Security of GSM

Presented by : Saleem Almaqashi

GSM: Introduction

• GSM is the most widely used cellular standard

• Over 600 million users, mostly in Europe and Asia

• Provides authentication and encryption capabilities

• Today’s networks are 2G

• Third generation (3G) and future (4G)

GSM Mobile Station

• Mobile Station– Mobile Equipment (ME)

• Physical mobile device• Identifiers

– IMEI – International Mobile Equipment Identity

– Subscriber Identity Module (SIM)• Smart Card containing keys, identifiers and algorithms• Identifiers

– Ki – Subscriber Authentication Key– IMSI – International Mobile Subscriber Identity– TMSI – Temporary Mobile Subscriber Identity– MSISDN – Mobile Station International Service Digital

Network– PIN – Personal Identity Number protecting a SIM– LAI – location area identity

Attack Types

• Passive attacks:

Eavesdropping - undetected interception and recording of communications by

non authorizedpersons.

Traffic flow analysis - By observing transmitted messages Conclusions about behavior,

interest and habits of users .

Attack Types

• Active attacks: Masquerading - Falsifying of identity

Tampering - Unnoticed manipulation of messages during transmission

Replay - Storage of messages and later (unmanipulated) retransmission.

Denial of Service - Prevention of users from using a service by overload- or

interference attacks.

Security in GSM

• GSM offers several security services using confidential information stored in the AuC and in the individual SIM

• 1- Access control and authentication

• 2- Confidentiality (encryption ) .

• 3- Anonymity

1- Access control and authentication

• Authentication is based on the SIM, which stores the individual authentication key Ki, the user identification IMSI,

• Access control AC generates a random number RAND as challenge , and the SIM within the MS answers with SRES (signed response) as response

• The AuC performs the basic generation of random values RAND, signed responses SRES, and cipher keys Kc for each IMSI, and then forwards this information to the HLR. The current VLR requests the appropriate values for RAND, SRES, and Kc from the HLR.

Authentication

• For authentication, the VLR sends the random value RAND to the SIM.

• The MS sends back the SRES generated by the SIM; the VLR can now compare both values. If they are the same, the VLR accepts the subscriber, otherwise the subscriber is rejected.

Authentication in GSM

Distribution of Security Features in the GSM Network

A3 , IMSI ,A8, K

Sets of RAND,SRES,Ki

A3,A8,IMBI,K,TMBI,PIN,Ki,LAI

Sets of RAND,SRES,Ki

MS = mobile stationBS = base stationMSC Mobile services switching center

SIM

Confidentiality (Encryption)

• To ensure privacy .• All user-related data is encrypted. After authentication,

BTS (base transceiver station) and MS apply encryption to voice, data, and signaling by applying the cipher key Kc .

• Kc is generated using the individual key Ki and a random value by applying the algorithm A8.

• This confidentiality exists only between MS and BTS, but it does not exist end-to-end or within the whole fixed GSM/telephone network.

Encryption

• Note that the SIM in the MS and the network both calculate the same Kc based on the random value RAND. The key Kc itself is not transmitted over the air interface.

• MS and BTS can now encrypt and decrypt data using the algorithm A5 and the cipher key Kc.

• As Figure 4.15 shows, Kc should be a 64 bit key – which is not very strong, but is at least a good protection against simple eavesdropping. However, the publication of A3 and A8 on the internet showed that in certain implementations 10 of the 64 bits are always set to 0, so that the real length of the key is thus only 54 consequently, the encryption is much weaker.

Key generation and Encryption

Anonymity

• To provide user anonymity, all data is encrypted before transmission, and user identifiers (which would reveal an identity) are not used over the air.

• Instead, GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update.

• Additionally, the VLR can change the TMSI at any time.

Algorithms used in GSM

• Three algorithms have been specified to provide security services in GSM.

• A3 is used for authentication,

• A5 for encryption, and

• A8 for the generation of a cipher key

Algorithms used in GSM

• the algorithms are not very strong.

• Algorithms A3 and A8 are located on the SIM and in the AuC ..

• Only A5 which is implemented in the devices has to be identical for all providers.

Conclusion

• The security mechanisms specified in the GSM standard make it the most secure cellular telecommunications system available.

• Types of attacks over the networks lead the telecommunications companies to provide different security mechanisms .

• The use of authentication, encryption, and temporary

identification numbers ensures the privacy and anonymity of the system's users,

References

• Mobile Communications Second Edition

• 3rd Generation Partnership Project; A guide to 3rd generation security, Technical Specification Group and System Aspects

• 3rd Generation Partnership Project; Lawful Interception Architecture and Functions, Technical Specification Group Services and System Aspects

• On the security of 3GPP networks, Michael Walker, Vodafone Airtouch & Royal Holloway, University of London

_________

_____

__