This document provides an overview of GSM security, including its objectives, mechanisms, and algorithms. It discusses the security concerns for operators and customers that GSM aims to address. The key goals of GSM security are confidentiality, anonymity, and authentication. The document then describes the specific security features and components of GSM, including the SIM card, authentication process, encryption algorithms like A3, A8, and A5, and the COMP128 algorithm. It also discusses attacks against GSM security like the partitioning attack against COMP128 that exploits side channels.
GSM uses authentication and encryption to provide security. Authentication involves generating a signed response (SRES) to a random challenge (RAND) using an authentication key (Ki) and algorithm (A3). Encryption uses a session key (Kc) generated from Ki and RAND by algorithm A8. The stream cipher A5 encrypts voice data using Kc and a frame number. GSM security protects conversations, signaling data, and prevents fraud through these methods of authentication, encryption, and temporary subscriber identities.
GSM security features include subscriber identity protection using TMSIs, key management using shared Kis, equipment authentication using IMEIs, and signaling and data encryption using A3, A8, and A5 algorithms. However, these security mechanisms have been weakened over time as the algorithms have been cracked or leaked, allowing for fraud and privacy risks. Potential improvements include using stronger cryptographic algorithms for authentication and encryption and encrypting traffic on the operator's backbone network.
The document discusses the security mechanisms in GSM cellular networks. It describes how GSM uses encryption algorithms (A3, A5, A8) and a challenge-response mechanism involving a random number (RAND) and signed response (SRES) to authenticate users. While the A5 stream cipher has an effective key length of 40 bits, this provides adequate security for conversations given their short lifespan of weeks. GSM networks are the most secure cellular standard due to using encryption, temporary IDs, and digital signaling compared to analog networks.
This document discusses cryptography in GSM networks. It provides background on common security requirements and introduces cryptography techniques like symmetric-key cryptography, public-key cryptography, and cryptographic hashes. It then discusses cryptography specifically used in GSM networks, including the A5/1 and A5/3 algorithms used for encryption. It notes issues with the security of these algorithms and proposes improving GSM network security.
The document summarizes GSM security mechanisms. It discusses GSM security objectives of confidentiality, anonymity, and authentication. It then describes some key GSM security mechanisms like TMSI for subscriber identity protection, key management using Ki, and the A3/A8/A5 authentication and encryption algorithms. It also provides details on the SIM card anatomy and its role in the authentication process.
The document discusses security in GSM networks. It describes the GSM architecture including mobile stations, base stations, and network switching systems. It then explains the security concerns with GSM and the features used to address them, including subscriber authentication using algorithms A3 and A8, and voice encryption with algorithm A5/1. The document provides details on how these algorithms work to authenticate users and encrypt communications in GSM networks.
The document discusses security mechanisms in GSM networks. It describes:
1. The SIM card contains authentication algorithms A3/A8 and key Ki. The mobile equipment contains ciphering algorithm A5.
2. The Authentication Centre (AuC) generates random challenges and stores secret keys relating to each subscriber.
3. Authentication involves the mobile station running the received random number through A3/A8 algorithms to produce a signed response, which is verified by the AuC.
4. If authentication succeeds, A8 generates the ciphering key Kc from Ki and the random number to encrypt communications under A5.
The document discusses security algorithms used in GSM networks - A3 is used for authentication between the mobile station and network, A5 is used for encryption, and A8 is used to generate cipher keys. Specifically, A3 takes a random number (RAND) and secret key (Ki) to generate a signed response (SRES) for authentication. A8 also takes RAND and Ki to generate a 64-bit cipher key (KC) for encryption using the A5 algorithm. The document was presented by Rupali Lohar from B. R. Harne College Of Engineering & Technology in Maharashtra, India.
GSM uses authentication and encryption to provide security. Authentication involves generating a signed response (SRES) to a random challenge (RAND) using an authentication key (Ki) and algorithm (A3). Encryption uses a session key (Kc) generated from Ki and RAND by algorithm A8. The stream cipher A5 encrypts voice data using Kc and a frame number. GSM security protects conversations, signaling data, and prevents fraud through these methods of authentication, encryption, and temporary subscriber identities.
GSM security features include subscriber identity protection using TMSIs, key management using shared Kis, equipment authentication using IMEIs, and signaling and data encryption using A3, A8, and A5 algorithms. However, these security mechanisms have been weakened over time as the algorithms have been cracked or leaked, allowing for fraud and privacy risks. Potential improvements include using stronger cryptographic algorithms for authentication and encryption and encrypting traffic on the operator's backbone network.
The document discusses the security mechanisms in GSM cellular networks. It describes how GSM uses encryption algorithms (A3, A5, A8) and a challenge-response mechanism involving a random number (RAND) and signed response (SRES) to authenticate users. While the A5 stream cipher has an effective key length of 40 bits, this provides adequate security for conversations given their short lifespan of weeks. GSM networks are the most secure cellular standard due to using encryption, temporary IDs, and digital signaling compared to analog networks.
This document discusses cryptography in GSM networks. It provides background on common security requirements and introduces cryptography techniques like symmetric-key cryptography, public-key cryptography, and cryptographic hashes. It then discusses cryptography specifically used in GSM networks, including the A5/1 and A5/3 algorithms used for encryption. It notes issues with the security of these algorithms and proposes improving GSM network security.
The document summarizes GSM security mechanisms. It discusses GSM security objectives of confidentiality, anonymity, and authentication. It then describes some key GSM security mechanisms like TMSI for subscriber identity protection, key management using Ki, and the A3/A8/A5 authentication and encryption algorithms. It also provides details on the SIM card anatomy and its role in the authentication process.
The document discusses security in GSM networks. It describes the GSM architecture including mobile stations, base stations, and network switching systems. It then explains the security concerns with GSM and the features used to address them, including subscriber authentication using algorithms A3 and A8, and voice encryption with algorithm A5/1. The document provides details on how these algorithms work to authenticate users and encrypt communications in GSM networks.
The document discusses security mechanisms in GSM networks. It describes:
1. The SIM card contains authentication algorithms A3/A8 and key Ki. The mobile equipment contains ciphering algorithm A5.
2. The Authentication Centre (AuC) generates random challenges and stores secret keys relating to each subscriber.
3. Authentication involves the mobile station running the received random number through A3/A8 algorithms to produce a signed response, which is verified by the AuC.
4. If authentication succeeds, A8 generates the ciphering key Kc from Ki and the random number to encrypt communications under A5.
The document discusses security algorithms used in GSM networks - A3 is used for authentication between the mobile station and network, A5 is used for encryption, and A8 is used to generate cipher keys. Specifically, A3 takes a random number (RAND) and secret key (Ki) to generate a signed response (SRES) for authentication. A8 also takes RAND and Ki to generate a 64-bit cipher key (KC) for encryption using the A5 algorithm. The document was presented by Rupali Lohar from B. R. Harne College Of Engineering & Technology in Maharashtra, India.
This document provides an overview of GSM security solutions and UMTS authentication. It discusses GSM subscriber authentication using the A3 and A8 algorithms as well as encryption of voice traffic and signaling data using the A5 algorithm. It describes the use of temporary mobile subscriber identities and issues around roaming fraud. The document also outlines UMTS authentication and key agreement, noting that it adds mutual authentication between the user equipment and network compared to GSM. Finally, it discusses some security aspects and attacks related to mobility in Mobile IPv6 networks.
The document discusses security mechanisms in GSM networks. It first outlines the goals of security for operators and customers. It then describes the four main security principles of GSM: user authentication, ciphering of data and signals, confidentiality of user identity, and use of the SIM as a security module. The document reviews two papers on vehicle security and anti-theft systems using GSM and GPS. It compares the papers and identifies some shortcomings of such systems, such as weaker connectivity in rural areas. Finally, it concludes the systems can help reduce vehicle theft if implemented widely.
This document summarizes attacks on the GSM security system. It discusses how the A5/1 stream cipher used in GSM can be broken using techniques like space-time tradeoff attacks and biased birthday attacks. It also outlines vulnerabilities in the GSM signaling network that allow intercepting calls and retrieving encryption keys. SMS messages are sent in clear text, allowing spoofing and manipulation of messages. Overall, while GSM aimed to provide cellular security, it has numerous vulnerabilities that undermine the confidentiality of calls and user data.
GSM security aims to authenticate SIM cards connecting to the network and encrypt wireless communications between mobile phones and the core network. The authentication center authenticates each SIM using authentication triplets to generate an encryption key for encrypting voice and SMS data. While the A5 algorithm encrypts communications, the A3 and A8 algorithms perform authentication and generate session keys, with COMP128 implementing these functions through table lookups and compression. Currently, only the COMP128v1 SIM cards can be cloned, as that version has been cracked, and it accounts for 70% of SIM cards in use.
Topics covered in this presentation:
Abbreviations
Types of Cards
SIM Card Memory Architecture
RUM-Classifications
NV Vs RUIM
PRL
USIM
UICC Vs ICC
GSM was developed in the 1980s to address incompatible mobile phone systems across European countries and the increasing demand for telecommunication services. It specified a common digital system for wireless networks in Europe called Global System for Mobile Communications. GSM introduced advantages like better call quality, data transmission support, international roaming, and lower costs. It has three subsystems: the network switching subsystem, base station subsystem, and network management system. Security and authentication are enabled through subscriber identity modules (SIM cards), visitor location registers, home location registers, and authentication centers.
This document summarizes algorithms used for security in the Global System for Mobile Communications (GSM) network. It discusses the A3 authentication algorithm, A8 cipher key generation algorithm, and A5 encryption algorithm. The A3 and A8 algorithms are combined into the COMP128 algorithm. The COMP128 generates response values and session keys to authenticate users and encrypt traffic. While details are kept private, analyses have found the algorithms vulnerable to attacks. The document also outlines other security measures in GSM like temporary IDs to protect subscriber identity, unique equipment IDs, and ciphering of radio channel traffic.
This document describes a multipurpose security system using RFID and GSM technologies. The system provides four stages of verification: RFID verification, time limit verification, SIM card contact number verification, and password matching. If any verification fails, a message is sent to security within a specified time period. The system was implemented using an Arduino Uno, RFID reader, and GSM module. It was tested and able to open a door or trigger a motor when all verifications passed successfully. The system provides a robust, efficient form of security and could be adapted for various applications.
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...Iaetsd Iaetsd
The document proposes a smart gun system using RFID, GPS, and GSM modules. The system would authenticate users through RFID chips and tags on the gun and user. A GPS module would track the gun's location. GSM would allow security officials to remotely lock the gun trigger by SMS if it enters restricted areas, allowing monitoring and preventing misuse. The system aims to enable safer gun use through remote control and limiting use to authorized users only.
GSM is a digital cellular network standard developed in 1984 to provide high quality, secure mobile voice and data services across Europe and beyond. A GSM network consists of mobile stations (cell phones), base transceiver stations, base station controllers, mobile switching centers, home and visitor location registers, and other components. It uses FDMA to divide frequencies into channels and TDMA to divide channels into timeslots to allow multiple users to share the same frequency spectrum.
This document outlines a framework for conducting a security penetration test of the Diameter protocol. It describes the basic equipment needed, including virtual machines running Open Source Diameter software and penetration testing tools. It also discusses setting up simulated 4G network elements like the PCRF, HSS and MME to test Diameter in a more complete network environment. The goal is to identify vulnerabilities in Diameter by developing a taxonomy similar to one created for the SS7 protocol. This will provide much needed security analysis of the widely used Diameter protocol.
This document discusses security in Bluetooth, CDMA, and UMTS wireless technologies. It describes security threats like disclosure and integrity threats in Bluetooth. It outlines Bluetooth security levels, modes, and techniques like authentication, authorization, and encryption. It also discusses known vulnerabilities like spoofing and denial of service attacks against Bluetooth. The document then covers 3G security features in UMTS like mutual authentication and data integrity. Finally, it provides an overview of CDMA technology and security through encryption and authentication.
Worldwide attacks on SS7/SIGTRAN networkP1Security
Publication performed by Alexandre De Oliveira and Pierre-Olivier Vauboin during Hackito Ergo Sum 2014
Mobile telecommunication networks are complex and provide a wide range of services, making them a tempting target for fraudsters and for intelligence agencies. Moreover, the architecture, equipment and protocols used on these networks were never designed with security in mind, availability being the first concern. Today, even though some telecom operators are investing money into securing their network, events confirm that for most of them maturity in term of security is yet to come, as recently shown with the example of massive traffic interception on compromised SCCP and GRX providers like Belgacom’s BICS. Here we present the most typical and legitimate telecom callflows from making a mobile phone call to sending a SMS. Then we describe the protocol layers involved and how to abuse them, which fields can be manipulated in order to attack both the operator infrastructure and its subscribers. Finally, we show a real life example of scan performed from an international SS7 interconnection and practical attacks on subscribers such as spam, spoofed SMS and user location tracking.
IRJET- ATM Security using GSM and MEMS SensorIRJET Journal
This document proposes a security system for ATMs using a MEMS sensor to detect movement if the machine is robbed and a GSM module to send alerts to bank authorities and police. The system would use an AVR microcontroller connected to the MEMS sensor and GSM module to trigger alerts if the sensor detects movement, shutting the door and spraying anesthesia powder on thieves. The system is designed to improve ATM security and prevent losses from increasing robbery and theft at ATMs.
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowejPROIDEA
W związku z tym, że na PLNOG coraz częściej goszczą sieci komórkowe przy okazji tematów związanych z ich bezpieczeństwem, chciałbym przedstawić zebraną wiedzę dotyczącą tego zagadnienia (zaczynając do architektury). Bezpieczeństwo sieci mobilnych należy rozpatrywać w dwóch aspektach: radiowej i sieciowej. Część radiowa dotyczy komunikacji terminali z siecią, gdzie najważniejszą będzie informacja przed czym kolejne generacje sieci komórkowych nas, użytkowników, chronią, a przed czym nie. Omówione zostaną najważniejsze procedury związane z autoryzacją i szyfrowaniem. Druga część omawia bezpieczeństwo sieci szkieletowej operatora, w szczególności w związku ze współpracą między operatorami i koniecznymi punktami styku między nimi. Świat operatorów komórkowych przestawił się mocno na IP, co mocno przybliżyło go do zagrożeń związanych z Internetem. Warto więc zaprząc Wiresharka, i zobaczyć co w protokołach widać, jak nasze dane i dane o nas wędrują po świecie. Najwazniejsze pojęcia ujęte w prezentacji: IMSI/GPRS/LTE Attach, security vector (RAND/SRES/XRES/Kc/Kasme), SS7 (BSSAP/RANAP/MAP), DIAMETER (DRA, DEA), GTP, roaming: home routing, local breakout
Global System for Mobile Communication Based Smart Home Security SystemIJERA Editor
Home security system is needed for occupants' convenience and safety. In this paper, we present the design and implementation of an affordable, low power consumption, and GSM (Global System for Mobile Communication) based wireless home security system. In existing system, the home network is engaged with non-wireless technology, where the installation and maintenance is difficult. So the system cost is very high. In our proposed system, these difficulties are overcome by introducing a wireless home network which contains a GPRS Gateway and three kinds of security nodes namely door security node, anti intrusion node and SMS node to inform the user. The nodes are easy installing. All the three nodes are connected to the microcontroller.
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionLuca Bongiorni
Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.
This document discusses various identifiers used in GSM networks, including:
- The International Mobile Station Equipment Identity (IMEI) uniquely identifies mobile devices.
- The International Mobile Subscriber Identity (IMSI) identifies subscribers and includes information like mobile country code, network code, and subscriber number.
- The Mobile Subscriber ISDN Number (MSISDN) is the phone number assigned to a subscriber's SIM card.
It also covers temporary identifiers assigned for mobility like the Temporary Mobile Subscriber Identity (TMSI) and location identifiers like the Location Area Identity (LAI) and Cell Identifier (CI).
This workshop aims to give an intermediate-level understanding of the potential risk associated with cellular mobile communication networks and the security issues in the radio access network. In particular, we begin with a brief history of Telecom, fundamentals of mobile network, radio signals, the security architecture of GSM/UMTS/LTE, cellular network attack detection methods, and security vulnerabilities with possible practical examples with case studies.
GSM Fundamentals provides an overview of GSM bands, the general architecture of a GSM network including key components like the MS, BSS, NSS, HLR, VLR, EIR, AUC, and IWF. It also describes identification numbers used in GSM like IMSI, MSISDN, IMEI, and TMSI as well as logical channels and radio technology aspects.
This document provides an overview of GSM security solutions and UMTS authentication. It discusses GSM subscriber authentication using the A3 and A8 algorithms as well as encryption of voice traffic and signaling data using the A5 algorithm. It describes the use of temporary mobile subscriber identities and issues around roaming fraud. The document also outlines UMTS authentication and key agreement, noting that it adds mutual authentication between the user equipment and network compared to GSM. Finally, it discusses some security aspects and attacks related to mobility in Mobile IPv6 networks.
The document discusses security mechanisms in GSM networks. It first outlines the goals of security for operators and customers. It then describes the four main security principles of GSM: user authentication, ciphering of data and signals, confidentiality of user identity, and use of the SIM as a security module. The document reviews two papers on vehicle security and anti-theft systems using GSM and GPS. It compares the papers and identifies some shortcomings of such systems, such as weaker connectivity in rural areas. Finally, it concludes the systems can help reduce vehicle theft if implemented widely.
This document summarizes attacks on the GSM security system. It discusses how the A5/1 stream cipher used in GSM can be broken using techniques like space-time tradeoff attacks and biased birthday attacks. It also outlines vulnerabilities in the GSM signaling network that allow intercepting calls and retrieving encryption keys. SMS messages are sent in clear text, allowing spoofing and manipulation of messages. Overall, while GSM aimed to provide cellular security, it has numerous vulnerabilities that undermine the confidentiality of calls and user data.
GSM security aims to authenticate SIM cards connecting to the network and encrypt wireless communications between mobile phones and the core network. The authentication center authenticates each SIM using authentication triplets to generate an encryption key for encrypting voice and SMS data. While the A5 algorithm encrypts communications, the A3 and A8 algorithms perform authentication and generate session keys, with COMP128 implementing these functions through table lookups and compression. Currently, only the COMP128v1 SIM cards can be cloned, as that version has been cracked, and it accounts for 70% of SIM cards in use.
Topics covered in this presentation:
Abbreviations
Types of Cards
SIM Card Memory Architecture
RUM-Classifications
NV Vs RUIM
PRL
USIM
UICC Vs ICC
GSM was developed in the 1980s to address incompatible mobile phone systems across European countries and the increasing demand for telecommunication services. It specified a common digital system for wireless networks in Europe called Global System for Mobile Communications. GSM introduced advantages like better call quality, data transmission support, international roaming, and lower costs. It has three subsystems: the network switching subsystem, base station subsystem, and network management system. Security and authentication are enabled through subscriber identity modules (SIM cards), visitor location registers, home location registers, and authentication centers.
This document summarizes algorithms used for security in the Global System for Mobile Communications (GSM) network. It discusses the A3 authentication algorithm, A8 cipher key generation algorithm, and A5 encryption algorithm. The A3 and A8 algorithms are combined into the COMP128 algorithm. The COMP128 generates response values and session keys to authenticate users and encrypt traffic. While details are kept private, analyses have found the algorithms vulnerable to attacks. The document also outlines other security measures in GSM like temporary IDs to protect subscriber identity, unique equipment IDs, and ciphering of radio channel traffic.
This document describes a multipurpose security system using RFID and GSM technologies. The system provides four stages of verification: RFID verification, time limit verification, SIM card contact number verification, and password matching. If any verification fails, a message is sent to security within a specified time period. The system was implemented using an Arduino Uno, RFID reader, and GSM module. It was tested and able to open a door or trigger a motor when all verifications passed successfully. The system provides a robust, efficient form of security and could be adapted for various applications.
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...Iaetsd Iaetsd
The document proposes a smart gun system using RFID, GPS, and GSM modules. The system would authenticate users through RFID chips and tags on the gun and user. A GPS module would track the gun's location. GSM would allow security officials to remotely lock the gun trigger by SMS if it enters restricted areas, allowing monitoring and preventing misuse. The system aims to enable safer gun use through remote control and limiting use to authorized users only.
GSM is a digital cellular network standard developed in 1984 to provide high quality, secure mobile voice and data services across Europe and beyond. A GSM network consists of mobile stations (cell phones), base transceiver stations, base station controllers, mobile switching centers, home and visitor location registers, and other components. It uses FDMA to divide frequencies into channels and TDMA to divide channels into timeslots to allow multiple users to share the same frequency spectrum.
This document outlines a framework for conducting a security penetration test of the Diameter protocol. It describes the basic equipment needed, including virtual machines running Open Source Diameter software and penetration testing tools. It also discusses setting up simulated 4G network elements like the PCRF, HSS and MME to test Diameter in a more complete network environment. The goal is to identify vulnerabilities in Diameter by developing a taxonomy similar to one created for the SS7 protocol. This will provide much needed security analysis of the widely used Diameter protocol.
This document discusses security in Bluetooth, CDMA, and UMTS wireless technologies. It describes security threats like disclosure and integrity threats in Bluetooth. It outlines Bluetooth security levels, modes, and techniques like authentication, authorization, and encryption. It also discusses known vulnerabilities like spoofing and denial of service attacks against Bluetooth. The document then covers 3G security features in UMTS like mutual authentication and data integrity. Finally, it provides an overview of CDMA technology and security through encryption and authentication.
Worldwide attacks on SS7/SIGTRAN networkP1Security
Publication performed by Alexandre De Oliveira and Pierre-Olivier Vauboin during Hackito Ergo Sum 2014
Mobile telecommunication networks are complex and provide a wide range of services, making them a tempting target for fraudsters and for intelligence agencies. Moreover, the architecture, equipment and protocols used on these networks were never designed with security in mind, availability being the first concern. Today, even though some telecom operators are investing money into securing their network, events confirm that for most of them maturity in term of security is yet to come, as recently shown with the example of massive traffic interception on compromised SCCP and GRX providers like Belgacom’s BICS. Here we present the most typical and legitimate telecom callflows from making a mobile phone call to sending a SMS. Then we describe the protocol layers involved and how to abuse them, which fields can be manipulated in order to attack both the operator infrastructure and its subscribers. Finally, we show a real life example of scan performed from an international SS7 interconnection and practical attacks on subscribers such as spam, spoofed SMS and user location tracking.
IRJET- ATM Security using GSM and MEMS SensorIRJET Journal
This document proposes a security system for ATMs using a MEMS sensor to detect movement if the machine is robbed and a GSM module to send alerts to bank authorities and police. The system would use an AVR microcontroller connected to the MEMS sensor and GSM module to trigger alerts if the sensor detects movement, shutting the door and spraying anesthesia powder on thieves. The system is designed to improve ATM security and prevent losses from increasing robbery and theft at ATMs.
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowejPROIDEA
W związku z tym, że na PLNOG coraz częściej goszczą sieci komórkowe przy okazji tematów związanych z ich bezpieczeństwem, chciałbym przedstawić zebraną wiedzę dotyczącą tego zagadnienia (zaczynając do architektury). Bezpieczeństwo sieci mobilnych należy rozpatrywać w dwóch aspektach: radiowej i sieciowej. Część radiowa dotyczy komunikacji terminali z siecią, gdzie najważniejszą będzie informacja przed czym kolejne generacje sieci komórkowych nas, użytkowników, chronią, a przed czym nie. Omówione zostaną najważniejsze procedury związane z autoryzacją i szyfrowaniem. Druga część omawia bezpieczeństwo sieci szkieletowej operatora, w szczególności w związku ze współpracą między operatorami i koniecznymi punktami styku między nimi. Świat operatorów komórkowych przestawił się mocno na IP, co mocno przybliżyło go do zagrożeń związanych z Internetem. Warto więc zaprząc Wiresharka, i zobaczyć co w protokołach widać, jak nasze dane i dane o nas wędrują po świecie. Najwazniejsze pojęcia ujęte w prezentacji: IMSI/GPRS/LTE Attach, security vector (RAND/SRES/XRES/Kc/Kasme), SS7 (BSSAP/RANAP/MAP), DIAMETER (DRA, DEA), GTP, roaming: home routing, local breakout
Global System for Mobile Communication Based Smart Home Security SystemIJERA Editor
Home security system is needed for occupants' convenience and safety. In this paper, we present the design and implementation of an affordable, low power consumption, and GSM (Global System for Mobile Communication) based wireless home security system. In existing system, the home network is engaged with non-wireless technology, where the installation and maintenance is difficult. So the system cost is very high. In our proposed system, these difficulties are overcome by introducing a wireless home network which contains a GPRS Gateway and three kinds of security nodes namely door security node, anti intrusion node and SMS node to inform the user. The nodes are easy installing. All the three nodes are connected to the microcontroller.
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionLuca Bongiorni
Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.
This document discusses various identifiers used in GSM networks, including:
- The International Mobile Station Equipment Identity (IMEI) uniquely identifies mobile devices.
- The International Mobile Subscriber Identity (IMSI) identifies subscribers and includes information like mobile country code, network code, and subscriber number.
- The Mobile Subscriber ISDN Number (MSISDN) is the phone number assigned to a subscriber's SIM card.
It also covers temporary identifiers assigned for mobility like the Temporary Mobile Subscriber Identity (TMSI) and location identifiers like the Location Area Identity (LAI) and Cell Identifier (CI).
This workshop aims to give an intermediate-level understanding of the potential risk associated with cellular mobile communication networks and the security issues in the radio access network. In particular, we begin with a brief history of Telecom, fundamentals of mobile network, radio signals, the security architecture of GSM/UMTS/LTE, cellular network attack detection methods, and security vulnerabilities with possible practical examples with case studies.
GSM Fundamentals provides an overview of GSM bands, the general architecture of a GSM network including key components like the MS, BSS, NSS, HLR, VLR, EIR, AUC, and IWF. It also describes identification numbers used in GSM like IMSI, MSISDN, IMEI, and TMSI as well as logical channels and radio technology aspects.
The document discusses GSM authentication, localization, and handover.
For authentication, the document describes how the GSM network authenticates subscribers through a challenge-response mechanism using triplets generated by the AuC containing a random number (RAND), signed response (SRES), and ciphering key (Kc). The MS uses the RAND and its stored Ki to generate the SRES which is sent back to the network for verification.
For localization, the document explains that the GSM network always knows a user's location through the HLR and VLR updating location as the MS moves between MSCs. Localization can occur through network-based, handset-based, SIM-based, or hybrid methods
GSM is a second generation cellular standard developed to provide both voice services and data delivery using digital modulation. It has a network subsystem, radio subsystem and operation and maintenance subsystem. The network subsystem includes components like the MSC, HLR, VLR, AUC and EIR which perform functions like call processing, subscriber authentication and location management. The radio subsystem consists of the BSC and BTS and handles functions related to the air interface. The operation and maintenance subsystem handles network monitoring, configuration and fault management. GSM provides advantages like improved spectrum efficiency, international roaming, support for new services and high quality speech.
The global system for mobile communications (GSM) is a set of recommendations and specifications for a digital cellular telephone network (known as a Public Land Mobile Network, or PLMN). These recommendations ensure the compatibility of equipment from different GSM manufacturers, and interconnectivity between different administrations, including operations across international boundaries
The GSM network is comprised of the following components:
Network Elements
The GSM network incorporates a number of network elements to support mobile equipment. They are listed and described in the GSM network elements section of this chapter.
GSM subsystems
In addition, the network includes subsystems that are not formally recognized as network elements but are necessary for network operation. These are described in the GSM subsystems (non-network elements) section of this chapter.
Standardized Interfaces
GSM specifies standards for interfaces between network elements, which ensure the connectivity of GSM equipment from different manufacturers. These are listed in the Standardized interfaces section of this chapter.
Network Protocols
For most of the network communications on these interfaces, internationally recognized communications protocols have been used
These are identified in the Network protocols section of this chapter.
GSM Frequencies
The frequency allocations for GSM 900, Extended GSM and Digital Communications Systems are identified in the GSM frequencies section of this chapter.
This document summarizes key concepts related to location management in GSM networks. It defines IMEI as a unique 15-digit number assigned to mobile devices used for identification and security. It explains that MSISDN is the subscriber's phone number stored in the HLR and SIM. TMSI is a temporary ID assigned during a subscriber's presence in an area to replace IMSI for increased privacy. LAI is the unique ID of a location area broadcast to help the mobile station determine if it has changed locations.
SecurityGen-Article-Cloning-SimCard.pdfSecurity Gen
The security of mobile devices is a critical issue in today's digital age. While there are many security protocols in
place, malefactors continue to find ways to exploit vulnerabilities in these systems. One such vulnerability is the
use of the SS7 network, which is used to manage calls and texts between mobile devices. A recent article
discussed a resource that promises SIM card cloning through SS7 attacks, but is this claim legitimate?
The attackers are presenting their latest assault as a form of SIM swap attack. But first, let's clarify what these
attacks entail.
The document provides an overview of the Global System for Mobile (GSM) network. It discusses the history and development of GSM, the key components of GSM architecture including the mobile station, base station subsystem, and network switching subsystem. It also describes the technical specifications of GSM such as frequency spectrum, frame structure, channels, and security features. Finally, it discusses the applications and future developments of GSM networks including 2.5G and 3G technologies.
The document provides an overview of the Global System for Mobile (GSM) network. It discusses the history and development of GSM, the key components of GSM architecture including the mobile station, base station subsystem, and network switching subsystem. It also describes the technical specifications of GSM such as frequency spectrum, frame structure, channels, and security features. Finally, it discusses the applications and future developments of GSM networks including 2.5G and 3G technologies.
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
In his 45-minute presentation, our expert demonstrates how an intruder can use new SS7 vulnerabilities to bypass security tools. You will find out why it is possible, how network equipment reacts to malicious traffic, and what can be done to secure telecom networks.
The document summarizes key aspects of GSM (Global System for Mobile Communication) technology including its history, specifications, network architecture, components, services, and future developments. Specifically, it discusses the RF spectrum used by GSM, its TDMA access method, modulation techniques, network subsystems like the MSC, HLR, VLR, authentication center, radio subsystems including the BSC and BTS. It also covers mobile station components, mobile identification numbers, call origination and termination processes, and developments like 2.5G and 3G technologies.
Mobile phones communicate with networks of base stations using radio frequencies. Each base station covers a small area called a "cell". When making calls, phones connect to the closest base station. There are security issues like unauthorized eavesdropping, location tracking, and identity theft. Law enforcement can use devices called triggerfish to locate phones without a warrant by posing as a cell tower. Basic security requirements for users include protecting calls from recording and requiring consent for location sharing or identity verification.
The GSM network is comprised of the following components:
Network Elements
The GSM network incorporates a number of network elements to support mobile equipment. They are listed and described in the GSM network elements section of this chapter.
GSM subsystems
In addition, the network includes subsystems that are not formally recognized as network elements but are necessary for network operation. These are described in the GSM subsystems (non-network elements) section of this chapter.
Standardized Interfaces
GSM specifies standards for interfaces between network elements, which ensure the connectivity of GSM equipment from different manufacturers. These are listed in the Standardized interfaces section of this chapter.
Network Protocols
For most of the network communications on these interfaces, internationally recognized communications protocols have been used
These are identified in the Network protocols section of this chapter.
GSM Frequencies
The frequency allocations for GSM 900, Extended GSM and Digital Communications Systems are identified in the GSM frequencies section of this chapter.
GSM networks are digital and can cater for high system capacities. They are consistent with the world wide digitization of the telephone network, and are an extension of the Integrated Services Digital Network (ISDN), using a digital radio interface between the cellular network and the mobile subscriber equipment
The GSM system provides a greater subscriber capacity than analogue systems. GSM allows 25 kHz. Per user, that is, eight conversations per 200kHz. Channel pair (a pair comprising one transmit channel and one receive channel). Digital channel coding and the modulation used makes the signal resistant to interference from the cells where the same frequencies are re-used (co-channel interference); a Carrier to Interference Ratio (C/I) level of 9 dB is achieved, as opposed to the 18 dB typical with analogue cellular. This allows increased geographic reuse by permitting a reduction in the number of cells in the reuse pattern. Since this number is directly controlled by the amount of interference, the radio transmission design can deliver acceptable performance.
GSM is a digital cellular network standard developed in the 1980s to provide high quality, secure mobile voice and data services across Europe and beyond. Key components of a GSM network include mobile stations containing SIM cards, base transceiver stations that communicate with mobile devices, base station controllers that manage multiple BTS, mobile switching centers that route calls between the network and PSTN, and databases like HLR and EIR that store subscriber and device identities and authentication information.
GSM (Global System for Mobile communications) is a digital cellular network developed in the 1980s to provide voice and data services. It uses TDMA technology to allow multiple users to access radio channels simultaneously over the same radio frequency. The GSM network architecture consists of mobile stations, base station subsystems, and network switching subsystems. GSM has evolved over time to support higher data speeds and now provides up to 2Mbps data rates. It is an open, digital standard used by over 4 billion people across more than 212 countries and territories.
The GSM standard was developed by the Groupe SpecialMobile, which was an initiative of the Conference of European Post and Telecommunications (CEPT) administrations.
The responsibility for GSM standardization now resides with the
Special Mobile Group (SMG) under the European Telecommunication Standard Institute (ETSI).
Fully digital system utilizing the 900MHz frequency band.
TDMA over radiocarriers(200 kHz carrier spacing)
8 full rate or 16 half rate TDMA channels per carrier
User/terminal authentication for fraud control
Encryption of speech and data transmissions over the radio path
Full international roaming capability
Low speed data services (upto 9.6kb/s)
Compatibility with ISDN for supplementary services
Support of short message services(SMS)
GSM supports a range of basic and supplementary services, and these services are defined analogous to those for ISDN(i.e.,bearer services, teleservices, and supplementary services).
The most important service supported by GSM is Telephony.
Other services derived from telephony included in the GSM specification are emergency calling and voice messaging.
Bearer services supported in GSM include various asynchronous and synchronous data services for information transfer.
Teleservices based on these bearer services include group 3 fax and short message service(SMS)
The data capabilities of GSM have now been enhanced to include high speed circiut-switched data(HSCSD) and general packet radio service (GPRS).
Call offering services call forwarding
Call resrtiction services call barring
Call waiting service
Call hold service
Multi party service tele conferencing
Calling line presentation restriction services
Advice of charge service
Closed user group service
The GSM System comprises of Base Transceiver Station (BTS), Base Station Controllers (BSC), Mobile Switching Centers (MSC), and set of registers (databases) to assist in mobility management and security functions.
All signaling between the MSC and the various registers (databases) as well as between the MSCs takes place using the Signaling System 7(SS7) network, with the application level messages using the Mobile Application Protocol (MAP) designed specifically for GSM.
The MAP protocol utilizes the lower layer functions from the SS7 protocol stack.
The document discusses attacking GSM networks by spoofing a base transceiver station (BTS). It describes how to setup an OpenBTS system using inexpensive hardware to intercept mobile subscribers. It also summarizes vulnerabilities in the GSM cryptographic protocols including issues with identifiers, spoofing networks, decrypting traffic, and lack of encryption.
1. The document discusses identifiers and resource structures in OneM2M specifications. It defines several M2M identifiers such as AE-ID, App-ID, CSE-ID, M2M-Node-ID, and others that uniquely identify entities.
2. It describes the formats and purposes of each identifier, such as the AE-ID uniquely identifying an application entity and the CSE-ID identifying a common services entity. The App-ID can be globally unique or non-unique.
3. Reference points like Mca and Mcc are also summarized, with examples of request messages containing parameters like From, To, and Operation to indicate the initiator, target resource, and requested operation.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
2. 2
AgendaAgenda
GSM Security ObjectivesGSM Security Objectives
Concerns, Goals, RequirementsConcerns, Goals, Requirements
GSM Security MechanismsGSM Security Mechanisms
SIM AnatomySIM Anatomy
Algorithms and AttacksAlgorithms and Attacks
COMP128COMP128
Partitioning Attack on COMP128Partitioning Attack on COMP128
((J. Rao, P. Rohantgi, H. Scherzer, S. TunguelyJ. Rao, P. Rohantgi, H. Scherzer, S. Tunguely))
3. 3
GSM Security ConcernsGSM Security Concerns
OperatorsOperators
Bills right peopleBills right people
Avoid fraudAvoid fraud
Protect ServicesProtect Services
CustomersCustomers
PrivacyPrivacy
AnonymityAnonymity
Make a system at least secure as PSTNMake a system at least secure as PSTN
4. 4
GSM Security GoalsGSM Security Goals
Confidentiality and Anonymity on the radioConfidentiality and Anonymity on the radio
pathpath
Strong client authentication to protect theStrong client authentication to protect the
operator against the billing fraudoperator against the billing fraud
Prevention of operators fromPrevention of operators from
compromising of each others’ securitycompromising of each others’ security
InadvertentlyInadvertently
Competition pressureCompetition pressure
5. 5
GSM Security DesignGSM Security Design
RequirementsRequirements
The security mechanismThe security mechanism
MUST NOTMUST NOT
Add significant overhead on call set upAdd significant overhead on call set up
Increase bandwidth of the channelIncrease bandwidth of the channel
Increase error rateIncrease error rate
Add expensive complexity to the systemAdd expensive complexity to the system
MUSTMUST
Cost effective schemeCost effective scheme
Define security proceduresDefine security procedures
Generation and distribution of keysGeneration and distribution of keys
Exchange information between operatorsExchange information between operators
Confidentiality of algorithmsConfidentiality of algorithms
6. 6
GSM Security FeaturesGSM Security Features
Key management is independent of equipmentKey management is independent of equipment
Subscribers can change handsets without compromisingSubscribers can change handsets without compromising
securitysecurity
Subscriber identity protectionSubscriber identity protection
not easy to identify the user of the system intercepting a usernot easy to identify the user of the system intercepting a user
datadata
Detection of compromised equipmentDetection of compromised equipment
Detection mechanism whether a mobile device wasDetection mechanism whether a mobile device was
compromised or notcompromised or not
Subscriber authenticationSubscriber authentication
The operator knows for billing purposes who is using the systemThe operator knows for billing purposes who is using the system
Signaling and user data protectionSignaling and user data protection
Signaling and data channels are protected over the radio pathSignaling and data channels are protected over the radio path
7. 7
GSM Mobile StationGSM Mobile Station
Mobile StationMobile Station
Mobile Equipment (ME)Mobile Equipment (ME)
Physical mobile devicePhysical mobile device
IdentifiersIdentifiers
IMEI – International Mobile Equipment IdentityIMEI – International Mobile Equipment Identity
Subscriber Identity Module (SIM)Subscriber Identity Module (SIM)
Smart Card containing keys, identifiers and algorithmsSmart Card containing keys, identifiers and algorithms
IdentifiersIdentifiers
KKii – Subscriber Authentication Key– Subscriber Authentication Key
IMSI – International Mobile Subscriber IdentityIMSI – International Mobile Subscriber Identity
TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity
MSISDN – Mobile Station International Service DigitalMSISDN – Mobile Station International Service Digital
NetworkNetwork
PIN – Personal Identity Number protecting a SIMPIN – Personal Identity Number protecting a SIM
LAI – location area identityLAI – location area identity
8. 8
GSM ArchitectureGSM Architecture
Mobile Stations Base Station
Subsystem
Exchange
System
Network
Management
Subscriber and terminal
equipment databases
BSC MSC
VLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
9. 9
Subscriber Identity ProtectionSubscriber Identity Protection
TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity
GoalsGoals
TMSI is used instead of IMSI as an a temporary subscriber identifierTMSI is used instead of IMSI as an a temporary subscriber identifier
TMSI prevents an eavesdropper from identifying of subscriberTMSI prevents an eavesdropper from identifying of subscriber
UsageUsage
TMSI is assigned when IMSI is transmitted to AuC on the first phoneTMSI is assigned when IMSI is transmitted to AuC on the first phone
switch onswitch on
Every time a location update (new MSC) occur the networks assignsEvery time a location update (new MSC) occur the networks assigns
a new TMSIa new TMSI
TMSI is used by the MS to report to the network or during a callTMSI is used by the MS to report to the network or during a call
initializationinitialization
Network uses TMSI to communicate with MSNetwork uses TMSI to communicate with MS
On MS switch off TMSI is stored on SIM card to be reused next timeOn MS switch off TMSI is stored on SIM card to be reused next time
The Visitor Location Register (VLR) performs assignment,The Visitor Location Register (VLR) performs assignment,
administration and update of the TMSIadministration and update of the TMSI
10. 10
Key Management SchemeKey Management Scheme
KKii – Subscriber Authentication Key– Subscriber Authentication Key
Shared 128 bit key used for authentication of subscriber byShared 128 bit key used for authentication of subscriber by
the operatorthe operator
Key StorageKey Storage
Subscriber’s SIM (owned by operator, i.e. trusted)Subscriber’s SIM (owned by operator, i.e. trusted)
Operator’s Home Locator Register (HLR) of the subscriber’sOperator’s Home Locator Register (HLR) of the subscriber’s
home networkhome network
SIM can be used with different equipmentSIM can be used with different equipment
11. 11
Detection of CompromisedDetection of Compromised
EquipmentEquipment
International Mobile Equipment Identifier (IMEI)International Mobile Equipment Identifier (IMEI)
Identifier allowing to identify mobilesIdentifier allowing to identify mobiles
IMEI is independent of SIMIMEI is independent of SIM
Used to identify stolen or compromised equipmentUsed to identify stolen or compromised equipment
Equipment Identity Register (EIR)Equipment Identity Register (EIR)
Black list – stolen or non-type mobilesBlack list – stolen or non-type mobiles
White list - valid mobilesWhite list - valid mobiles
Gray list – local tracking mobilesGray list – local tracking mobiles
Central Equipment Identity Register (CEIR)Central Equipment Identity Register (CEIR)
Approved mobile type (type approval authorities)Approved mobile type (type approval authorities)
Consolidated black list (posted by operators)Consolidated black list (posted by operators)
12. 12
AuthenticationAuthentication
Authentication GoalsAuthentication Goals
Subscriber (SIM holder) authenticationSubscriber (SIM holder) authentication
Protection of the network againstProtection of the network against
unauthorized useunauthorized use
Create a session keyCreate a session key
Authentication SchemeAuthentication Scheme
Subscriber identification: IMSI or TMSISubscriber identification: IMSI or TMSI
Challenge-Response authentication of theChallenge-Response authentication of the
subscriber by the operatorsubscriber by the operator
13. 13
Authentication and EncryptionAuthentication and Encryption
SchemeScheme
A3
Mobile Station Radio Link GSM Operator
A8
A5
A3
A8
A5
Ki Ki
Challenge RAND
KcKc
mi Encrypted Data mi
SIM
Signed response (SRES)
SRESSRES
Fn
Fn
Authentication: are SRES
values equal?
14. 14
AuthenticationAuthentication
AuC – Authentication CenterAuC – Authentication Center
Provides parameters for authentication andProvides parameters for authentication and
encryption functions (RAND, SRES, Kencryption functions (RAND, SRES, Kcc))
HLR – Home Location RegisterHLR – Home Location Register
Provides MSC (Mobile Switching Center) with triplesProvides MSC (Mobile Switching Center) with triples
(RAND, SRES, K(RAND, SRES, Kcc))
Handles MS locationHandles MS location
VLR – Visitor Location RegisterVLR – Visitor Location Register
Stores generated triples by the HLR when aStores generated triples by the HLR when a
subscriber is not in his home networksubscriber is not in his home network
One operator doesn’t have access to subscriber keysOne operator doesn’t have access to subscriber keys
of the another operator.of the another operator.
15. 15
A3 – MS Authentication AlgorithmA3 – MS Authentication Algorithm
GoalGoal
Generation of SRES response to MSC’sGeneration of SRES response to MSC’s
random challenge RANDrandom challenge RAND
A3
RAND (128 bit)
Ki (128 bit)
SRES (32 bit)
16. 16
A8 – Voice Privacy Key GenerationA8 – Voice Privacy Key Generation
AlgorithmAlgorithm
GoalGoal
Generation of session key KGeneration of session key Kss
A8 specification was never made publicA8 specification was never made public
A8
RAND (128 bit)
Ki (128 bit)
KC (64 bit)
17. 17
Logical ImplementationLogical Implementation
of A3 and A8of A3 and A8
Both A3 and A8 algorithms areBoth A3 and A8 algorithms are
implemented on the SIMimplemented on the SIM
Operator can decide, which algorithm to use.Operator can decide, which algorithm to use.
Algorithms implementation is independent ofAlgorithms implementation is independent of
hardware manufacturers and networkhardware manufacturers and network
operators.operators.
18. 18
Logical ImplementationLogical Implementation
of A3 and A8of A3 and A8
COMP128 is used for both A3 and A8 inCOMP128 is used for both A3 and A8 in
most GSM networks.most GSM networks.
COMP128 is a keyed hash functionCOMP128 is a keyed hash function
COMP128
RAND (128 bit)
Ki (128 bit)
128 bit output
SRES 32 bit and Kc 54 bit
19. 19
A5 – Encryption AlgorithmA5 – Encryption Algorithm
A5 is a stream cipherA5 is a stream cipher
Implemented very efficiently on hardwareImplemented very efficiently on hardware
Design was never made publicDesign was never made public
Leaked to Ross Anderson and Bruce SchneierLeaked to Ross Anderson and Bruce Schneier
VariantsVariants
A5/1 – the strong versionA5/1 – the strong version
A5/2 – the weak versionA5/2 – the weak version
A5/3A5/3
GSM Association Security Group and 3GPP designGSM Association Security Group and 3GPP design
Based on Kasumi algorithm used in 3G mobile systemsBased on Kasumi algorithm used in 3G mobile systems
20. 20
Logical A5 ImplementationLogical A5 Implementation
A5
Kc (64 bit)Fn (22 bit)
114 bit
XOR
Data (114 bit)
A5
Kc (64 bit)Fn (22 bit)
114 bit
XOR
Ciphertext (114 bit) Data (114 bit)
Mobile Station BTS
Real A5 output is 228 bit for both directionsReal A5 output is 228 bit for both directions
21. 21
A5 EncryptionA5 Encryption
Mobile Stations Base Station
Subsystem
Exchange
System
Network
Management
Subscriber and terminal
equipment databases
BSC MSC
VLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
A5 Encryption
22. 22
SIM AnatomySIM Anatomy
Subscriber Identification Module (SIM)Subscriber Identification Module (SIM)
Smart Card – a single chip computer containing OS, FileSmart Card – a single chip computer containing OS, File
System, ApplicationsSystem, Applications
Protected by PINProtected by PIN
Owned by operator (i.e. trusted)Owned by operator (i.e. trusted)
SIM applications can be written with SIM ToolkitSIM applications can be written with SIM Toolkit
26. 26
Attack CategoriesAttack Categories
SIM AttacksSIM Attacks
Radio-link interception attacksRadio-link interception attacks
Operator network attacksOperator network attacks
GSM does not protect an operator’s networkGSM does not protect an operator’s network
27. 27
Attack HistoryAttack History
19911991
First GSM implementation.First GSM implementation.
April 1998April 1998
The Smartcard Developer Association (SDA) together with U.C.The Smartcard Developer Association (SDA) together with U.C.
Berkeley researches cracked the COMP128 algorithm stored in SIM andBerkeley researches cracked the COMP128 algorithm stored in SIM and
succeeded to get Ksucceeded to get Kii within several hours. They discovered that Kc useswithin several hours. They discovered that Kc uses
only 54 bits.only 54 bits.
August 1999August 1999
The week A5/2 was cracked using a single PC within seconds.The week A5/2 was cracked using a single PC within seconds.
December 1999December 1999
Alex Biryukov, Adi Shamir and David Wagner have published theAlex Biryukov, Adi Shamir and David Wagner have published the
scheme breaking the strong A5/1 algorithm. Within two minutes ofscheme breaking the strong A5/1 algorithm. Within two minutes of
intercepted call the attack time was only 1 second.intercepted call the attack time was only 1 second.
May 2002May 2002
The IBM Research group discovered a new way to quickly extract theThe IBM Research group discovered a new way to quickly extract the
COMP128 keys using side channels.COMP128 keys using side channels.
31. 31
Actual Information AvailableActual Information Available
Side Channels
•Power Consumption
•Electromagnetic radiation
•Timing
•Errors
•Etc.
Side Channel Attacks
Input
Crypto Processing
Sensitive Information
Output
Smart CardSmart Card
32. 32
Simple Power DES AnalysisSimple Power DES Analysis
SPA of DES operation performed by a typical Smart CardSPA of DES operation performed by a typical Smart Card
Above: initial permutation, 16 DES rounds, final permutationAbove: initial permutation, 16 DES rounds, final permutation
Below: detailed view of the second and third roundsBelow: detailed view of the second and third rounds
33. 33
Partitioning Attack on COMP128Partitioning Attack on COMP128
Attack GoalAttack Goal
KKii stored on SIM cardstored on SIM card
KnowingKnowing KKii it’s possible to clone SIMit’s possible to clone SIM
Cardinal PrincipleCardinal Principle
Relevant bits of all intermediate cycles and their values shouldRelevant bits of all intermediate cycles and their values should
be statistically independent of the inputs, outputs, and sensitivebe statistically independent of the inputs, outputs, and sensitive
information.information.
Attack IdeaAttack Idea
Find a violation of theFind a violation of the Cardinal PrincipleCardinal Principle, i.e. side channels with, i.e. side channels with
signals does depend on input, outputs and sensitive informationsignals does depend on input, outputs and sensitive information
Try to exploit theTry to exploit the statistical dependencystatistical dependency in signals to extract ain signals to extract a
sensitive informationsensitive information
34. 34
Partitioning Attack on COMP128Partitioning Attack on COMP128
How to implement 512 element THow to implement 512 element T00 table ontable on
8 bit Smart Card (i.e. index is 0..255)?8 bit Smart Card (i.e. index is 0..255)?
Split 512 element table into two 256 element tablesSplit 512 element table into two 256 element tables
It’s possible to detect access ofIt’s possible to detect access of
different tables via side channels!different tables via side channels!
Power Consumption
Electromagnetic radiation
35. 35
Partitioning Attack on COMP128Partitioning Attack on COMP128
Pseudo-code of the compression in COMP128 algorithm
•X[0..15] = Ki; X[16..31] = RAND;
•Lookup tables: T0[512], T1[256], T2[128], T3[64], T4[32]
36. 36
Partitioning Attack on COMP128Partitioning Attack on COMP128
K[0]K[0] K[1]K[1] K[15]K[15] R[0]R[0] R[15]R[15]…… ……R[0]R[0]
TT00[y][y] K[1]K[1] K[15]K[15] TT00[z][z] R[15]R[15]…… ……R[0]R[0]
y = K[0] + 2R[0]y = K[0] + 2R[0] z = 2K[0] + R[0]z = 2K[0] + R[0]
0 15 16 32
X
Values ofValues of yy andand zz depend on the first bytes ofdepend on the first bytes of KK andand RR
It’s possible to detect via side channels whether valuesIt’s possible to detect via side channels whether values
ofof yy andand zz are within [0..255] or [256..511].are within [0..255] or [256..511].
37. 37
Partitioning Attack on COMP128Partitioning Attack on COMP128
All we need is…All we need is…
A) FindA) Find R[0]R[0] such thatsuch that
K[0] + 2R[0] (mod 512) < 256K[0] + 2R[0] (mod 512) < 256
K[0] + 2(R[0]+1) (mod 512) >= 256K[0] + 2(R[0]+1) (mod 512) >= 256
(There are only two options)(There are only two options)
B) Find R’[0] such thatB) Find R’[0] such that
2K[0] + R’[0] (mod 512) < 2562K[0] + R’[0] (mod 512) < 256
2K[0] + R’[0] + 1 (mod 512) >= 2562K[0] + R’[0] + 1 (mod 512) >= 256
C) One ofC) One of K[0]K[0] from A) will match B)from A) will match B)
The key byte is always uniquely determined fromThe key byte is always uniquely determined from
partitioning information.partitioning information.
Computation of the others bytes ofComputation of the others bytes of KK is similar.is similar.
38. 38
SummarySummary
GSM Security ObjectivesGSM Security Objectives
Concerns, Goals, RequirementsConcerns, Goals, Requirements
GSM Security MechanismsGSM Security Mechanisms
SIM AnatomySIM Anatomy
Algorithms and AttacksAlgorithms and Attacks
COMP128COMP128
Partitioning Attack on COMP128Partitioning Attack on COMP128