Commit 780d09c1 by Jun Matsushita

Moving sources to its own repo

parent 95647c07
Pipeline #664 skipped in 0 seconds
This source diff could not be displayed because it is too large. You can view the blob instead.
# GSMMap
## Overview
## Scores
- Protection Dimension
+ Intercept
+ Impersonation
+ Tracking
- IMSI Catcher Score
## Metrics
- IMSI Catcher Metric
+ The IMSI catcher heuristic calculates an overall score (sum) out of a number of sub-scores. If this overall score exceeds a specified maximum value, an alarm is raised in the app.
- 2G Over-the-air protection
+ Encryption algorithm
* A5/1
* A5/3
+ Padding randomization
+ SI randomization
+ Require IMEI in CMC
+ Hopping entropy
+ Authenticate calls (MO)
+ Authenticate SMS (MO)
+ Authenticate paging (MT)
+ Authenticate LURs
+ Encrypt LURs
+ Update TMSI
- 3G Over-the-air protection
+ Encryption
+ Update TMSI
- HLR/VLR configuration
+ Mask MSC
+ Mask IMSI
## Measurements
- [IMSI Catcher Measurements](
+ [A1 - Different LAC/CID for the same ARFCN (Removed)](
+ [A2 - Inconsistent LAC](
+ [A4 - Same LAC/CID on different ARFCNs](
+ [A5 - Lonesome location area](
+ [K1 - No neighboring cells](
+ [K2 - High cell reselect offset](
+ [C1 - Encryption Downgrade](
+ [C2 - Delayed CIPHER MODE COMPLETE ack.](
+ [C3 - CIPHER MODE CMD msg. without IMEISV (removed)](
+ [C4 - ID requests during location update](
+ [C5 - Cipher setting out of average](
+ [T1 - Low registration timer](
+ [T3 - Paging without transaction](
+ [T4 - Orphaned traffic channel](
+ [R1 - Inconsistent neighbor list](
+ [R2 - High number of paging groups](
+ [F1 - Few paging requests (removed)](
- Protection
## Data
- [data.json](data.json)
## Probe
## Sources
layout: index
# Sources
> Potential measurement partners
> Others
- WebXRay
- HSTS detection
- CVE Search
- Node Security Project
- Docker Registry (using CoreOS Clair?)
- [Android Observatory](
- PrivacyFix
# Methodology
> Discussion which documents are binding?
> Discussion about the granularity of what is collected and for what purpose.
> Discussion: What does acceptable remedy looks like?
# Data
Evidence data about elements could be reused by OII. Steps for this could be:
- In the *Company*Outcome sheets
- Under each colored group, for each question *Element #*
+ In the sources field, there is a *Element #:* prefix followed by a list of numbers, for each *Source #*
* In the *Company*Sources sheet
- the *Source #* column has the reference, and there is:
+ Document title
+ Date of document (often empty)
+ Date accessed
+ In the comment field, there is a *Element #:* with information that explains the score.
Converting to OII:
- *Element #* would be a **Claim** it is prefixed by a yes/no with some details. The original question is not in the spreadsheet but on the website for instance ( and as Markdown (
# Potential collaboration items
- Restructure the raw data to make it easier to access evidence/source info.
- Help publish this on the site
\ No newline at end of file
# TOSBack
# Trackography
Could be a data source!
\ No newline at end of file
# WebXRay
Viewing Reports
Use the interactive mode to guide you to generating an analysis. When it is completed it will be output to the '/reports' directory. This will contain a number of csv files; they are:
- db_summary: a basic report of how many pages loaded, how many errors, basic stats
- summary_by_tld: gives more stats on how many domains are contacted, cookies, javascript, etc.
- domains-by-tld: the most frequently contacted domains, by tld
- elements-by-tld: most frequent elements, any type
- elements-by-tld-image: most frequent elements, images
- elements-by-tld-javascript: most frequent elements, javascript
- orgs-by-tld: this is the most interesting bit, shows all the top companies who own the domains which are being contacted - relies on the data in webxray/resources/org_domains/org_domains.json which was compiled manually and should be expanded.
- network: pairings between page domains and tracker domains, you can import this info to data viz software to do cool stuff - this is something worth heavy tweaking if it's of particular interest to you!
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment