Home » GSM system security

Sports

GSM system security

by admin

Introduction

Every day, millions of people use cell phones through radio links. With the increase in functions, the mobile phone is gradually becoming a handheld computer. In the early 1980s, when most of the mobile phone system was analog, the inefficiency in managing the growing demands in a profitable way opened the door to digital technology (Huynh & Nguyen, 2003). According to Margrave (nd), “With older analog cellular telephone systems such as Advanced Mobile Telephone System (AMPS) and Total Access Communication System (TACS)”, cellular fraud is widespread. For a radio fan it is very easy to tune in and listen to cell phone conversations since without encryption, the subscriber’s voice and user data are sent to the network (Peng, 2000). Margrave (nd) states that, in addition to this, cellular fraud can be committed by using complex equipment to receive the Electronic Serial Number to clone another mobile phone and make calls with it. To counter the aforementioned cellular fraud and make mobile phone traffic secure to a certain extent, GSM (Global System for Mobile or Group Special Mobile communication) is one of the many solutions that exist now. According to the GSM Tutorials, created in 1982, GSM is a globally accepted standard for digital cellular communication. GSM operates in the 900 MHz, 1800 MHz or 1900 MHz frequency bands by “digitizing and compressing data and then sending it over a channel with two other user data streams, each in its own time slot”. GSM provides a secure and confidential method of communication.

Security provided by GSM

The limitation of security in cellular communication is a result of the fact that all cellular communication is sent over the air, creating threats from intruders with suitable receivers. With this in mind, security controls were built into GSM to make the system as secure as public switched telephone networks. The security features are:

1. Anonymity: It implies that it is not simple and easy to trace the user of the system. According to Srinivas (2001), when a new GSM subscriber turns on his phone for the first time, his International Mobile Subscriber Identity (IMSI), i.e. a real identity, is used and a Temporary Mobile Subscriber Identity (TMSI) is issued to the subscriber, which from then on is always used. The use of this TMSI prevents the recognition of a GSM user by the possible intruder.

2. Authentication: Verifies the identity of the smart card holder, and then decides whether the mobile station is allowed in a particular network. Authentication by the network is done using a challenge-response method. The network generates a 128-bit random number (RAND) and sends it to the mobile. The mobile uses this RAND as input and, through the A3 algorithm, using a secret key Ki (128 bits) assigned to that mobile, encrypts the RAND and returns the signed response (SRES-32 bits). Network performs the same SRES process and compares its value with the response it has received from the mobile to verify if the mobile really has the secret key (Margrave, nd). Authentication becomes successful when the two SRES values ​​match, allowing the subscriber to join the network. Since each time a new random number is generated, the intruders do not get any relevant information by listening to the channel. (Srinivas, 2001)

3. User signaling and data protection: Srinivas (2001) states that to protect both user signaling and data, GSM uses an encrypted key. After user authentication, the A8 encryption key generation algorithm (stored in the SIM card) is used. Taking RAND and Ki as inputs results in the encryption key Kc being sent. To encrypt or decrypt the data, this Kc (54 bits) is used with the A5 encryption algorithm. This algorithm is contained in the mobile phone’s hardware to encrypt and decrypt data while roaming.
Algorithms used to make mobile traffic secure

A3 authentication algorithm: one-way function, A3 is a carrier-dependent stream cipher. Computing the SRES output using A3 is easy, but it is very difficult to find out the input (RANDOM and Ki) from the output. To cover the issue of international roaming, it was mandatory that each operator could choose to use A3 independently. The basis of GSM security is to keep Ki secret (Srinivas, 2001)

A5 encryption algorithm: In recent times, there are many series of A5, but the most common are A5/0 (unencrypted), A5/1 and A5/2. Due to the export regulations of encryption technologies, there is the existence of a series of A5 algorithms (Brookson, 1994).

A8 (Encryption Key Generation Algorithm): Like A3, it is also carrier dependent. Most providers combine the A3 and A8 algorithms into a single hash function known as COMP128. COMP128 creates KC and SRES, in a single instance (Huynh & Nguyen, 2003).

gsm security flaws

  • Security by darkness. According to (Li, Chen and Ma), some people claim that since GSM algorithms are not advertised, it is not a secure system. “Most security analysts believe that any system that is not subject to the scrutiny of the best minds in the world cannot be that secure.” For example, A5 was never made public, only its description is disclosed as part of the GSM specification.
  • Another limitation of GSM is that although all communications between the mobile station and the base transceiver station are encrypted, in the fixed network all communications and signaling are not protected, since they are transmitted in plain text most of the time (Li , Chen & Ma).
  • Another problem is that it is difficult to update the cryptographic mechanisms in time.
  • The flaws are present within the GSM algorithms. According to Quirke (2004), “A5/2 is a deliberately weakened version of A5/1, since A5/2 can be deciphered on the order of about 216”.

security breaches

From time to time, people have tried to crack the GSM algorithms. For example, according to Issac’s (1998) press release in April 1998, the SDA (Smart Card Developers Association) along with two UC Berkeley researchers claimed that they had cracked the COMP128 algorithm, which is stored on the SIM card. . They claimed that within several hours they were able to deduce the Ki by sending a large number of challenges to the authorization module. They also said that of the 64 bits, Kc uses only 54 bits with zeroes to pad the other 10, making the encryption key weaker on purpose. They felt that government interference could be the reason behind this as it would allow them to monitor the talks. However, they were unable to confirm their claim as it is illegal to use equipment to carry out such an attack in the US. In response to this claim, the GSM alliance stated that since the GSM network allows only one call from any number at any given time, it has no relevant use, even if a SIM could be cloned. GSM has the ability to detect and close duplicate SIM codes found in various phones (Corporate Press Release, 1998).

According to Srinivas (2001), one of the other claims was made by the security research group ISAAC. They claimed that a fake base station could be built for around $10,000, allowing for a “man-in-the-middle” attack. As a result of this, the real base station can be flooded, forcing a mobile station to connect to the fake station. Consequently, the base station could eavesdrop on the conversation by informing the phone to use A5/0, which has no encryption.

One of the other possible scenarios is that of an insider attack. In the GSM system, communication is encrypted only between the mobile station and the base transceiver station, but within the provider’s network, all signals are transmitted in plain text, which could give an opportunity for a hacker to break in. (Li, Chen and Ma).

Measures taken to address these defects

According to Quirke (2004), since the appearance of these attacks, GSM has been revising its standard to add new technologies to fix possible security holes, for example, GSM1800, HSCSD, GPRS and EDGE. In the last year, two significant patches have been implemented. First, patches for the COMP 128-2 and COMP128-3 hash function have been developed to address the security hole with the COMP 128 function. COMP128-3 fixes the issue where the remaining 10 bits of the session key (Kc) were replaced by zeros. Second, it has been decided that a new A5/3 algorithm, which is created as part of the Third Generation Partnership Project (3GPP), will replace the old and weak A5/2. But this replacement would result in the release of new versions of software and hardware to implement this new algorithm and requires the cooperation of hardware and software manufacturers.

GSM is moving away from its “security by obscurity” ideology, which is actually a failure to make its 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).

conclusion

Providing security for mobile phone traffic is one of the goals described in the GSM 02.09 specification, but GSM has not achieved this in the past (Quirke, 2004). To some extent, GSM provided strong subscriber authentication and over-the-air transmission encryption, but different parts of an operator’s network became vulnerable to attack (Li, Chen, Ma). The reason behind this was the secrecy of algorithm design and the use of weakened algorithms like A5/2 and COMP 128. Another vulnerability is insider attack. To achieve its stated goals, GSM is reviewing its standards and incorporating new technologies to counteract these security holes. While no man-made technology is perfect, GSM is the most secure and globally accepted public wireless standard to date and can be made more secure by taking appropriate security measures in certain areas.

Bibliography

Business Wire Press Release (1998). GSM Alliance clears up false and misleading reports of digital phone cloning. Accessed October 26, 2004 Website: http://jya.com/gsm042098.txt

Brookson (1994). Gsmdoc Retrieved October 24, 2004 from the gsm website:
http://www.brookson.com/gsm/gsmdoc.pdf

ChengyuanPeng (2000). GSM and GPRS security. Retrieved October 24, 2004 from the Telecommunications Multimedia and Software Laboratory Helsinki University website: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf
Epoker Retrieved October 27, 2004 from the Department of Mathematics
Boise State University, Math 124 Fall 2004 Website:[http://math.boisestate.edu/~marion/teaching/m124f04/epoker.htm]
Huynh and Nguyen (2003). Overview of GSM and GSM security. Retrieved October 25, 2004, from the Oregon State University project website: [http://islab.oregonstate.edu/koc/ece478/project/2003RP/huynh_nguyen_gsm.doc]

Li, Chen, and Ma (nd). GSM security. Retrieved October 24, 2004 from gsm-security
Website: http://www.gsm-security.net/papers/securityingsm.pdf

Quirke (2004). Security in the GSM system. Retrieved on October 25, 2004 from Security
Website:[http://www.ausmobile.com/downloads/technical/Security] in the GSM system 01052004.pdf

Margrave (nd). GSM System and Encryption. Retrieved October 25, 2004 from gsm-secur website: http://www.hackcanada.com/blackcrawl/cell/gsm/gsm-secur/gsm-secur.html

Press release (1998). Smartcard Developer Association Clones Digital GSM
1998). Retrieved October 26, 2004 from the is sac website: http://www.isaac.cs.berkeley.edu/isaac/gsm.html

Srinivas (2001). The GSM Standard (An Overview of Its Security) Retrieved October 25, 2004 from the documents website: http://www.sans.org/rr/papers/index.php?id=317

Stallings (2003). Cryptography and network security: principles and practices. United States: Prentice Hall.

Maldives – Bandos Island Resort

Why are helicopter games so addictive?

Leave a comment

Your email address will not be published. Required fields are marked *