical locations. However, the model generally performed well in identifying the correct location.
The attack involves two phases: preparation and attack, utilizing six timing features to create a location signature. Active and passive devices were used, and cellular traffic and baseband logs were analyzed. SMS location tracking via delivery reports is a covert attack that accurately determines the location of an SMS recipient. This attack does not require advanced equipment or network operator access. The research identifies an SMS delivery report-based timing side-channel that leaks location information. A large-scale study is conducted to evaluate location classification accuracy across multiple countries. The document explains the SMS transmission and delivery process in LTE and 5G networks, provides code and dataset for SMS location identification, and addresses challenges and countermeasures against SMS timing attacks.
548 word summary
SMS location tracking via delivery reports is a covert attack that can determine the location of an SMS recipient with high accuracy. The attack utilizes SMS delivery reports and timing signatures on a typical smartphone device, without the need for advanced equipment or network operator access. The research contributes to understanding cellular network components and identifies an SMS delivery report-based timing side-channel that leaks location information. A large-scale study is conducted to collect delivery report timing measurements and evaluate location classification accuracy across multiple countries. The document explains the SMS transmission and delivery process in LTE and 5G networks, provides code and dataset for SMS location identification, and addresses challenges and countermeasures against SMS timing attacks.
The attack involves two phases: preparation and attack, utilizing six timing features to create a location signature. The study involved sending and collecting a large number of SMSes at different times of the day, accounting for network congestion. Active and passive devices were used, and cellular traffic and baseband logs were analyzed.
The research focuses on accurately identifying victim's locations using binary and multi-class classifications. The MLP model performed the best. The document evaluates the performance of SMS location tracking in Germany, achieving an average accuracy of 68% based on 57 fixed locations. Classification results varied depending on the available data and the number of locations. The timing of SMS delivery was analyzed as a factor in the classification. International experiments showed varying accuracy rates for different operators and countries, with some misclassifications observed for closer geographical locations. However, the model generally performed well in identifying the correct location.
The document discusses the impact of factors such as geographic separation, network timing, and network changes on the attack's performance. It also highlights the use of machine learning models for prediction and anomaly detection in SMS location tracking via delivery reports. The document discusses SMS location tracking via delivery reports, a timing side-channel attack that reveals the location of message recipients. It highlights the high accuracy of this attack and the lack of network-based countermeasures. The document explores potential countermeasures and acknowledges implementation challenges. The summary also mentions various studies related to SMS location tracking and security issues, including LTE security, protocol exploits, and location leaks over the GSM air interface. It refers to systems like FBS-Radar and Mobileinsight for detecting fake base stations and analyzing cellular network information. It also discusses the use of silent SMS with German police authorities. The text discusses the prediction and attack phase of SMS location tracking using measurements collected by one sender device. It talks about classification goals, delivery time plots, scalability, feasibility, and parameter tuning in neural network models. The document includes tables and figures depicting classification accuracy for different locations, as well as information about AT commands, SMS transmission logs, and device specifications. It also provides a list of countries, operators, smartphone models, and the success of the attack on tested smartphones. A study on SMS location tracking via delivery reports was conducted to classify smartphone devices based on their SMS timings. The study included multiple locations and operators. The results showed high accuracy in device classification, except for Huawei devices. The study also analyzed the heterogeneity of delivery timings between operators in different countries, revealing distinct diversities in networks that affect SMS timings.
983 word summary
A study on SMS location tracking via delivery reports is discussed in the document "SMS Location Tracking via Delivery Reports." The study aimed to classify smartphone devices based on their SMS timings and was conducted in different locations with various operators. The results showed high accuracy in device classification, except for Huawei devices. The study also analyzed the heterogeneity of delivery timings between operators in different countries, revealing distinct diversities in networks that affect SMS timings.
The document includes tables and figures depicting classification accuracy for different locations, as well as information about AT commands, logs related to SMS transmission, SMSoNAS and SMSoIP differences, and the use of IPsec and TLS for security. It also provides a list of countries, operators, smartphone models, release dates, device specifications, and the success of the attack on tested smartphones. Tables showing classification accuracy for fixed locations and areas in Germany are also included.
The text discusses the prediction and attack phase of SMS location tracking using measurements collected by one sender device for operators G and E over three months. It mentions the goal of classification, distinguishing timings measured for different operators, and conducting classifications for various operators. The text also discusses delivery time plots based on different times of the day for DE locations and the possibility of SMS delivery report failure. It mentions the scalability and feasibility of the attack and the need for parameter tuning in neural network models. The text includes references to related research papers.
The summary also highlights various studies related to SMS location tracking and security issues. These include research on LTE security, protocol exploits, OTP security for SMS-based two-factor authentication, passive geolocation in a 4G WiMAX single base station scenario, the use of low-cost software radio for communication tracking experimentation, detection of fake 4G LTE base stations in real-time, prevention of smartphones from being hacked by connecting to fake base stations, location leaks over the GSM air interface, stealthy tracking of mobile phones using LTrack, location identification attacks, and the security of the SMS ecosystem with public gateways. The summary also mentions the FBS-Radar system for uncovering fake base stations and the Mobileinsight system for extracting and analyzing cellular network information on smartphones. Additionally, the summary refers to the use of silent SMS with German police authorities and significantly more silent SMS with German police authorities. Lastly, the summary includes references to studies on multi-rat false base stations and analyzing mobile phones for attacking purposes. The document discusses SMS location tracking via delivery reports, which is a novel timing side-channel attack that can reveal the location of message recipients. The evaluations conducted across multiple locations and countries demonstrate the high accuracy of this attack. Network-based countermeasures are currently lacking, and practical applications to block attacks have limitations. Eliminating delivery reports would require significant changes. The document explores countermeasures and highlights the challenges of implementing them.
The document provides insights into different locations and suggests potential countermeasures. It includes probability matrices for fixed locations and network analysis for different time windows and devices. However, the study acknowledges its limitations and the challenges of implementing certain countermeasures.
The document discusses the classification accuracy of regional and national locations based on SMS location tracking via delivery reports. It evaluates the impact of factors such as geographic separation, network timing, and network changes on the attack's performance. The localization accuracy of specific devices and the classification accuracy for different times of the day and days of the week are shown. The document also highlights the use of machine learning models for prediction and anomaly detection.
The performance of SMS location tracking was evaluated in Germany, achieving an average accuracy of 68% based on 57 fixed locations. The classification results varied depending on the available data and the number of locations. The timing of SMS delivery was analyzed as a factor in the classification. The classification results for international experiments showed varying accuracy rates for different operators and countries. Misclassifications were observed for closer geographical locations, but the model generally performed well in identifying the correct location. This document explores SMS location tracking via delivery reports, focusing on identifying victim's locations accurately. The study uses binary and multi-class classifications, with the MLP model performing the best. The research includes details on SMS routing modes, dataset generation, timing features used, and monitoring active devices.
The study involved sending and collecting a large number of SMSes to track locations via delivery reports. Measurements were taken at different times of the day, accounting for network congestion. Active and passive devices were used, and cellular traffic and baseband logs were analyzed.
The document discusses an SMS-based location tracking attack that uses timing features and delivery reports to infer the victim's location without physical access to their USIM cards or network entities. The attack is conducted in two phases: preparation and attack, utilizing six timing features to create a location signature.
The SMS transmission and delivery process in LTE and 5G networks, including network architectures and timing delays, are explained. The code and dataset for SMS location identification are publicly available on Github. The work highlights the effectiveness of inferring location based on SMS delivery reports and addresses challenges and countermeasures against SMS timing attacks.
Overall, this research contributes to the understanding of cellular network components and identifies an SMS delivery report-based timing side-channel that leaks location information. A large-scale study is conducted to collect delivery report timing measurements and evaluate location classification accuracy across multiple countries. Factors affecting timing delays in the core network are also analyzed. SMS location tracking via delivery reports is a covert attack that can determine the location of an SMS recipient with up to 96% accuracy. It utilizes SMS delivery reports and timing signatures on a typical smartphone device. The attack does not need advanced equipment or access to the network operator's infrastructure. The document also discusses other SMS-based attacks and vulnerabilities.
1499 word summary
SMS location tracking via delivery reports is a covert attack that allows an attacker to determine the location of an SMS recipient. It achieves up to 96% accuracy and can be carried out using a typical smartphone device. This attack leverages SMS delivery reports to infer the victim's location by generating timing signatures. The attack does not require advanced equipment or access to the network operator's infrastructure. The document also highlights other SMS-based attacks and the vulnerabilities of SMS.
The work identifies an SMS delivery report-based timing side-channel that leaks location information and contributes to the understanding of cellular network components. A large-scale study is conducted to collect delivery report timing measurements and create a robust location identification model. The accuracy of location classification is evaluated across multiple countries, and factors affecting timing delays in the core network are analyzed.
The code and dataset for SMS location identification are publicly available on Github. The effectiveness of inferring location based on SMS delivery reports is highlighted, along with the challenges and countermeasures against SMS timing attacks. The privacy issues caused by the SMS timing attack have been recognized by GSMA.
The SMS transmission and delivery process in LTE and 5G networks, including the network architectures and timing delays, are explained. The IMS incorporates the IP Short Message Gateway and the IMS Application Server, using the Diameter protocol for communication. LTE services primarily support IP-based communication with NAS encryption and integrity-protection. SMS Location Tracking via Delivery Reports analyzes the delays in SMS reception and delivery, categorizing them into UE processing, propagation delay, routing delay, and processing delay. The document discusses an SMS-based location tracking attack that uses timing features and delivery reports to infer the victim's location. The attack can be executed without physical access to the victim's USIM cards or network entities. The attacker can collect measurements from locations of interest and track the victim's whereabouts without alerting them. The methodology involves sending SMS messages between smartphones to collect measurements and determine the victim's location. The attack is conducted in two phases: preparation and attack. The location signature is a combination of six timing features. Our study involved sending and collecting a large number of SMSes to track locations via delivery reports. We conducted measurements at different times of the day and accounted for potential network congestion. Our objective was to demonstrate a practical and realistic scenario for location identification. We used both active and passive devices for the experiments and analyzed cellular traffic and baseband logs to extract relevant information.
The document discusses SMS location tracking via delivery reports, focusing on receiver locations in Germany, Greece, the UAE, and international locations. It mentions the use of SGsAP/Diameter and SMSoIP for SMS routing modes, the dataset generation process, and the use of Multilayer Perceptron (MLP) for location classification. The document also includes details on the timing features used and the monitoring of active devices.
The results show high accuracy in identifying locations within a smaller geographical area and different countries. The document explores binary and multi-class classifications, demonstrating accurate identification of victim's locations. The classification methodology follows a step-by-step approach from coarse- to fine-grained location classifications. The MLP model outperformed other classifiers.
The performance of SMS location tracking was evaluated in Germany, achieving an average accuracy of 68% based on 57 fixed locations. The classification results varied depending on the available data and the number of locations. The timing of SMS delivery was analyzed as a factor in the classification. The classification results for international experiments showed varying accuracy rates for different operators and countries. Misclassifications were observed for closer geographical locations, but the model generally performed well in identifying the correct location. The text excerpt provides information on the classification accuracy of regional and national locations based on SMS location tracking via delivery reports. The document discusses the evaluations, analyses, and results of experiments conducted over three months. It evaluates the impact of factors such as geographic separation, network timing, and network changes on the attack's performance. The localization accuracy of specific devices is evaluated, and the classification accuracy for different times of the day and days of the week is shown. The document also mentions the ability of an attacker to identify potential locations of a victim and highlights the use of machine learning models for prediction and anomaly detection. Overall, the document emphasizes the need for further experimentation and evaluation in open-world scenarios. SMS Location Tracking via Delivery Reports is a document that explores countermeasures against SMS location tracking attacks. It emphasizes the lack of effective solutions and the vulnerability of regular SMS. Various defenses and countermeasures are discussed, but limited progress has been made in this area. The document provides insights into different locations and suggests potential countermeasures. It also includes probability matrices for fixed locations and network analysis for different time windows and devices. However, the study acknowledges its limitations and the challenges of implementing certain countermeasures.
In conclusion, SMS location tracking via delivery reports is a serious threat that needs further investigation and effective countermeasures. Network-based countermeasures do not currently exist to prevent location identification in this attack. Practical applications to manipulate delivery reports or block attacks are limited to Android devices and have drawbacks. Eliminating delivery reports altogether would require worldwide adoption and significant architectural modifications. Altering SMS timings uniformly or randomly could disrupt side-channel analysis but may impact normal users' performance.
The evaluations demonstrate that SMS location tracking via delivery reports can achieve high accuracy, with severity shown in evaluations conducted across multiple locations and countries. The proposed attack is a novel timing side-channel attack that exploits the SMS procedure. It distinguishes between receivers in different locations within a specific range using SMS delivery reports. The attack has severe consequences as it reveals message recipients' location and cannot be mitigated. Its performance is explored in scenarios with distinct sets of known victim locations.
The references in the document include technical specifications, research papers, and acknowledgments. However, without access to the full content of these references, specific details and key points cannot be highlighted in a concise summary. This summary provides a condensed version of the text excerpt, focusing on key points related to SMS location tracking, security issues, and relevant studies.
Paragraph 1: The first paragraph includes references to studies on multi-rat false base stations and analyzing mobile phones for attacking purposes.
Paragraph 2: The second paragraph mentions the use of silent SMS with German police authorities and significantly more silent SMS with German police authorities.
Paragraph 3: The third paragraph highlights the FBS-Radar system for uncovering fake base stations and the Mobileinsight system for extracting and analyzing cellular network information on smartphones.
Paragraph 4: The fourth paragraph includes references to studies on location identification attacks and the security of the SMS ecosystem with public gateways.
Paragraph 5: The fifth paragraph mentions research on location leaks over the GSM air interface and the stealthy tracking of mobile phones using LTrack.
Paragraph 6: The sixth paragraph refers to the detection of fake 4G LTE base stations in real-time and the prevention of smartphones from being hacked by connecting to fake base stations.
Paragraph 7: The seventh paragraph includes references to passive geolocation in a 4G WiMAX single base station scenario and the use of low-cost software radio for communication tracking experimentation.
Paragraph 8: The eighth paragraph mentions research on LTE security, protocol exploits, and OTP security for SMS-based two-factor authentication.
The text discusses the prediction and attack phase of SMS location tracking using measurements collected by one sender device for operators G and E over three months. It mentions the goal of classification, distinguishing timings measured for different operators, and conducting classifications for various operators. The text also discusses delivery time plots based on different times of the day for DE locations and the possibility of SMS delivery report failure. It mentions the scalability and feasibility of the attack and the need for parameter tuning in neural network models. The text includes references to related research papers. A study on SMS location tracking via delivery reports is discussed in the document "SMS Location Tracking via Delivery Reports." The study aimed to classify smartphone devices based on their SMS timings and was conducted in different locations with various operators. The results showed high accuracy in device classification, with the exception of Huawei devices. The dataset sizes varied throughout the experiment, with larger sizes in the second part. The study also analyzed the heterogeneity of delivery timings between operators in different countries, revealing distinct diversities in networks that affect SMS timings. The document includes tables and figures depicting classification accuracy for different locations, as well as information about AT commands, logs related to SMS transmission, SMSoNAS and SMSoIP differences, and the use of IPsec and TLS for security. It also provides a list of countries, operators, smartphone models, release dates, device specifications, and the success of the attack on tested smartphones. Tables showing classification accuracy for fixed locations and areas in Germany are also included.
2952 word summary
The document discusses SMS location tracking via delivery reports. The text includes a list of countries and operators, as well as a list of smartphone models and their release dates. It also provides information about the device specifications and the success of the attack on tested smartphones. Additionally, there are tables showing classification accuracy for fixed locations and areas in Germany. In the document "SMS Location Tracking via Delivery Reports," there are various tables and figures that show classification accuracy for different locations. The sender's location and operator are also mentioned. Additionally, there is information about AT commands and logs related to SMS transmission. The document discusses the differences between SMSoNAS and SMSoIP, as well as the use of IPsec and TLS for security. There is also mention of the AT command used to send SMS messages and the delivery report process. The document discusses a study on SMS location tracking via delivery reports. The study aimed to classify smartphone devices based on their SMS timings. The experiment was conducted in different locations and with various operators. The results showed high accuracy in device classification for certain comparisons, with the Huawei device being an exception. The dataset sizes varied for different parts of the experiment, with larger sizes in the second part. The study also analyzed the heterogeneity of delivery timings between operators in different countries. The results demonstrated distinct diversities in networks that affect SMS timings. Overall, the study presented experimental results and plots depicting the findings. The text discusses the prediction and attack phase of SMS location tracking using measurements collected by one sender device for operators G and E over three months. It mentions the goal of classification, distinguishing timings measured for different operators, and conducting classifications for various operators. The text also discusses delivery time plots based on different times of the day for DE locations and the possibility of SMS delivery report failure. It mentions the scalability and feasibility of the attack and the need for parameter tuning in neural network models. The text includes references to related research papers. The document is a compilation of references and citations related to SMS location tracking and security vulnerabilities in mobile networks. It includes references to various papers, projects, and tools that address these issues. This text excerpt contains a list of references and citations related to SMS location tracking and security issues. The references include various studies and papers on topics such as fake base stations, analyzing and attacking mobile phones, extracting and analyzing cellular network information, location identification attacks, and LTE security protocols.
Paragraph 1: The first paragraph includes references to studies on multi-rat false base stations and analyzing mobile phones for attacking purposes.
Paragraph 2: The second paragraph mentions the use of silent SMS with German police authorities and significantly more silent SMS with German police authorities.
Paragraph 3: The third paragraph highlights the FBS-Radar system for uncovering fake base stations and the Mobileinsight system for extracting and analyzing cellular network information on smartphones.
Paragraph 4: The fourth paragraph includes references to studies on location identification attacks and the security of the SMS ecosystem with public gateways.
Paragraph 5: The fifth paragraph mentions research on location leaks over the GSM air interface and the stealthy tracking of mobile phones using LTrack.
Paragraph 6: The sixth paragraph refers to the detection of fake 4G LTE base stations in real-time and the prevention of smartphones from being hacked by connecting to fake base stations.
Paragraph 7: The seventh paragraph includes references to passive geolocation in a 4G WiMAX single base station scenario and the use of low-cost software radio for communication tracking experimentation.
Paragraph 8: The eighth paragraph mentions research on LTE security, protocol exploits, and OTP security for SMS-based two-factor authentication.
Overall, this summary provides a condensed version of the text excerpt, focusing on key points related to SMS location tracking, security issues, and relevant studies. The excerpted text consists of numerous references to technical specifications, conference papers, and research articles. These references provide information on topics related to mobile networks, cellular paging protocols, location tracking, security vulnerabilities, and spyware. The text includes citations from various sources such as the Association for Computing Machinery, the Internet Society, and the GSM Association.
To summarize the key points and preserve important details, the text can be organized into separate paragraphs based on the distinct ideas presented in the references. However, without access to the full content of these references, it is not possible to provide a concise summary while highlighting specific details and key points. The text excerpt is a list of references from a document discussing SMS location tracking via delivery reports. The references include technical specifications, research papers, and acknowledgements. In this work, a novel timing side-channel attack for exploiting the SMS procedure is introduced. Various SMS attacks have been demonstrated in the past, but suggested countermeasures have proven ineffective. The proposed attack does not target the communication channels or rely on false base stations. Instead, it leverages SMS delivery reports to distinguish between receivers in different locations within a specific range. The attack has severe consequences as it can reveal the location of message recipients and cannot be mitigated. The performance of the attack is explored in scenarios with distinct sets of known locations of the victim. Our evaluations have shown that SMS location tracking via delivery reports can reach high accuracy of 95% or more. The attack works with varying performance depending on the sets of possible locations of a victim. The severity of the potential threat is demonstrated by our evaluations conducted in 34 different locations spread across 10 countries.
There are limitations to this approach, as it would require worldwide adoption and significant architectural modifications to eliminate delivery reports altogether. A more effective solution would be for operators to alter SMS timings uniformly or randomly to disrupt side-channel analysis. However, this could significantly impact performance for normal users.
Network-based countermeasures currently do not exist to thwart location identification against this attack. Practical applications that manipulate delivery reports or block potential attacks are limited to Android devices and may rely on manual intervention by the user. These applications also lack preventive countermeasures and may have other drawbacks.
In conclusion, SMS location tracking via delivery reports is a serious threat that requires further investigation and the development of effective countermeasures. SMS Location Tracking via Delivery Reports is a document that discusses different approaches to counter SMS location tracking attacks. The document mentions that there is currently no effective countermeasure against these attacks and that they can occur through regular SMS as well. It also highlights that existing detection mechanisms are not applicable in this case. The document mentions various defenses and countermeasures, including base station detection and application-based defenses, but notes that there has been limited progress in this area. The document provides insights into different locations and discusses potential countermeasures to mitigate the attack. It also includes probability matrices for fixed locations and discusses network analysis for different time windows and devices. The document concludes by mentioning the limitations of the study and the practicality of implementing certain countermeasures. The excerpt discusses various aspects of SMS location tracking via delivery reports. It mentions the ability of an attacker to identify potential locations of a victim by expanding the measurement campaign and using outlier/anomaly detection. The excerpt also talks about the use of a MLP classification model and an Isolation Forest model for prediction and anomaly detection. It highlights the need for further experimentation and evaluation in open-world scenarios and discusses the relationship between classification accuracy and distances between locations. The excerpt concludes by stating that network characteristics are unlikely to significantly affect the model's performance. The document discusses SMS location tracking via delivery reports. It presents various distributions and timing delays for different devices, operators, and locations. The localization accuracy of specific devices is evaluated, with scores generally above 80%. The classification accuracy for different times of the day and days of the week is shown. The impact of congestion and network changes on classification scores is analyzed. Retraining and collecting new data may be necessary to maintain accuracy over time. Some classifications continue to have high scores, while others deteriorate. The characteristics of measurements vary between operators and devices. The document provides examples of how accuracy fluctuates for different classifications. The document discusses SMS location tracking via delivery reports and includes evaluations, analyses, and results. The authors conducted experiments over a period of three months, collected data from multiple locations, and trained a model for the attack evaluation. They also performed a temporal stability analysis to determine if the attack could still work after some time has elapsed since the model was trained. Additional evaluations were conducted to assess the impact of geographic separation and network timing on the attack's performance. Misclassification errors were identified, and detailed results for individual classifications were presented. The performances of classifications varied depending on the sets of locations, with some achieving high accuracy. However, factors such as network homogeneity and timing similarities between locations could make it more challenging to distinguish locations. The document suggests that more sophisticated machine learning techniques and expertise may improve the attack. The text excerpt provides information on the classification accuracy of regional and national locations based on SMS location tracking via delivery reports. The classifications are divided into different categories, such as mixed, area, and fixed locations. The accuracy of these classifications varies depending on the number and type of locations involved. The text also mentions the probability of randomly guessing the correct classifications within the same country. Overall, the classification accuracy ranges from 33% to 98%, with the best-performing pairs reaching up to 72% accuracy. The results for different countries, such as the Netherlands, Germany, Belgium, the UAE, and Greece, are presented in tables. The text highlights the challenges of classifying areas with multiple locations and emphasizes the importance of interpreting the results carefully due to variations in performance based on location pairs. The performance of SMS location tracking was evaluated in Germany, achieving an average accuracy of 68% based on 57 fixed locations. The classification results varied depending on the available data and the number of locations. The timing of SMS delivery was also analyzed, with delivery timing being one of the factors considered in the classification. The classification results for international experiments showed varying accuracy rates for different operators and countries. Misclassifications were observed for closer geographical locations, but the model generally performed well in identifying the correct location. The document discusses SMS location tracking through delivery reports. It presents confusion matrices and timing differences for different classifications, such as overseas-vs.-domestic and country-based classifications. The results show high accuracy in identifying locations within a smaller geographical area and different countries. The document also explores binary and multi-class classifications and demonstrates accurate identification of victim's locations. The classification methodology used follows a step-by-step approach from coarse- to fine-grained location classifications. The results are presented for the MLP model, which outperformed other classifiers. The document includes a list of operators and receiver locations in Luxembourg, Belgium, and the Netherlands, but these details are unrelated to the main discussion on SMS location tracking. The document discusses SMS location tracking via delivery reports. It provides information on receiver locations in Germany, Greece, the UAE, and international locations. The document also mentions the use of SGsAP/Diameter and SMSoIP for SMS routing modes. It describes the dataset generation process and the use of Multilayer Perceptron (MLP) for location classification. The document includes details on the timing features used and the monitoring of active devices. Our study involved sending and collecting around 155,512 SMSes to track locations via delivery reports. We conducted measurements at different times of the day and accounted for potential network congestion. Our python script, Android Runner, automated the process by interacting with the smartphone through ADB commands. We collected data from active devices and used a silent SMS application called SMS handler. Our objective was to demonstrate a practical and realistic scenario for location identification. We conducted measurements across different operators and countries, including long-distance international measurements. Our devices were located in various countries, and we used both active and passive devices for the experiments. Our setup included analyzing cellular traffic and baseband logs to extract relevant information. The document discusses SMS location tracking through delivery reports. The attacker sends SMS messages between smartphones to collect measurements and determine the victim's location. The methodology can be simplified based on regional or national classification. The attacker may choose to perform either national or regional classification depending on the victim's location. The first step is to determine the victim's current country of residence. The classification problem involves several location identification tasks with decreasing granularity levels. The attack is conducted in two phases: preparation and attack. In the preparation phase, the adversary repeatedly sends silent SMS messages to gather measurements. In the attack phase, the adversary collects new measurements and analyzes timing features to identify the victim's locations. The location signature is a combination of six timing features. The document discusses an SMS-based location tracking attack that uses timing features and delivery reports to infer the location of a victim. The attacker can send SMS messages to the victim and receive delivery notifications. By analyzing the timing features of the SMS transmissions and comparing them to the delivery duration, the attacker can estimate the difference in real sent duration. The goal of the attacker is to locate the victim's mobile device in a specific geographic area of interest. The attack does not require physical access to the victim's USIM cards or network entities, and the attacker can target any subscriber with a valid mobile number. The attack can be executed without alerting the victim and can track the victim's whereabouts without revealing the attack. The attacker can collect measurements from locations of interest directly from the victim and receive delivery notifications. The attack does not focus on tracking exact movement patterns but aims to locate the victim's receiver location. SMS Location Tracking via Delivery Reports analyzes the delays involved in the SMS reception and delivery process. The delays can be categorized into four factors: UE processing, propagation delay, routing delay, and processing delay. These delays occur due to various network entities and communication channels. The SMS status can be Sent, Delivered, or Failed, and delivery reports are used to provide detailed information on the status of each message. The SMS procedure involves exchanging short text messages between network subscribers, and the selection between SMSoNAS and SMSoIP depends on the originator and network support. This summary provides a concise version of the excerpted text, highlighting key points and organizing the information into separate paragraphs.
Paragraph 1: The IMS (IP Multimedia Subsystem) incorporates the IP Short Message Gateway (IP-SM-GW) and the IMS Application Server. It uses the Diameter protocol for communication, including 2G/3G fallback and NAS signaling communication. The SGsAP interface eliminates the need for communication through the IMS, providing alternative routing options. LTE services primarily support IP-based communication with NAS encryption and integrity-protection.
Paragraph 2: SMS transmission and delivery in LTE and 5G networks involve two routing paths and protocols: SMSoIP (IP-based communication) and SMSoNAS (Non-Access Stratum protocol). The SMS procedure in these networks is explained, including the network architectures and timing delays involved.
Paragraph 3: The code and dataset for SMS location identification are publicly available on Github. The effectiveness of inferring location based on SMS Delivery Reports is highlighted, along with the challenges and countermeasures against SMS timing attacks. The privacy issues caused by the SMS timing attack have been recognized by GSMA.
Paragraph 4: The collected measurements are used to evaluate the accuracy of location classification and perform network and temporal stability analyses. Factors affecting timing delays in the core network are analyzed. The performance of the location inference attack is evaluated across multiple countries in Europe and the Middle East.
Paragraph 5: A large-scale study is conducted to collect Delivery Report timing measurements. An approach is designed to execute the SMS location inference attack based on a location signature. Six timing-related features are identified to create a robust location identification model.
Paragraph 6: This work is the first to identify an SMS Delivery Report-based timing side-channel that leaks location information. It contributes to the understanding of cellular network components and specifications. SMS Location Tracking via Delivery Reports is a document that discusses an attack method that allows an attacker to track the location of a victim solely by possessing their mobile phone number. The attack leverages SMS Delivery Reports to infer the victim's location by generating timing signatures. The attacker sends silent or regular SMSes to the victim's phone and measures the round-trip time to determine their location. Unlike other attacks, this method does not require advanced equipment or access to the network operator's infrastructure. The attack can be carried out using a typical smartphone device. The document also mentions other examples of SMS-based attacks, such as smishing attacks and malware that use SMS messages to deceive users and access sensitive information. Despite the prevalence and global reach of SMS, its security vulnerabilities make it a significant attack vector. SMS location tracking via delivery reports is a covert attack that allows an attacker to determine the location of an SMS recipient. This attack takes advantage of the timing measurements from typical delivery reports to infer the whereabouts of the recipient. The experiment conducted shows that this method achieves up to 96% accuracy for locations across multiple countries and devices. The researchers demonstrate that receiving silent SMS messages regularly opens a stealthy side-channel for attackers to exploit. The popularity and widespread use of SMS make it an attractive target for location tracking.