2. ABSTRACTThe motivations for security in cellular telecommunications
systems are to secure conversations and signaling data from
interception as well as to prevent Cellular telephone fraud.
With the older analog—based cellular telephone systems
such as the Advanced Mobile Phone System (AMPS)and the
Total Access Communication System(TACS),it is a relatively
simple matter for the radio hobbyist to intercept cellular
telephone Conversions with police scanner.
3. INTRODUCTION
•GSM(Global system for mobile communication) is one of
the most popular mobile.Communication standards.GSM is
a second generation(2G) communication standard.
There are many multiplexing techniques and the various
standards that fall under.The GSM communication system.
4. GSM SERVICES:
The list of services available to GSM
subscribers typically includes the following: voice
communication.
voice mail, short message transmission, data
transmission .
call forwarding.
6. GSM Architecture contains three sub system
Radio sub system (RSS)
Network sub system(NSS)
Operation sub system(OSS)
7. COMPONENTS OF RSS:
-> MT’S(Mobile Devices)
-> BTS’S(Base Transceivers
Stations)
-> BSC’S(Base Station Controllers)
COMPONENTS OF NSS:
-> MSC’S(Mobile Services
Switching Centre)
-> HLR’S(Home Location Register)
-> VLR’S(Visitor Location Register)
COMPONENTS OF OSS:
-> OMC(Operation and Maintenance
Centre)
8. GSM SECURITY FEATURES
Key management is independent of equipment
Subscribers can change handsets without compromising security
Subscriber identity protection
not easy to identify the user of the system intercepting a user data
Detection of compromised equipment
Detection mechanism whether a mobile device was compromised or
not
Subscriber authentication
The operator knows for billing purposes who is using the system
9. Detection of Compromised
Equipment
International Mobile Equipment Identifier (IMEI)
Identifier allowing to identify mobiles
IMEI is independent of SIM
Used to identify stolen or compromised equipment
Equipment Identity Register (EIR)
Black list – stolen or non-type mobiles
White list - valid mobiles
Gray list – local tracking mobiles
Central Equipment Identity Register (CEIR)
Approved mobile type (type approval authorities)
Consolidated black list (posted by operators)
10. Key Management Scheme
Ki – Subscriber Authentication Key
Shared 128 bit key used for authentication of subscriber by the
operator
Key Storage
Subscriber’s SIM (owned by operator, i.e. trusted)
Operator’s Home Locator Register (HLR) of the subscriber’s home
network
SIM can be used with different equipment
11. Subscriber Identity Protection
TMSI – Temporary Mobile Subscriber Identity
Goals
TMSI is used instead of IMSI as an a temporary subscriber identifier
TMSI prevents an eavesdropper from identifying of subscriber
Usage
TMSI is assigned when IMSI is transmitted to AuC on the first phone
switch on
Every time a location update (new MSC) occur the networks assigns
a new TMSI
TMSI is used by the MS to report to the network or during a call
initialization
Network uses TMSI to communicate with MS
On MS switch off TMSI is stored on SIM card to be reused next time
The Visitor Location Register (VLR) performs assignment,
administration and update of the TMSI
13. Authentication and Encryption Scheme
13
A3
Mobile Station Radio Link GSM Operator
A8
A5
A3
A8
A5
Ki Ki
Challenge RAND
KcKc
mi Encrypted Data mi
SIM
Signed response (SRES)
SRESSRES
Fn Fn
Authentication: are SRES
values equal?
15. Authentication
AuC – Authentication Center
Provides parameters for authentication and encryption
functions (RAND, SRES, Kc)
HLR – Home Location Register
Provides MSC (Mobile Switching Center) with triples
(RAND, SRES, Kc)
Handles MS location
VLR – Visitor Location Register
Stores generated triples by the HLR when a subscriber is
not in his home network
One operator doesn’t have access to subscriber keys of
the another operator.
15
16. A3 – MS Authentication Algorithm
Goal
Generation of SRES response to MSC’s random
challenge RAND
16
A3
RAND (128 bit)
Ki (128 bit)
SRES (32 bit)
17. A8 – Voice Privacy Key Generation
Algorithm
Goal
Generation of session key Ks
A8 specification was never made public
17
A8
RAND (128 bit)
Ki (128 bit)
KC (64 bit)
18. Logical Implementation
of A3 and A8
COMP128 is used for both A3 and A8 in most GSM
networks.
COMP128 is a keyed hash function
18
COMP128
RAND (128 bit)
Ki (128 bit)
128 bit output
SRES 32 bit and Kc 54 bit
20. A5 – Encryption Algorithm
A5 is a stream cipher
Implemented very efficiently on hardware
Design was never made public
Leaked to Ross Anderson and Bruce Schneier
Variants
A5/1 – the strong version
A5/2 – the weak version
A5/3
GSM Association Security Group and 3GPP design
Based on Kasumi algorithm used in 3G mobile systems
20
21. A5 Encryption
21
Mobile Stations Base Station
Subsystem
Exchange
System
Network
Management
Subscriber and terminal
equipment databases
BSC MSC
VLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
A5 Encryption
22. Logical A5 Implementation
22
A5
Kc (64 bit)Fn (22 bit)
114 bit
XOR
Data (114 bit)
A5
Kc (64 bit)Fn (22 bit)
114 bit
XOR
Ciphertext (114 bit) Data (114 bit)
Mobile Station BTS
Real A5 output is 228 bit for both directions
23. EXPLANATION
A5 is a stream cipher consisting of three clock-controlled
LFSRs of degree 19, 22, and 23.
The clock control is a threshold function of the middle bits
of each of the three shift registers.
The sum of the degrees of the three shift registers is 64.
The 64-bit session key is used to initialize the contents of
the shift registers.
The 22-bit TDMA frame number is fed into the shift
registers.
Two 114-bit key streams are produced for each TDMA
frame, which are XOR-e d with the uplink and downlink
traffic channels.
It is rumored that the A5 algorithm has an "effective" key
length of 40 bits.
24. CONCLUSION
The security mechanisms specified in the GSM
standard make it the most secure cellular
telecommunications system available. The use of
authentication, encryption, and temporary
identification numbers ensures the privacy and
anonymity of the system's users, as well as
safeguarding the system against fraudulent use.
25. REFERENCES
Van der Arend, P. J. C., "Security Aspects and the
Implementation in the GSM System," Proceedings of the
Digital Cellular Radio Conference, Hagen, Westphalia,
Germany, October, 1988.
Biala, J., "Mobilfunk und Intelligente Netze," Friedr.,
Vieweg & Sohn Verlagsgesellschaft, 1994.
Cooke, J.C.; Brewster, R.L., "Cyptographic Security
Techniques for Digital Mobile Telephones," Proceedings of
the IEEE International Conference on Selected Topics in
Wireless Communications, Vancouver, B.C., Canada, 1992.