Security of GSM System
Introduction
Every day millions of people use cellular phones over radio links. With the increasing features, the mobile phone is gradually becoming a handheld computer. In the early 1980's, when most of the mobile telephone system was analog, the inefficiency in managing the growing demands in a cost-effective manner led to the opening of the door for digital technology (Huynh & Nguyen, 2003). According to Margrave (n.d), "With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS)", cellular fraud is extensive. It's very simple for a radio hobbyist to tune in and hear cellular telephone conversations since without encryption, the voice and user data of the subscriber is sent to the network (Peng, 2000). Margrave (n.d) states that apart from this, cellular fraud can be committed by using complex equipment to receive the Electronic Serial Number so as to clone another mobile phone and place calls with that. To counteract the aforementioned cellular fraud and to make mobile phone traffic secure to a certain extent, GSM (Global System for Mobile communication or Group Special Mobile) is one of the many solutions now out there. According to GSM-tutorials, formed in 1982, GSM is a worldwide accepted standard for digital cellular communication. GSM operates in the 900MHz, 1800MHz, or 1900Mhz frequency bands by "digitizing and compressing data and then sending it down a channel with two other streams of user data, each in its own time slot." GSM provides a secure and confidential method of communication.
Security provided by GSM
The limitation of security in cellular communication is a result of the fact that all cellular communication is sent over the air, which then gives rise to threats from eavesdroppers with suitable receivers. Keeping this in account, security controls were integrated into GSM to make the system as secure as public switched telephone networks. The security functions are:
1. Anonymity: It implies that it is not simple and easy to track the user of the system. According to Srinivas (2001), when a new GSM subscriber switches on his/her phone for the first time, its International Mobile Subscriber Identity (IMSI), i.e. real identity is used and a Temporary Mobile Subscriber Identity (TMSI) is issued to the subscriber, which from that time forward is always used. Use of this TMSI, prevents the recognition of a GSM user by the potential eavesdropper.
2. Authentication: It checks the identity of the holder of the smart card and then decides whether the mobile station is allowed on a particular network. The authentication by the network is done by a response and challenge method. A random 128-bit number (RAND) is generated by the network and sent to the mobile. The mobile uses this RAND as an input and through A3 algorithm using a secret key Ki (128 bits) assigned to that mobile, encrypts the RAND and sends the signed response (SRES-32 bits) back. Network performs the same SRES process and compares its value with the response it has received from the mobile so as to check whether the mobile really has the secret key (Margrave, n.d). Authentication becomes successful when the two values of SRES matches which enables the subscriber to join the network. Since every time a new random number is generated, eavesdroppers don't get any relevant information by listening to the channel. (Srinivas, 2001)
3. User Data and Signalling Protection: Srinivas (2001) states that to protect both user data and signalling, GSM uses a cipher key. After the authentication of the user, the A8 ciphering key generating algorithm (stored in the SIM card) is used. Taking the RAND and Ki as inputs, it results in the ciphering key Kc which is sent through. To encipher or decipher the data, this Kc (54 bits) is used with the A5 ciphering algorithm. This algorithm is contained within the hardware of the mobile phone so as to encrypt and decrypt the data while roaming. Algorithms used to make mobile traffic secure
Authentication Algorithm A3: One way function, A3 is an operator-dependent stream cipher. To compute the output SRES by using A3 is easy but it is very difficult to discover the input (RAND and Ki) from the output. To cover the issue of international roaming, it was mandatory that each operator may choose to use A3 independently. The basis of GSM's security is to keep Ki secret (Srinivas, 2001)
Ciphering Algorithm A5: In recent times, many series of A5 exists but the most common ones are A5/0(unencrypted), A5/1 and A5/2. Because of the export regulations of encryption technologies there is the existence of a series of A5 algorithms (Brookson, 1994).
A8 (Ciphering Key Generating Algorithm): Like A3, it is also operator-dependent. Most providers combine A3 and A8 algorithms into a single hash function known as COMP128. The COMP128 creates KC and SRES, in a single instance (Huynh & Nguyen, 2003).
GSM security flaws
- Security by obscurity. According to (Li, Chen & Ma) some people asserts that since the GSM algorithms are not publicized so it is not a secure system. "Most security analysts believe any system that is not subject to the scrutiny of the world's best minds can't be as secure." For instance, A5 was never made public, only its description is divulged as part of the GSM specification.
- Another limitation of GSM is that although all communication between the Mobile station and the Base transceiver station are encrypted, in the fixed network all the communication and signalling is not protected as it is transmitted in plain text most of the time (Li, Chen & Ma).
- One more problem is that it is hard to upgrade the cryptographic mechanisms timely.
- Flaws are present within the GSM algorithms. According to Quirke (2004) " A5/2 is a deliberately weakened version of A5/1, since A5/2 can be cracked on the order of about 216".
Security breaches
Time to time, people have tried to decode GSM algorithms. For instance, according to Issac press release (1998) in April 1998, the SDA (Smartcard Developer Association) along with two U.C Berkeley researchers alleged that they have cracked the COMP128 algorithm, which is stored on the SIM. They claimed that within several hours they were able to deduce the Ki by sending immense numbers of challenges to the authorization module. They also said that out of 64 bits, Kc uses only 54 bits with zeros padding out the other 10, which makes the cipher key purposefully weaker. They felt government interference might be the reason behind this, as this would allow them to monitor conversations. However, they were unable to confirm their assertion since it is illegal to use equipment to carry out such an attack in the US. In reply to this assertion, the GSM alliance stated that since the GSM network allows only one call from any phone number at any one time it is of no relevant use even if a SIM could be cloned. GSM has the ability to detect and shut down duplicate SIM codes found on multiple phones (Business press release, 1998).
According to Srinivas (2001), one of the other claims was made by the ISAAC security research group. They asserted that a fake base station could be built for around $10,000, which would allow a "man-in-the-middle" attack. As a result of this, the real base station can get deluged which would compel a mobile station to connect to the fake station. Consequently, the base station could eavesdrop on the conversation by informing the phone to use A5/0, which is without encryption.
One of the other possible scenarios is of insider attack. In the GSM system, communication is encrypted only between the Mobile station and the Base Transceiver station but within the provider's network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).
Measures taken to tackle these flaws
According to Quirke (2004), since the emergence of these, attacks, GSM have been revising its standard to add newer technologies to patch up the possible security holes, e.g. GSM1800, HSCSD, GPRS and EDGE. In the last year, two significant patches have been implemented. Firstly, patches for COMP 128-2 and COMP128-3 hash function have been developed to address the security hole with COMP 128 function. COMP128-3 fixes the issue where the remaining 10 bits of the Session Key (Kc) were replaced by zeroes. Secondly, it has been decided that a new A5/3 algorithm, which is created as part of the 3rd Generation Partnership Project (3GPP) will replace the old and weak A5/2. But this replacement would result in releasing new versions of the software and hardware in order to implement this new algorithm and it requires the co-operation of the hardware and software manufacturers.
GSM is coming out of their "security by obscurity" ideology, which is actually a flaw by making their 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).
Conclusion
To provide security for mobile phone traffic is one the goals described in GSM 02.09 specification, GSM has failed in achieving it in past (Quirke, 2004). Until a certain point GSM did provide strong subscriber authentication and over-the-air transmission encryption but different parts of an operator's network became vulnerable to attacks (Li, Chen, Ma). The reason behind this was the secrecy of designing algorithms and use of weakened algorithms like A5/2 and COMP 128. One of other vulnerability is that of inside attack. In order to achieve its stated goals, GSM is revising its standards and it is bringing in new technologies so as to counteract these security holes. While no human-made technology is perfect, GSM is the most secure, globally accepted, wireless, public standard to date and it can be made more secure by taking appropriate security measures in certain areas.
Bibliography
Business Wire Press release (1998). GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning. Retrieved October 26th, 2004 Web site: http://jya.com/gsm042098.txt
Brookson (1994). Gsmdoc Retrieved October 24th, 2004 from gsm Web site: http://www.brookson.com/gsm/gsmdoc.pdf
Chengyuan Peng (2000). GSM and GPRS security. Retrieved October 24th, 2004 from Telecommunications Software and Multimedia Laboratory Helsinki University of Technology Web site: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf Epoker Retrieved October 27th, 2004 from Department of Mathematics Boise State University, Mathematics 124,Fall 2004 Web site:http://math.boisestate.edu/~marion/teaching/m124f04/epoker.htm Huynh & Nguyen (2003). Overview of GSM and GSM security. Retrieved October 25th, 2004 from Oregon State university, project Web site: http://islab.oregonstate.edu/koc/ece478/project/2003RP/huynh_nguyen_gsm.doc
Li, Chen & Ma (n.d). Security in gsm. Retrieved October 24th, 2004 from gsm-security Web site: http://www.gsm-security.net/papers/securityingsm.pdf
Quirke (2004). Security in the GSM system. Retrieved October 25th, 2004 from Security Website:http://www.ausmobile.com/downloads/technical/Security in the GSM system 01052004.pdf
Margrave (n.d). GSM system and Encryption. Retrieved October 25th, 2004 from gsm-secur Web site: http://www.hackcanada.com/blackcrawl/cell/gsm/gsm-secur/gsm-secur.html
Press release (1998). Smartcard Developer Association Clones Digital GSM 1998). Retrieved October 26th, 2004 from is sac Web site: http://www.isaac.cs.berkeley.edu/isaac/gsm.html
Srinivas (2001). The GSM Standard (An overview of its security) Retrieved October 25th, 2004 from papers Web site:http://www.sans.org/rr/papers/index.php?id=317
Stallings (2003). Cryptography and Network Security: Principles and practices. USA: Prentice Hall.
By Priyanka Agarwal http://M6.net The author is a novice who is trying to create her niche on network of networks.
 Google News Updated : Mon, 13 Oct 2008 11:51:33 GMT 1.5 million G1 Android phones pre-ordered - TG Daily
TG Daily - By Wolfgang Gruener Chicago (IL) - T-Mobile’s upcoming G1 may not be the best-looking iPhone rival, it may not have the most complete feature set and T-Mobile may have undersold the device at the recent launch event. Get ready for next-gen mobile HTC G1 Android Phone Racks up 1.5 Million Pre-orders Publ.Date : Mon, 13 Oct 2008 05:21:21 GMT Forecast: Summery Sunshine Sticks Around - Washington Post
Washington Post - Columbus Day will feel a lot more like Labor Day as temperatures climb to around 80 degrees. This unseasonably warm weather will continue for the next several days. Enjoy a warm, sunny Columbus Day Beautiful start to the work week Publ.Date : Mon, 13 Oct 2008 09:03:26 GMT UK government takes stake in three banks - CNN International
CNN International - LONDON, England (CNN) -- The British government on Monday said it would make a multi-billion investment in three of the country's major banks to help them through the "first financial crisis of the global age. In quotes: Bank bail-out reaction TEXT-Lloyds TSB terms for acquisition of HBOS Publ.Date : Mon, 13 Oct 2008 11:18:47 GMT Dodgers stand up to Phillies in Game 3 win - FOXSports.com
FOXSports.com - by Ken Rosenthal Ken Rosenthal has been the senior baseball writer for FOXSports.com since Aug. 2005. He appears weekly on the FSN Baseball Report and MLB on FOX. LA revitalized at Moyer's expense Kuroda's pitch serves its purpose for Dodgers Publ.Date : Mon, 13 Oct 2008 07:00:36 GMT European, Asian markets bounce back - The Associated Press
The Associated Press - LONDON (AP) - European markets opened strongly Monday following Asia's lead in response to the widespread government efforts over the weekend to shore up the world's troubled financial system. The financial crisis A light at the end of the tunnel? World stock markets welcome European bank rescue Publ.Date : Mon, 13 Oct 2008 10:23:04 GMT Manatee dies before reaching rehab site - Boston Globe
Boston Globe - By Emily Canal After a 27-hour trip to Florida, Dennis the manatee, rescued from the frigid waters of Cape Cod, died in Orlando yesterday as SeaWorld employees carted the mammal to a rehabilitation center. Video: Rescued Manatee Dies After Mass. Rescue Manatee rescued off Cape Cod dies en route to Florida Sea World Publ.Date : Mon, 13 Oct 2008 07:21:21 GMT Fantastic finishes: 5 NFL games down to the wire - Washington Post
Washington Post - Dallas Cowboys' Mat McBriar (1) has his punt blocked by Arizona Cardinals' Sean Morey as Monty Beisel (52) looks on during overtime of an NFL football game Sunday, Oct. 12, 2008 in Glendale, Ariz. Blocked punt downs Dallas Backups Burst Through Line and Lift Cardinals in Overtime Publ.Date : Mon, 13 Oct 2008 08:15:50 GMT Amazon Associate Feed |
PARLOT::Ebooks, Scripts,
Websites, and more... Cell Phones have become a part and parcel of everybody's... Read More With more and more people buying cell phones, it becomes... Read More Take a random tween, age 8-12, place them in front... Read More 1. Increase the life span of your cell phone and... Read More The time has come and your teenager has asked for... Read More Where do I start? Always start with the essentials. If... Read More In the eyes of a teenage girl cellular phones are... Read More When buying a new telephone system, it's absolutely vital to... Read More It's a country that speaks through its numerous murals and... Read More We hear from friends or just general chat by people... Read More Nowadays teenagers are crazy about personalizing their cell phone and... Read More It seems like these days, there are a million and... Read More Most Americans have cell phone plans with contracts that call... Read More Finding the best cellular phone service deal can seem as... Read More Buying a new business phone system is one of the... Read More Months before my current cell phone plan expires, I like... Read More Electronic DistributionHow Electronic Distribution WorksThe Problems of Distributing Prepaid Services... Read More Cellular phone accessory list.There is a wide variety of products... Read More With cell phones quickly becoming an important part of our... Read More As this security solution is not such a great idea,... Read More When a person moves, they need to hook up utilities.... Read More It's hard to look back and imagine what we did... Read More There's no greater way to win the hearts of consumers... Read More Get set to be greeted by the Russians, with a... Read More Cell phone safety is a topic widely debated around the... Read More
Adsense
websites
Protect Your One and Only Brain From Cell Phone Radiation
Cell phone Etiquette. The Do?s and Don?ts
How Young is Too Young? Buying Cell Phones for Kids
Some Tips For The Safe Use of Cell Phones And Batteries
Should Your Teenage Have A Cellular Phone?
The Different Cell Phone Accessories Available
Lets Talk
Buying a Business Telephone System
Call Mexico at Rates as Amazing as the Murals
Cell Phone - Why Should I Upgrade
Cell Phone Wallpaper Bonanza
Read This Before Getting A NEW Cellular Phone
Prepaid Cell Phone Plans ? Are They For You?
How to Find the Best Cellular Phone Service Deal
Buying a New Business Phone System
Motorola RAZR V3 Camera Phone
Bill Payment & Cellular Services - The Wave Of The Future For Merchant Retailers!
Cellular Phone Accessory
Protect Yourself From Cell Phone Radiation
Mobile Devices Security
Finding Long Distance
Prepaid Cell Phone for Teenagers
Free Cell Phones All Around - Cashing in on Consumerism
Call Russia Feeling Like a Royal Romanov
Cell Phone Safety
Affordable and Reliable Web Hosting Starting at $4.49/Month
Latin Ringtones Mean Dinero for Ringtone Providers
Until recently, when you thought of ringtones, you usually thought... Read More
Say Goodbye to Traditional Telephone Lines
Like old, dusty books on the shelves of public libraries,... Read More
Camera Cell Phone Picture
Camera cell phone picture - recent development.Camera cell phone picture... Read More
Cellular Phone
Technology advances in cellular phone field.Cellular phone shoppers can find... Read More
Best Camera Cell Phone
Best camera cell phone - description.Best camera cell phone is... Read More
GPS Cell Phones
Motivated by the events of 9/11 2001 and problems with... Read More
Cell Phone Cameras
A lot of myths exist regarding as to whether the... Read More
Mobile Phone Radiation - The Facts & How You Can Protect Yourself With This Simple Technique!
Firstly, it's vital to point out that this short report... Read More
Free Cell Phones All Around - Cashing in on Consumerism
There's no greater way to win the hearts of consumers... Read More
Knowing All the Features of New ?Smartphones?
The new "smartphones" have a lot of really cool features.... Read More
DECT - A Brief Explanation and How We Could Benefit From It
DECT stands for Digital Enhanced Cordless Telecommunications. Unlike analogue cordless... Read More
Renegotiating a Cell Tower Lease- Can It Be Done?
While cell towers actually started being built in the late... Read More
Ringtones Explained - Monophonic, Polyphonic, or Whatever Phonic Rings Your Bell
Downloadable Ring tones - The Latest TrendWhat can you say... Read More
Camera Cell Phone Samsung
Camera cell phone by Samsung ? description.Samsung manufacture a large... Read More
An Introduction to Text Messaging
Why Text?Text messaging is a quick way to stay in... Read More
The 5 Best Cell Phones on the Market
There are literally hundreds of cell phones out there made... Read More
Finding Long Distance
When a person moves, they need to hook up utilities.... Read More
Should Your Teenage Have A Cellular Phone?
The time has come and your teenager has asked for... Read More
Cell Phone Etiquette
... Read More
Helping You Choose From Cell or Land Line
Most of us have two phones, our cell and our... Read More
Camera Cell Phone Video
Camera cell phone video - description.Camera cell phone video is... Read More
Cell Phone in Forests
We are putting cell phone towers in the forests for... Read More
Prepaid Cell Phone for Teenagers
It's hard to look back and imagine what we did... Read More
The Convenience Of Prepaid Wireless Service And Phone Cards
Prepaid wireless service and phone cards are a convenient, reliable... Read More
Best Cell Phones - Cell Phone Shopping 101
Before the advent of cell phones, communications may not have... Read More
Mobile & Cell Phone |