04-05-2013, 03:18 PM
Security in GSM
Security in GSM.pdf (Size: 89.58 KB / Downloads: 102)
A Brief Introduction to GSM
Global System for Mobile Communications (GSM) is the most popular mobile phone system in
the world. According to a press release by the GSM Association recently, there are more than
747.5 million subscribers in over 184 countries today by the time of September 2002, accounting
for 71.2% of the World's digital market and 69% of the World's wireless market. The number of
subscribers worldwide is expected to surpass one billion by the end of 2003[7].
The name GSM first comes from a group called Group Special Mobile (GSM), which was
formed in 1982 by the European Conference of Post and Telecommunications Administrations
(CEPT) to develop a pan-European cellular system that would replace the many existing
incompatible cellular systems already in place in Europe. But when GSM service started in 1991,
the abbreviation "GSM" was renamed to Global System for Mobile Communications from
Group Special Mobile. The typical architecture of GSM network was shown in figure 1.
Mobile Station
The mobile station (MS) consists of mobile equipment and a Subscriber Identity Module (SIM)
card. The most common mobile equipment is the mobile phone. By inserting the SIM card into a
cellular phone, the user is able to receive calls at that phone, make calls from that phone, or
receive other subscribed services. The mobile equipment uniquely identifies the International
Mobile Equipment Identity (IMEI).
The SIM card stores the sensitive information such as the International Mobile Subscriber
Identity (IMSI), Ki(a secret key for authentication), and other user information. All this
information may be protected by personal identity number(PIN) .
The SIM card itself is a smart card and is in accordance with the smart card standard (ISO 7816-
1, -2). The GSM 11.11 has the detailed specification about the SIM card.
Base Station Subsystem
The Base Station Subsystem consists of the Base Transceiver Station (BTS) and the Base Station
Controller (BSC). The Base Transceiver Station houses the radio transceivers that define a cell
and handles the Radiolink
protocols with the Mobile Station. In a large urban area, there will
potentially be a large number of BTS deployed. The Base Station Controller manages the radio
resources for one or more BTS. It handles Radiochannel
setup, frequency hopping, and
handovers. The BSC is the connection between the mobile and the Mobile service Switching
Center (MSC). The BSC also translates the 13 kbps voice channel used over the radio link to the
standard 64 kbps channel used by the Public Switched Telephone Network or ISDN.
Network Subsystem
The central component of the Network Subsystem is the Mobile services Switching Center
(MSC). It acts like a normal switching node of the PSTN or ISDN, and in addition provides all
the functionality needed to handle a mobile subscriber, such as registration, authentication,
location updating, handovers, and call routing to a roaming subscriber. These services are
provided in conjunction with several functional entities, which together form the Network
Subsystem. The MSC provides the connection to the public fixed network (PSTN or ISDN), and
signalling between functional entities uses the ITUT
Signalling System Number 7 (SS7).
The Home Location Register (HLR) and Visitor Location Register (VLR), together with the
MSC, provide the Callrouting
and (possibly international) roaming capabilities of GSM. The
HLR contains all the administrative information of each subscriber registered in the
corresponding GSM network, along with the current location of the mobile. There is logically
one HLR per GSM network, but it may be implemented as a distributed database.
GSM Security Model
The Purpose of GSM Security:
The use of radio communications for transmission to the mobile subscribers makes GSM Public
Land Mobile Networks (PLMN) particularly sensitive to misuse of their resources by
unauthorized persons using manipulated Mobile Stations, who try to impersonate authorised
subscribers and eavesdropping of the various information, which are exchanged on the radio path.
So the security features in GSM PLMN is implemented to protect:
· The access to the mobile services.
· Any relevant item from being disclosed at the radio path, mainly in order to ensure the
privacy of user-related information.
Encryption of the data
Encrypted communication is initiated by a ciphering mode request command from the GSM
network. Upon receipt of this command, the mobile station begins encryption and decryption of
data. Each frame in the over-the-air traffic is encrypted with a different key-stream. The A5
algorithm used to encrypt the data is initialised with the KC and the number of the frame to be
encrypted, thus generating a different keystream for every frame. The same KC is used as long as
the MSC does not authenticate the MS again, in which case a new KC is generated. In practice,
the same KC may be in use for days. The MS authentication is an optional procedure in the
beginning of a call, but it is usually not performed. So it is very common the KC will not change
during calls. When it is switched off, the mobile station stores the TMSI on the SIM card to
make sure it is available when it is switched on again.
The Algorithms
The MS Authentication Algorithm
The A3 is the authentication algorithm in the GSM security model. The A3 algorithm gets the
RAND from the MSC and the secret key KI from the SIM as input and generates a 32-bit output,
which is the SRES response. Both the RAND and the KI secret are 128 bits long.
A3 algorithm can be typed as a one-way hash function. Generally, one-way hash functions
produce a fixed-length output given an arbitrary input. Secure one-way hash functions are
designed such that it is computationally unfeasible to determine the input given the hash value,
or to determine two unique inputs that hash to the same value.
Possible improvement
Security could be improved in some areas with relatively simple measures. One solution is to use
another cryptographically secure algorithm for A3. This would require issuing new SIM-cards to
all subscribers and updating HLR software. This would effectively disable the attacker from
cloning SIM-cards, the most dangerous attack, which is discussed above. This solution is easy to
be implemented because the network operators can make the changes themselves and do not
need the support of hardware or software manufacturers or the GSM Consortium. There is now a
new algorithms available called COMP128-2.[4]
The operator can employ a new A5 implementation with strong encryption too. A new A5/3
algorithm has also been agreed upon to replace the aging A5/2 algorithm[7]. This improvement
would require the co-operation of the hardware and software manufacturers because they will
have to release new versions of their software and hardware that would comprise with the new
algorithm.
Third solution would be to encrypt the traffic on the operator’s backbone network between the
network components. This would disable the attacker from wiretapping the backbone network.
This solution could probably also be implemented without the blessings of the GSM Consortium,
but the co-operation of the hardware manufacturers would still be required.
Conclusion
Although the GSM network was designed to be a secure mobile system and it did provide strong
subscriber authentication and over-the-air transmission encryption, it is now vulnerable to some
attacks targeted at different parts of an operator' s networkO. ne of the main reasons is that some
of the algorithms and specifications were leaked out and studied and some critical errors were
found. The A5 algorithm used for encrypting the over-the-air transmission channel is vulnerable
against known-plain-text and divide-and-conquer attacks and the intentionally reduced key space
is small enough to make a brute-force attack feasible as well. The COMP128 algorithm used in
most GSM networks as the A3/A8 algorithm has been proved to have some flaw either.