Be the first to like this
Master’s thesis by Paul Yousef
The Global System for Mobile Communications (GSM) is the most widely used cellular
technology in the world. For GSM, like many other widely used systems, security is crucial.
The aspects of security that this report covers are mainly anonymity, authentication and
It appears that many of the very valuable aspects of GSM can be attacked. Anonymity,
authentication mechanism and confidentiality can be attacked and compromised if the
attacker possesses the right equipment. In order to break the protection, the attacker needs
to utilise active attacks, i e base station functionality is needed. However, if the attacker is
able to decrypt GSM traffic, i e break A5/1 and A5/2, passive attacks are sufficient.
The cryptographic algorithms used to encrypt GSM traffic and data are cryptographically
weak and can be cryptanalysed in real-time, resulting in compromised confidentiality.
Cryptanalysis of A5 is however nontrivial and often requires huge amounts of computation
power, mainly for the one time pre-computation step.
GSM does not provide sufficient security for users with very valuable information to
communicate. These users are advised to use an additional layer of security on top of GSM