INTERNATIONALComputer Engineering and2,Technology ENGINEERING  International Journal of JOURNAL OF COMPUTER (IJCET), ISSN ...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-    09766367(Print), ISSN 0976 – 6375(Onli...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
Upcoming SlideShare
Loading in …5
×

Location based encryption in gsm cellular network

1,222 views
1,164 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,222
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Location based encryption in gsm cellular network

  1. 1. INTERNATIONALComputer Engineering and2,Technology ENGINEERING International Journal of JOURNAL OF COMPUTER (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue March – April (2013), © IAEME & TECHNOLOGY (IJCET)ISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online) IJCETVolume 4, Issue 2, March – April (2013), pp. 179-188© IAEME: www.iaeme.com/ijcet.aspJournal Impact Factor (2013): 6.1302 (Calculated by GISI) ©IAEMEwww.jifactor.com LOCATION BASED ENCRYPTION IN GSM CELLULAR NETWORK Prof. Uma R.Godase1 Vijay S. More2 Department of Information Technology, SCOE, Pune Department of Information Technology, SCOE, Pune ABSTRACT The “geo-encryption” or “location-based encryption” is a security algorithm that limits the access or decryption of information content to specified locations and/or times. This algorithm does not replace any of the conventional cryptographic algorithms, but instead adds an additional layer of security to exist stack. GSM is chosen as a case study to implement geo-encryption in its key generation part due to its many properties that are beneficial to this protocol. GSMs BTSs are distributed across the network and their signal can reach places like urban canyons and indoor environments inside the network. In GSM, data stream between mobile subscriber (MS) and BTS is encrypted by A5 encryption algorithm. A5s encryption and decryption key (kc) is generated base on MSs SIM card parameter (ki) and a random number, RAND. At this project we have used MSs location information to generate this key by geoencryption algorithm idea. Encrypted data only in the MSs location, that just GSM network is aware of it, can be decrypted and its accuracy depends on used positioning algorithm. KEYWORDS: BTS, MS, PVT, IMSI, HLR, SIM, SRES, AUC, BSC, CGI, LAI, MCC, MNC, LAC, MSC, VLR I. INTRODUCTION Security is important issue in GSM Cellular Network. Inserting an additional layer of security to the standard security stack that provides assurance that the secure content can only be used at authorized (desired) location and time is the main concept of geo-encryption. The term “location-based encryption” or "Geo-encryption" is used to refer to any method of encryption wherein the cipher text can only be decrypted at a specified location. If an attempt 179
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEMEis made to decrypt the data at another location, the decryption process fails and reveals noinformation about the plaintext. A guiding principle behind the development of cryptographic systems has been thatsecurity should not depend on keeping the algorithms secret, only the keys. This does notmean that the algorithms must be made public, only that they be designed to withstand attackunder the assumption that the adversary knows them. Security is then achieved by encodingthe secrets in the keys, designing the algorithm so that the best attack requires an exhaustivesearch of the key space. Making key depended on target geographic position is an applicable way tostrengthen its safety in the real-time applications. The device performing the decryptiondetermines its location using some sort of location sensor, for example, a GPS receiver orsome other satellite or radio frequency positioning system such as MSs positioning in GSM.GSM is chosen as a case study to implement geo-encryption due to its any properties that arebeneficial to this protocol. GSM Base Transceiver Stations (BTS) are distributed acrossnetwork and properly cover the area and their high power signal can reach places like urbancanyons and indoor environments. In order to function, serving MS and route calls, this technology requires the serviceprovider to know the cell in which a MS is present. This gives service providers a record ofthe location and movement of each device, and probably its owner.Report presents a new location dependent key generation management mechanism, and itsapplicability in GSM is evaluated. For this we use "Cell ID, Sector ID and TA" positioningmethod to calculate MSs location. The structure of this paper is as follows. At first describeshow the geo-encryption is built on conventional cryptographic algorithms and protocols andprovides an additional layer of security. The paper then discusses the properties of GSM andits security structure. It then provides a discussion of MS positioning and its implementationon GSM. Finally a new method will be presented to key generation and evaluates itsimplementation.II. GEOGRAPHICAL ENCRYPTION The idea of Geo-encryption and its use in digital film distribution was proposed anddeveloped by Logan Scott, Dr. Dorothy Denning. They have mentioned a new solution forsecuring digital films by using geographical information to generate an additional securitykey, a “Geolock”, that is necessary to access the encrypted data or application. These files aresent through a public network and are accessible inside the broadcasting area but only at anespecial place can be decrypted At Geo-encryption, on the originating (encrypting) side, a Geo-lock is computed based onthe intended recipient’s Position, Velocity, and Time (PVT) block. The PVT block defineswhere the recipient needs to be in terms of position, velocity & time for decryption to besuccessful. The Geo-lock is then XORed with the session key (Key_S) to form a Geolockedsession key. The result is then encrypted using an asymmetric algorithm and conveyed to therecipient. On the recipient (decryption) side, Geo-locks are computed using an Anti SpoofGPS receiver for PVT input into the PVT Geo-lock mapping function. If the PVT values arecorrect, then the resultant Geo-Lock will XOR with the Geo-Locked key to provide thecorrect session key (Key_S). 180
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME Figure 1 Geographical encryption structure Figure shows a PVT Geo-lock mapping function where latitude, longitude and time constitute the inputs. Here, a regular grid of latitude, longitude and time values has been created, each with an associated Geo-lock value. Figure 2 PVT→Geo-lock mapping function Finally, for increasing the security, the PVT Geo-lock mapping function itself may incorporate a hash function or one way function with cryptographic aspects in order to hinder using the Geo-lock to obtain PVT block values. 181
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEMEIII. GLOBAL SYSTEM FOR MOBILE COMMUNICATIONA. GSM Security Structure Security structure of GSM is based on Ki –individual subscriber authentication key- aunique 128 bit code assigned to each IMSI that permanently is stored in HLR and SIM card.This code is used to generate sign response –SRES- for authentication process and encryptionkey-Kc. In GSM, authentication process is performed by a challenge and responsemechanism. In response to each authentication request, AUC generates a random sequence -RAND- that with Ki are used as inputs to A3 and A8 algorithms to provide SRES and Kckeys. A5 algorithm is used for encrypting data in each frame, while Kc is constant duringconversation the frame number is changed regularly. Encryption process is applied onlybetween BTS and MS, and its session key-Kc, is used until another authentication processthat might take days. Figure 3 GSM security structureB. Analyzing GSM cryptography Basically GSM encryption structure is based on authentication and its security hassome challenges:• Kc is produced based on Ki and if somebody extracts Ki from a SIM card (SIM cloningattack) and achieves RAND number which is sent clearly from BSC to BTS, he/she will beable to calculate Kc by A8 algorithm. 182
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME• The data stream only is encrypted between BTS and MS but at internal parts of GSMnetwork especially between BSC and BTS that are connected together via radio links, thereisnt any ciphering process. • Kc is made to each conversation and is constant during it. Accordingly, producing KCbased on Ki is the main security vulnerability of GSM (forging Ki under SIM cloning attack)that threats its safety.IV. PROPOSED GSM SECURITY STRUCTUREA. Mobile Station Position in GSM In the GSM, Cell Global Identity-CGI- indicates MS location and is stored at theHLR. CGI (32 bit) consists of Location Area Identifier (LAI) and Cell ID:CGI=LAI + Cell IDLAI=MCC+MNC+LAC Coverage area of each MSC/VLR has a unique LAI code that indicates MobileCountry Code (MCC), Mobile Network Code (MNC), and Local Area Code (LAC). EachMSC is divided into several subareas- BSC- (with a unique LAC). BSC area is consisting ofsome BTS (each BTS has a unique Cell- ID) and depends on its designing and the number ofantenna, each BTS maybe has several sectors (1 up to 6 sectors and Sector-ID). BTS broadcasts LAI and its Cell-ID so that all MS under its coverage can receivethem. MSs location information is updated by Location-Update (LU) process in any callsetup, entering new MSC/VLR and regularly in the idle mode. In order to avoid excessive signalling traffic, as long as the MS is in idle mode, thenetwork knows only the LAI. The network becomes aware of the Cell-ID only when the MSswitch into dedicated mode, namely when the channel is used to actually establish a call. Incontrast, the MS always knows the Cell-ID of the cell it is in. Selecting a BTS sector forconnecting is based on the MSs location and the strength of received signal. Unfortunately, the GSM Network itself lacks positioning functionality sincehistorically it was not designed to carry any location or telemetry information. But severalMS positioning techniques have been developed and tested with good results but in the mostof them the GSM network should be changed and needs to be added some additional partsand so a huge costs. For example in several methods which accurately measure the timedifference such that the Time of Arrival (TOA) or Enhanced Observed Time Difference (E-OTD) of wireless radio transmissions there are huge costs involved in upgrading a substantialpart of the network’s BTSs with Location Measurement Units (LMUs) for calculating thedifference of arrival time of signals from BTS by knowing the position of LMU. In theAssisted-GPS (A-GPS) method each MS and BTS are equipped with a GPS receiver andcalculate their position by GPS technology. The simplest way to describe the location of a MS that doesnt need to change thenetwork is Cell ID+ Sector ID+ TA. It doesnt have accuracy as same as other methods buthas lower implementation cost so that’s service provider have chosen this method owing toits simplicity and cost. 183
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEMEB. Location Based positioning method Cell ID+ TA positioning method uses Cell ID, Sector ID of corresponding BTS andTiming Advance (TA). TA is a crude measurement of the time required for the signal totravel from the MS to the BTS. In the GSM system, where each MS is allocated a specificfrequency and time slot to send and receive data, this measurement is essential to make surethat time slot management is handled correctly and that the data bursts from the MS arrive atthe BTS at the correct time (in the time slot allocated to them). The computed TA value isthen used by the MS to advance transmission bursts so that the data arrives at the correct timeslot. The resolution is one GSM bit, which has the duration of 3.69 microseconds. Since thisvalue is a measure of the round trip delay from the MS to the BTS, half the way would be1.85 microseconds, which at the speed of light would be approximately equal to 553 meters. 1.845 µs × 3 × 108 m / s = 553 m Figure 4 Cell ID+ Sector ID+TA positioningThe accuracy of this method depends on the cells size, and the number of cell’s sectors.Since the typical GSM cell is anywhere between 2 km to 20 km in diameter, thereforereducing the cell diameter or increasing the number of sectors can enhance its accuracy.C. Proposed Method By using MS position parameters they try to limit decrypting possibility to adedicated area. At this project, AUC uses MS position as a Mobile Station Position (MSP)code that consists of CGI code (LAI and Cell ID), Sector ID and TA amount to generate KC.CGI and Sector ID are broadcasted by BTS but TA is dedicated for a MS isn’t constant andwill changed by MS movement.MSP=CGI+ Sector ID+ TAMSP consists of 64 bit: first 32 bit for CGI, 8 bit for Sector ID (33th- 40th), 8 bits show TA(41th- 48th) and the rest are assigned to zero (16 bit padding to achieve equal length to Kc).At the proposed structure, when MS requests to be authenticated, AUC products Kc by usingA8 (Ki and RAND as inputs) and then XOR it to MSP. The result is KC: 184
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 09766367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME Figure 5 K’c ProductionKC = A8( RAND , Ki )K’C = KC XOR MSPAUC generates five triple sets of {RAND, SRES, KC} and sends them to HLR, BTS andMS. BTS uses KC to encrypt and decrypt data. Figure 6 Proposed structure of GSM In the other side, MS produces Kc by using RAND and Ki. It receives Cell ID andSector ID from BTS and calculates TA for computing MSP, then XOR it with KC to computeKc. By this method the encrypted data code can be decrypted just at MS position (at least inthe TA area) with same MSP. The security of a key comes from the amount of entropy of the information that eygenerates the key. In this case, CGI and Sector ID are both known, for this the entropy ofMSP comes from TA (8 bits in the maximum distance case: 0 ≤TA≤63). Therefore thisentropy is embedded into Kc as additional security by XORing MSP to Kc. Similarly, thesecrecy of Kc same as Kc comes from Ki and MSP just generates additional security 185
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEMEfollowed by MS’s mobility. Base on Information Theory the minimum entropy of x is: restare assigned to zero (16 bits padding to achieve Kc’s length-64 bit). At the proposedstructure, when MS requests to be authenticated, AUC products Kc by using A8 (Ki andRAND as inputs) and then XORs it with MSP.V. SIMULATION In order to evaluate, a GSM network (with 4 cells) can simulate by MATLAB. Eachcell consists of 3 sectors with 4km radius (0≤TA≤7), MS moves with constant velocity of 30km/h along a cell toward its neighbour. It will move with uniform motion. The data transfer isa 2 minutes duration part of a conversation with 1000 frames (all frames are considered samewith 8 bits). By this speed, each TA (500m) will pass by 1 minute, then at least two TAs willpass during any conversation, for this we will limit the movement to these TAs in allmovement modes and to avoid complexity we will turn off hand over between sectors andcells. In the movement modes by changing the position, MSP will change and the guessingprobability will be decreased by a factor of time and MS velocity, depends on movementmode and changing quotas. Generally, a mobile communication is classified into 4 modes:• Stationary mode: 80 percent of mobile conversations are performed in this mode while MSPis constant and KC is dependent to KC.• Intra sector movement mode: MS moves inside a sector and don’t enter other sectors. Atthis mode TA is changed according to MSs movement and encryption process delayed untilMSs location is extracted.• Intra cell movement mode: in this mode MS moves between two sectors of a cell anddoesn’t enter to neighbour cell. TA and Sector ID ports of MSP will be changed, and there isa delay like previous mode.• Extra cell movement mode: all three parts of MSP will changed (TA, Sector ID & Cell ID)to simple the simulation MSs moves from one sector to another sector of neighbour cell.The simulations results are shown in table 1. It should be considered that ciphering durationin simulation environment differs from real situation. It is important to note that in thestationary mode the longer conversation will cause weaker encryption key but we couldntcalculate an accurate time and key strengths relationship, for this we estimate this amount. TABLE 1. Simulation Results 186
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME Figure 7 Key generation and encryption time comparison in two methodsUsing a poor MS positioning method is a main factor of decryption error and in the highspeed movement near the sectors or cells borders, by TA changing, it becomes more critical.Additionally, in compare with previous method, MSP updating makes key generation delayand increases the encryption process time.VI. CONCLUSION Using Geo-encryption in the stationary mode has same effectiveness but theencryptions key safety by being referred to MS location, becomes better. Statistically about80% of mobile conversations are established in the stationary mode and the proposed methodleads to a more strength key (with a factor 2-3 in the simulation) at this mode. It is essentialto note that in the revealed Ki situation by increasing conversation time the encryption keybecomes reveal able. Although in the others modes encryption safety becomes better butbecause of using an inaccurate positioning method, MS mobility in higher speed not onlyincrease encryption process delay but also decryption fault. In the current GSM the sessionparameters to encrypt data continuously need to be changed (frame number) while Kc isconstant. In the proposed scheme the encryption process need to be changed not only byframe number but also by MS position and mobility speed. In future work, will concentrateon a better positioning technique to decrease the movement modes failures.REFERENCES[1] Logan Scott & Dorothy E. Denning, "Location Based Encryption & Its Role in DigitalCinema Distribution", Proceedings of ION GPS/GNSS 2003, pp 288-297.[2] Hector C. Weinstock, editor, "Focus on Cognitive Radio Technology", Nova SciencePublishers, 2007, p. 87-92.[3] Yoni De Mulder & Lejla Batina & George Danezis & Bart Preneel, "Identification viaLocation-Profiling in GSM Networks", Proceedings of the 7th ACM workshop on Privacy inthe electronic society, Alexandria, VA, USA, 2008.[4] D. Qiu & Sherman Lo & Per Enge & Dan Boneh, “Geoencryption Using Loran”,Proceeding of ION NTM 2007.[5] D. Qiu, "Security Analysis of Geoencryption: A Case Study using Loran", Proceeding ofION GNSS 2007. 187
  10. 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME[6] Siegmnnd M. Redl & Matthias K. Weber & Malcolm W. Oliphant, "An Introduction toGSM", Artech House Publisher, 1995.[7] Nokia Corporation, "Nokia mobile system structure", Nokia Telecommunications Oy,SYSTRA, NTC CTXX 1985.[8] Ramesh Singh & Preeti Bhargava & Samta Kain, "Cell phone cloning: a perspective onGSM security", Ubiquity, Vol. 8, Issue 26, 2007.[9] Emiliano Trevisani & Andrea Vitaletti, "Cell-ID location technique, limits and benefits:an experimental study.", Proceedings of 6th IEEE workshop on Mobile Computing Systemsand Applications, WMCSA 2004.[10] P. Brida, "Location Technologies for GSM", Transcom, June 2003, Žilina, p. 119-122.ISBN 80-8070-081-8.[11] Josef Bajada, “Mobile Positioning for Location Dependent Services in GSM Networks”,Computer Science Annual Workshop- CSAW, Department of Computer Science and AI,University of Malta, 2003.[12] Ionescu Mircea & Stanescu Emil & Halunga Simona, "CellID positioning method forvirtual tour guides travel services", ECAI 2007 - International Conference – Second Edition,Electronics, Computers and Artificial Intelligen0ce, June 2007, Pitesti , ROMÂNIA.[13] Jaafar Adhab Aldhaibani, A. Yahya, R.B. Ahmad, N. A. Al-Shareefi and M. K. Salman,“Effect of Relay Location on Two-Way DF and AF Relay in LTE - A Cellular Networks”International journal of Electronics and Communication Engineering & Technology(IJECET), Volume 3, Issue 2, 2012, pp. 385 - 399, ISSN Print: 0976- 6464, ISSN Online:0976 –6472. 188

×