08-03-2012, 03:29 PM
GSM Security Overview
[attachment=18119]
GSM Security Goals
Confidentiality and Anonymity on the radio path
Strong client authentication to protect the operator against the billing fraud
Prevention of operators from compromising of each others’ security
Inadvertently
Competition pressure
GSM Security Design Requirements
The security mechanism
MUST NOT
Add significant overhead on call set up
Increase bandwidth of the channel
Increase error rate
Add expensive complexity to the system
MUST
Cost effective scheme
Define security procedures
Generation and distribution of keys
Exchange information between operators
Confidentiality of algorithms
GSM Security Features
Key management is independent of equipment
Subscribers can change handsets without compromising security
Subscriber identity protection
not easy to identify the user of the system intercepting a user data
Detection of compromised equipment
Detection mechanism whether a mobile device was compromised or not
Subscriber authentication
The operator knows for billing purposes who is using the system
Signaling and user data protection
Signaling and data channels are protected over the radio path
GSM Mobile Station
Mobile Station
Mobile Equipment (ME)
Physical mobile device
Identifiers
IMEI – International Mobile Equipment Identity
Subscriber Identity Module (SIM)
Smart Card containing keys, identifiers and algorithms
Identifiers
Ki – Subscriber Authentication Key
IMSI – International Mobile Subscriber Identity
TMSI – Temporary Mobile Subscriber Identity
MSISDN – Mobile Station International Service Digital Network
PIN – Personal Identity Number protecting a SIM
LAI – location area identity
[attachment=18119]
GSM Security Goals
Confidentiality and Anonymity on the radio path
Strong client authentication to protect the operator against the billing fraud
Prevention of operators from compromising of each others’ security
Inadvertently
Competition pressure
GSM Security Design Requirements
The security mechanism
MUST NOT
Add significant overhead on call set up
Increase bandwidth of the channel
Increase error rate
Add expensive complexity to the system
MUST
Cost effective scheme
Define security procedures
Generation and distribution of keys
Exchange information between operators
Confidentiality of algorithms
GSM Security Features
Key management is independent of equipment
Subscribers can change handsets without compromising security
Subscriber identity protection
not easy to identify the user of the system intercepting a user data
Detection of compromised equipment
Detection mechanism whether a mobile device was compromised or not
Subscriber authentication
The operator knows for billing purposes who is using the system
Signaling and user data protection
Signaling and data channels are protected over the radio path
GSM Mobile Station
Mobile Station
Mobile Equipment (ME)
Physical mobile device
Identifiers
IMEI – International Mobile Equipment Identity
Subscriber Identity Module (SIM)
Smart Card containing keys, identifiers and algorithms
Identifiers
Ki – Subscriber Authentication Key
IMSI – International Mobile Subscriber Identity
TMSI – Temporary Mobile Subscriber Identity
MSISDN – Mobile Station International Service Digital Network
PIN – Personal Identity Number protecting a SIM
LAI – location area identity