SlideShare a Scribd company logo

Gsm security

Download as PPT, PDF
M
maicuong8

This document provides an overview of GSM security, including its objectives, mechanisms, and algorithms. It discusses the security concerns for operators and customers that GSM aims to address. The key goals of GSM security are confidentiality, anonymity, and authentication. The document then describes the specific security features and components of GSM, including the SIM card, authentication process, encryption algorithms like A3, A8, and A5, and the COMP128 algorithm. It also discusses attacks against GSM security like the partitioning attack against COMP128 that exploits side channels.

1 of 38
11 GSM Security OverviewGSM Security Overview (Part 2)(Part 2) Max StepanovMax Stepanov
2 AgendaAgenda GSM Security ObjectivesGSM Security Objectives  Concerns, Goals, RequirementsConcerns, Goals, Requirements GSM Security MechanismsGSM Security Mechanisms SIM AnatomySIM Anatomy Algorithms and AttacksAlgorithms and Attacks  COMP128COMP128  Partitioning Attack on COMP128Partitioning Attack on COMP128 ((J. Rao, P. Rohantgi, H. Scherzer, S. TunguelyJ. Rao, P. Rohantgi, H. Scherzer, S. Tunguely))
3 GSM Security ConcernsGSM Security Concerns OperatorsOperators  Bills right peopleBills right people  Avoid fraudAvoid fraud  Protect ServicesProtect Services CustomersCustomers  PrivacyPrivacy  AnonymityAnonymity Make a system at least secure as PSTNMake a system at least secure as PSTN
4 GSM Security GoalsGSM Security Goals Confidentiality and Anonymity on the radioConfidentiality and Anonymity on the radio pathpath Strong client authentication to protect theStrong client authentication to protect the operator against the billing fraudoperator against the billing fraud Prevention of operators fromPrevention of operators from compromising of each others’ securitycompromising of each others’ security  InadvertentlyInadvertently  Competition pressureCompetition pressure
5 GSM Security DesignGSM Security Design RequirementsRequirements The security mechanismThe security mechanism  MUST NOTMUST NOT Add significant overhead on call set upAdd significant overhead on call set up Increase bandwidth of the channelIncrease bandwidth of the channel Increase error rateIncrease error rate Add expensive complexity to the systemAdd expensive complexity to the system  MUSTMUST Cost effective schemeCost effective scheme  Define security proceduresDefine security procedures Generation and distribution of keysGeneration and distribution of keys Exchange information between operatorsExchange information between operators Confidentiality of algorithmsConfidentiality of algorithms
6 GSM Security FeaturesGSM Security Features Key management is independent of equipmentKey management is independent of equipment  Subscribers can change handsets without compromisingSubscribers can change handsets without compromising securitysecurity Subscriber identity protectionSubscriber identity protection  not easy to identify the user of the system intercepting a usernot easy to identify the user of the system intercepting a user datadata Detection of compromised equipmentDetection of compromised equipment  Detection mechanism whether a mobile device wasDetection mechanism whether a mobile device was compromised or notcompromised or not Subscriber authenticationSubscriber authentication  The operator knows for billing purposes who is using the systemThe operator knows for billing purposes who is using the system Signaling and user data protectionSignaling and user data protection  Signaling and data channels are protected over the radio pathSignaling and data channels are protected over the radio path
7 GSM Mobile StationGSM Mobile Station Mobile StationMobile Station  Mobile Equipment (ME)Mobile Equipment (ME) Physical mobile devicePhysical mobile device IdentifiersIdentifiers  IMEI – International Mobile Equipment IdentityIMEI – International Mobile Equipment Identity  Subscriber Identity Module (SIM)Subscriber Identity Module (SIM) Smart Card containing keys, identifiers and algorithmsSmart Card containing keys, identifiers and algorithms IdentifiersIdentifiers  KKii – Subscriber Authentication Key– Subscriber Authentication Key  IMSI – International Mobile Subscriber IdentityIMSI – International Mobile Subscriber Identity  TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity  MSISDN – Mobile Station International Service DigitalMSISDN – Mobile Station International Service Digital NetworkNetwork  PIN – Personal Identity Number protecting a SIMPIN – Personal Identity Number protecting a SIM  LAI – location area identityLAI – location area identity
8 GSM ArchitectureGSM Architecture Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS BTS
9 Subscriber Identity ProtectionSubscriber Identity Protection TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity  GoalsGoals TMSI is used instead of IMSI as an a temporary subscriber identifierTMSI is used instead of IMSI as an a temporary subscriber identifier TMSI prevents an eavesdropper from identifying of subscriberTMSI prevents an eavesdropper from identifying of subscriber  UsageUsage TMSI is assigned when IMSI is transmitted to AuC on the first phoneTMSI is assigned when IMSI is transmitted to AuC on the first phone switch onswitch on Every time a location update (new MSC) occur the networks assignsEvery time a location update (new MSC) occur the networks assigns a new TMSIa new TMSI TMSI is used by the MS to report to the network or during a callTMSI is used by the MS to report to the network or during a call initializationinitialization Network uses TMSI to communicate with MSNetwork uses TMSI to communicate with MS On MS switch off TMSI is stored on SIM card to be reused next timeOn MS switch off TMSI is stored on SIM card to be reused next time  The Visitor Location Register (VLR) performs assignment,The Visitor Location Register (VLR) performs assignment, administration and update of the TMSIadministration and update of the TMSI
10 Key Management SchemeKey Management Scheme KKii – Subscriber Authentication Key– Subscriber Authentication Key  Shared 128 bit key used for authentication of subscriber byShared 128 bit key used for authentication of subscriber by the operatorthe operator  Key StorageKey Storage Subscriber’s SIM (owned by operator, i.e. trusted)Subscriber’s SIM (owned by operator, i.e. trusted) Operator’s Home Locator Register (HLR) of the subscriber’sOperator’s Home Locator Register (HLR) of the subscriber’s home networkhome network SIM can be used with different equipmentSIM can be used with different equipment
11 Detection of CompromisedDetection of Compromised EquipmentEquipment International Mobile Equipment Identifier (IMEI)International Mobile Equipment Identifier (IMEI)  Identifier allowing to identify mobilesIdentifier allowing to identify mobiles  IMEI is independent of SIMIMEI is independent of SIM  Used to identify stolen or compromised equipmentUsed to identify stolen or compromised equipment Equipment Identity Register (EIR)Equipment Identity Register (EIR)  Black list – stolen or non-type mobilesBlack list – stolen or non-type mobiles  White list - valid mobilesWhite list - valid mobiles  Gray list – local tracking mobilesGray list – local tracking mobiles Central Equipment Identity Register (CEIR)Central Equipment Identity Register (CEIR)  Approved mobile type (type approval authorities)Approved mobile type (type approval authorities)  Consolidated black list (posted by operators)Consolidated black list (posted by operators)
12 AuthenticationAuthentication Authentication GoalsAuthentication Goals  Subscriber (SIM holder) authenticationSubscriber (SIM holder) authentication  Protection of the network againstProtection of the network against unauthorized useunauthorized use  Create a session keyCreate a session key Authentication SchemeAuthentication Scheme  Subscriber identification: IMSI or TMSISubscriber identification: IMSI or TMSI  Challenge-Response authentication of theChallenge-Response authentication of the subscriber by the operatorsubscriber by the operator
13 Authentication and EncryptionAuthentication and Encryption SchemeScheme A3 Mobile Station Radio Link GSM Operator A8 A5 A3 A8 A5 Ki Ki Challenge RAND KcKc mi Encrypted Data mi SIM Signed response (SRES) SRESSRES Fn Fn Authentication: are SRES values equal?
14 AuthenticationAuthentication AuC – Authentication CenterAuC – Authentication Center  Provides parameters for authentication andProvides parameters for authentication and encryption functions (RAND, SRES, Kencryption functions (RAND, SRES, Kcc)) HLR – Home Location RegisterHLR – Home Location Register  Provides MSC (Mobile Switching Center) with triplesProvides MSC (Mobile Switching Center) with triples (RAND, SRES, K(RAND, SRES, Kcc))  Handles MS locationHandles MS location VLR – Visitor Location RegisterVLR – Visitor Location Register  Stores generated triples by the HLR when aStores generated triples by the HLR when a subscriber is not in his home networksubscriber is not in his home network  One operator doesn’t have access to subscriber keysOne operator doesn’t have access to subscriber keys of the another operator.of the another operator.
15 A3 – MS Authentication AlgorithmA3 – MS Authentication Algorithm GoalGoal  Generation of SRES response to MSC’sGeneration of SRES response to MSC’s random challenge RANDrandom challenge RAND A3 RAND (128 bit) Ki (128 bit) SRES (32 bit)
16 A8 – Voice Privacy Key GenerationA8 – Voice Privacy Key Generation AlgorithmAlgorithm GoalGoal  Generation of session key KGeneration of session key Kss A8 specification was never made publicA8 specification was never made public A8 RAND (128 bit) Ki (128 bit) KC (64 bit)
17 Logical ImplementationLogical Implementation of A3 and A8of A3 and A8 Both A3 and A8 algorithms areBoth A3 and A8 algorithms are implemented on the SIMimplemented on the SIM  Operator can decide, which algorithm to use.Operator can decide, which algorithm to use.  Algorithms implementation is independent ofAlgorithms implementation is independent of hardware manufacturers and networkhardware manufacturers and network operators.operators.
18 Logical ImplementationLogical Implementation of A3 and A8of A3 and A8 COMP128 is used for both A3 and A8 inCOMP128 is used for both A3 and A8 in most GSM networks.most GSM networks.  COMP128 is a keyed hash functionCOMP128 is a keyed hash function COMP128 RAND (128 bit) Ki (128 bit) 128 bit output SRES 32 bit and Kc 54 bit
19 A5 – Encryption AlgorithmA5 – Encryption Algorithm  A5 is a stream cipherA5 is a stream cipher Implemented very efficiently on hardwareImplemented very efficiently on hardware Design was never made publicDesign was never made public Leaked to Ross Anderson and Bruce SchneierLeaked to Ross Anderson and Bruce Schneier  VariantsVariants A5/1 – the strong versionA5/1 – the strong version A5/2 – the weak versionA5/2 – the weak version A5/3A5/3  GSM Association Security Group and 3GPP designGSM Association Security Group and 3GPP design  Based on Kasumi algorithm used in 3G mobile systemsBased on Kasumi algorithm used in 3G mobile systems
20 Logical A5 ImplementationLogical A5 Implementation A5 Kc (64 bit)Fn (22 bit) 114 bit XOR Data (114 bit) A5 Kc (64 bit)Fn (22 bit) 114 bit XOR Ciphertext (114 bit) Data (114 bit) Mobile Station BTS Real A5 output is 228 bit for both directionsReal A5 output is 228 bit for both directions
21 A5 EncryptionA5 Encryption Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS BTS A5 Encryption
22 SIM AnatomySIM Anatomy  Subscriber Identification Module (SIM)Subscriber Identification Module (SIM) Smart Card – a single chip computer containing OS, FileSmart Card – a single chip computer containing OS, File System, ApplicationsSystem, Applications Protected by PINProtected by PIN Owned by operator (i.e. trusted)Owned by operator (i.e. trusted) SIM applications can be written with SIM ToolkitSIM applications can be written with SIM Toolkit
23 Smart Card AnatomySmart Card Anatomy
24 Microprocessor CardsMicroprocessor Cards Typical specificationTypical specification  8 bit CPU8 bit CPU  16 K ROM16 K ROM  256 bytes RAM256 bytes RAM  4K EEPROM4K EEPROM  Cost: $5-50Cost: $5-50 Smart Card TechnologySmart Card Technology  Based on ISO 7816 definingBased on ISO 7816 defining Card size, contact layout, electrical characteristicsCard size, contact layout, electrical characteristics I/O Protocols:I/O Protocols: byte/block basedbyte/block based File StructureFile Structure
2525 Algorithm ImplementationsAlgorithm Implementations and Attacksand Attacks
26 Attack CategoriesAttack Categories SIM AttacksSIM Attacks Radio-link interception attacksRadio-link interception attacks Operator network attacksOperator network attacks  GSM does not protect an operator’s networkGSM does not protect an operator’s network
27 Attack HistoryAttack History 19911991  First GSM implementation.First GSM implementation. April 1998April 1998  The Smartcard Developer Association (SDA) together with U.C.The Smartcard Developer Association (SDA) together with U.C. Berkeley researches cracked the COMP128 algorithm stored in SIM andBerkeley researches cracked the COMP128 algorithm stored in SIM and succeeded to get Ksucceeded to get Kii within several hours. They discovered that Kc useswithin several hours. They discovered that Kc uses only 54 bits.only 54 bits. August 1999August 1999  The week A5/2 was cracked using a single PC within seconds.The week A5/2 was cracked using a single PC within seconds. December 1999December 1999  Alex Biryukov, Adi Shamir and David Wagner have published theAlex Biryukov, Adi Shamir and David Wagner have published the scheme breaking the strong A5/1 algorithm. Within two minutes ofscheme breaking the strong A5/1 algorithm. Within two minutes of intercepted call the attack time was only 1 second.intercepted call the attack time was only 1 second. May 2002May 2002  The IBM Research group discovered a new way to quickly extract theThe IBM Research group discovered a new way to quickly extract the COMP128 keys using side channels.COMP128 keys using side channels.
2828 COMP128COMP128 Keyed hash functionKeyed hash function
29 COMP128COMP128 Pseudo-code of the compression in COMP128 algorithm •X[0..15] = Ki; X[16..31] = RAND; •Lookup tables: T0[512], T1[256], T2[128], T3[64], T4[32]
30 Traditional CryptographicTraditional Cryptographic AssumptionsAssumptions Traditional Cryptographic Attacks Input Crypto Processing Sensitive Information Output Smart CardSmart Card
31 Actual Information AvailableActual Information Available Side Channels •Power Consumption •Electromagnetic radiation •Timing •Errors •Etc. Side Channel Attacks Input Crypto Processing Sensitive Information Output Smart CardSmart Card
32 Simple Power DES AnalysisSimple Power DES Analysis SPA of DES operation performed by a typical Smart CardSPA of DES operation performed by a typical Smart Card  Above: initial permutation, 16 DES rounds, final permutationAbove: initial permutation, 16 DES rounds, final permutation  Below: detailed view of the second and third roundsBelow: detailed view of the second and third rounds
33 Partitioning Attack on COMP128Partitioning Attack on COMP128 Attack GoalAttack Goal  KKii stored on SIM cardstored on SIM card  KnowingKnowing KKii it’s possible to clone SIMit’s possible to clone SIM Cardinal PrincipleCardinal Principle  Relevant bits of all intermediate cycles and their values shouldRelevant bits of all intermediate cycles and their values should be statistically independent of the inputs, outputs, and sensitivebe statistically independent of the inputs, outputs, and sensitive information.information. Attack IdeaAttack Idea  Find a violation of theFind a violation of the Cardinal PrincipleCardinal Principle, i.e. side channels with, i.e. side channels with signals does depend on input, outputs and sensitive informationsignals does depend on input, outputs and sensitive information  Try to exploit theTry to exploit the statistical dependencystatistical dependency in signals to extract ain signals to extract a sensitive informationsensitive information
34 Partitioning Attack on COMP128Partitioning Attack on COMP128 How to implement 512 element THow to implement 512 element T00 table ontable on 8 bit Smart Card (i.e. index is 0..255)?8 bit Smart Card (i.e. index is 0..255)? Split 512 element table into two 256 element tablesSplit 512 element table into two 256 element tables It’s possible to detect access ofIt’s possible to detect access of different tables via side channels!different tables via side channels!  Power Consumption  Electromagnetic radiation
35 Partitioning Attack on COMP128Partitioning Attack on COMP128 Pseudo-code of the compression in COMP128 algorithm •X[0..15] = Ki; X[16..31] = RAND; •Lookup tables: T0[512], T1[256], T2[128], T3[64], T4[32]
36 Partitioning Attack on COMP128Partitioning Attack on COMP128 K[0]K[0] K[1]K[1] K[15]K[15] R[0]R[0] R[15]R[15]…… ……R[0]R[0] TT00[y][y] K[1]K[1] K[15]K[15] TT00[z][z] R[15]R[15]…… ……R[0]R[0] y = K[0] + 2R[0]y = K[0] + 2R[0] z = 2K[0] + R[0]z = 2K[0] + R[0] 0 15 16 32 X Values ofValues of yy andand zz depend on the first bytes ofdepend on the first bytes of KK andand RR It’s possible to detect via side channels whether valuesIt’s possible to detect via side channels whether values ofof yy andand zz are within [0..255] or [256..511].are within [0..255] or [256..511].
37 Partitioning Attack on COMP128Partitioning Attack on COMP128 All we need is…All we need is…  A) FindA) Find R[0]R[0] such thatsuch that K[0] + 2R[0] (mod 512) < 256K[0] + 2R[0] (mod 512) < 256 K[0] + 2(R[0]+1) (mod 512) >= 256K[0] + 2(R[0]+1) (mod 512) >= 256 (There are only two options)(There are only two options)  B) Find R’[0] such thatB) Find R’[0] such that 2K[0] + R’[0] (mod 512) < 2562K[0] + R’[0] (mod 512) < 256 2K[0] + R’[0] + 1 (mod 512) >= 2562K[0] + R’[0] + 1 (mod 512) >= 256  C) One ofC) One of K[0]K[0] from A) will match B)from A) will match B) The key byte is always uniquely determined fromThe key byte is always uniquely determined from partitioning information.partitioning information. Computation of the others bytes ofComputation of the others bytes of KK is similar.is similar.
38 SummarySummary GSM Security ObjectivesGSM Security Objectives  Concerns, Goals, RequirementsConcerns, Goals, Requirements GSM Security MechanismsGSM Security Mechanisms SIM AnatomySIM Anatomy Algorithms and AttacksAlgorithms and Attacks  COMP128COMP128  Partitioning Attack on COMP128Partitioning Attack on COMP128

Recommended

GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
Saikiran Panjala
 
Gsm security
Gsm securityGsm security
Gsm security
Ali Kamil
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
RK Nayak
 
Cryptography in GSM
Cryptography in GSMCryptography in GSM
Cryptography in GSM
Tharindu Weerasinghe
 
Gsm security final
Gsm security finalGsm security final
Gsm security final
Sanket Yavalkar
 
Presentation one-gsm
Presentation one-gsmPresentation one-gsm
Presentation one-gsm
Abu Sadat Mohammed Yasin
 
Gsm security by usman zulfqar
Gsm security by usman zulfqarGsm security by usman zulfqar
Gsm security by usman zulfqar
usman zulfqar
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
RUpaliLohar
 

Recommended

GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
Saikiran Panjala
 
Gsm security
Gsm securityGsm security
Gsm security
Ali Kamil
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
RK Nayak
 
Cryptography in GSM
Cryptography in GSMCryptography in GSM
Cryptography in GSM
Tharindu Weerasinghe
 
Gsm security final
Gsm security finalGsm security final
Gsm security final
Sanket Yavalkar
 
Presentation one-gsm
Presentation one-gsmPresentation one-gsm
Presentation one-gsm
Abu Sadat Mohammed Yasin
 
Gsm security by usman zulfqar
Gsm security by usman zulfqarGsm security by usman zulfqar
Gsm security by usman zulfqar
usman zulfqar
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
RUpaliLohar
 
GSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesGSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE Technologies
Engr.MEESHU SHARKER
 
GSM Security
GSM SecurityGSM Security
GSM Security
smita gupta
 
GSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaGSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj Verma
OWASP Delhi
 
Gsm Security and Attacks
Gsm Security and AttacksGsm Security and Attacks
Gsm Security and Attacks
Abdullah Mohamed
 
Security in GSM
Security in GSMSecurity in GSM
Security in GSM
Dr. Ramchandra Mangrulkar
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Naveen Kumar
 
Introduction to SIM and USIM
Introduction to SIM and USIMIntroduction to SIM and USIM
Introduction to SIM and USIM
Naveen Jakhar, I.T.S
 
Final gsm1
Final gsm1Final gsm1
Final gsm1
Arun Kumar
 
new Algorithm1
new Algorithm1new Algorithm1
new Algorithm1
asmita satpute
 
Research paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSGResearch paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSG
Anshul Sahu
 
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iaetsd Iaetsd
 
Gsm for-dummies
Gsm for-dummiesGsm for-dummies
Gsm for-dummies
Heni Sutadi
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
frcarlson
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umts
Ankit Gupta
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
P1Security
 
IRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS Sensor
IRJET Journal
 
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowejPLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PROIDEA
 
Global System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security SystemGlobal System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security System
IJERA Editor
 
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionOpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
Luca Bongiorni
 
GSM - Addresses and Identifiers
GSM - Addresses and IdentifiersGSM - Addresses and Identifiers
GSM - Addresses and Identifiers
Salman Khan
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
Priyanka Aash
 
Gsm fundamentals
Gsm fundamentalsGsm fundamentals
Gsm fundamentals
Mohamed Sewailam
 

More Related Content

What's hot

GSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesGSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE Technologies
Engr.MEESHU SHARKER
 
GSM Security
GSM SecurityGSM Security
GSM Security
smita gupta
 
GSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaGSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj Verma
OWASP Delhi
 
Gsm Security and Attacks
Gsm Security and AttacksGsm Security and Attacks
Gsm Security and Attacks
Abdullah Mohamed
 
Security in GSM
Security in GSMSecurity in GSM
Security in GSM
Dr. Ramchandra Mangrulkar
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Naveen Kumar
 
Introduction to SIM and USIM
Introduction to SIM and USIMIntroduction to SIM and USIM
Introduction to SIM and USIM
Naveen Jakhar, I.T.S
 
Final gsm1
Final gsm1Final gsm1
Final gsm1
Arun Kumar
 
new Algorithm1
new Algorithm1new Algorithm1
new Algorithm1
asmita satpute
 
Research paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSGResearch paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSG
Anshul Sahu
 
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iaetsd Iaetsd
 
Gsm for-dummies
Gsm for-dummiesGsm for-dummies
Gsm for-dummies
Heni Sutadi
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
frcarlson
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umts
Ankit Gupta
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
P1Security
 
IRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS Sensor
IRJET Journal
 
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowejPLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PROIDEA
 
Global System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security SystemGlobal System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security System
IJERA Editor
 

What's hot (18)

GSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesGSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE Technologies
 
GSM Security
GSM SecurityGSM Security
GSM Security
 
GSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaGSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj Verma
 
Gsm Security and Attacks
Gsm Security and AttacksGsm Security and Attacks
Gsm Security and Attacks
 
Security in GSM
Security in GSMSecurity in GSM
Security in GSM
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
 
Introduction to SIM and USIM
Introduction to SIM and USIMIntroduction to SIM and USIM
Introduction to SIM and USIM
 
Final gsm1
Final gsm1Final gsm1
Final gsm1
 
new Algorithm1
new Algorithm1new Algorithm1
new Algorithm1
 
Research paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSGResearch paper_Anshul _Ankita_RSG
Research paper_Anshul _Ankita_RSG
 
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
Iirdem smart gun with rfid gps and gsm modules for remote enabling disabling ...
 
Gsm for-dummies
Gsm for-dummiesGsm for-dummies
Gsm for-dummies
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umts
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
 
IRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS Sensor
 
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowejPLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
 
Global System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security SystemGlobal System for Mobile Communication Based Smart Home Security System
Global System for Mobile Communication Based Smart Home Security System
 

Similar to Gsm security

OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionOpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
Luca Bongiorni
 
GSM - Addresses and Identifiers
GSM - Addresses and IdentifiersGSM - Addresses and Identifiers
GSM - Addresses and Identifiers
Salman Khan
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
Priyanka Aash
 
Gsm fundamentals
Gsm fundamentalsGsm fundamentals
Gsm fundamentals
Mohamed Sewailam
 
Gsm
GsmGsm
Gsm
Nur Islam
 
Gsm1
Gsm1Gsm1
Gsm1
Vikran Kottaisamy
 
GSM Introduction
GSM IntroductionGSM Introduction
GSM Introduction
Tempus Telcosys
 
Gsm location management by Engr.Hedayat ullah shujaee
Gsm location management by Engr.Hedayat ullah shujaeeGsm location management by Engr.Hedayat ullah shujaee
Gsm location management by Engr.Hedayat ullah shujaee
Hedayatullah shujaee
 
SecurityGen-Article-Cloning-SimCard.pdf
SecurityGen-Article-Cloning-SimCard.pdfSecurityGen-Article-Cloning-SimCard.pdf
SecurityGen-Article-Cloning-SimCard.pdf
Security Gen
 
Rk 3 gsm network
Rk 3 gsm networkRk 3 gsm network
Rk 3 gsm network
Azri Randy
 
Rk 3 gsm network @guddu
Rk 3 gsm network @gudduRk 3 gsm network @guddu
Rk 3 gsm network @guddu
sarojsatpathy49
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
PositiveTechnologies
 
GSM
GSMGSM
GSM
JAI MCA-STUDENT
 
Test
TestTest
Test
guest833bf3b
 
Total GSM Concept
Total GSM ConceptTotal GSM Concept
Total GSM Concept
Tempus Telcosys
 
Gsm for-dummies
Gsm for-dummiesGsm for-dummies
Gsm for-dummies
Ramania Kartikaningtyas
 
GSM Architecture.ppt
GSM Architecture.ppt GSM Architecture.ppt
GSM Architecture.ppt
Danish Mahmood
 
Gsm1
Gsm1Gsm1
Gsm1
Tempus Telcosys
 
Gsm Srsly (Shmoocon)
Gsm Srsly (Shmoocon)Gsm Srsly (Shmoocon)
Gsm Srsly (Shmoocon)
SecurityTube.Net
 
One m2m 4- identifier_resoruce structure
One m2m 4- identifier_resoruce structureOne m2m 4- identifier_resoruce structure
One m2m 4- identifier_resoruce structure
Hamdamboy (함담보이)
 

Similar to Gsm security (20)

OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionOpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
 
GSM - Addresses and Identifiers
GSM - Addresses and IdentifiersGSM - Addresses and Identifiers
GSM - Addresses and Identifiers
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
 
Gsm fundamentals
Gsm fundamentalsGsm fundamentals
Gsm fundamentals
 
Gsm
GsmGsm
Gsm
 
Gsm1
Gsm1Gsm1
Gsm1
 
GSM Introduction
GSM IntroductionGSM Introduction
GSM Introduction
 
Gsm location management by Engr.Hedayat ullah shujaee
Gsm location management by Engr.Hedayat ullah shujaeeGsm location management by Engr.Hedayat ullah shujaee
Gsm location management by Engr.Hedayat ullah shujaee
 
SecurityGen-Article-Cloning-SimCard.pdf
SecurityGen-Article-Cloning-SimCard.pdfSecurityGen-Article-Cloning-SimCard.pdf
SecurityGen-Article-Cloning-SimCard.pdf
 
Rk 3 gsm network
Rk 3 gsm networkRk 3 gsm network
Rk 3 gsm network
 
Rk 3 gsm network @guddu
Rk 3 gsm network @gudduRk 3 gsm network @guddu
Rk 3 gsm network @guddu
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
 
GSM
GSMGSM
GSM
 
Test
TestTest
Test
 
Total GSM Concept
Total GSM ConceptTotal GSM Concept
Total GSM Concept
 
Gsm for-dummies
Gsm for-dummiesGsm for-dummies
Gsm for-dummies
 
GSM Architecture.ppt
GSM Architecture.ppt GSM Architecture.ppt
GSM Architecture.ppt
 
Gsm1
Gsm1Gsm1
Gsm1
 
Gsm Srsly (Shmoocon)
Gsm Srsly (Shmoocon)Gsm Srsly (Shmoocon)
Gsm Srsly (Shmoocon)
 
One m2m 4- identifier_resoruce structure
One m2m 4- identifier_resoruce structureOne m2m 4- identifier_resoruce structure
One m2m 4- identifier_resoruce structure
 

Recently uploaded

Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
UReason
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
Las Vegas Warehouse
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
architagupta876
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
abbyasa1014
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
Madan Karki
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
SakkaravarthiShanmug
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
21UME003TUSHARDEB
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
KrishnaveniKrishnara1
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
sachin chaurasia
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 

Recently uploaded (20)

Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 

Gsm security

  • 1. 11 GSM Security OverviewGSM Security Overview (Part 2)(Part 2) Max StepanovMax Stepanov
  • 2. 2 AgendaAgenda GSM Security ObjectivesGSM Security Objectives  Concerns, Goals, RequirementsConcerns, Goals, Requirements GSM Security MechanismsGSM Security Mechanisms SIM AnatomySIM Anatomy Algorithms and AttacksAlgorithms and Attacks  COMP128COMP128  Partitioning Attack on COMP128Partitioning Attack on COMP128 ((J. Rao, P. Rohantgi, H. Scherzer, S. TunguelyJ. Rao, P. Rohantgi, H. Scherzer, S. Tunguely))
  • 3. 3 GSM Security ConcernsGSM Security Concerns OperatorsOperators  Bills right peopleBills right people  Avoid fraudAvoid fraud  Protect ServicesProtect Services CustomersCustomers  PrivacyPrivacy  AnonymityAnonymity Make a system at least secure as PSTNMake a system at least secure as PSTN
  • 4. 4 GSM Security GoalsGSM Security Goals Confidentiality and Anonymity on the radioConfidentiality and Anonymity on the radio pathpath Strong client authentication to protect theStrong client authentication to protect the operator against the billing fraudoperator against the billing fraud Prevention of operators fromPrevention of operators from compromising of each others’ securitycompromising of each others’ security  InadvertentlyInadvertently  Competition pressureCompetition pressure
  • 5. 5 GSM Security DesignGSM Security Design RequirementsRequirements The security mechanismThe security mechanism  MUST NOTMUST NOT Add significant overhead on call set upAdd significant overhead on call set up Increase bandwidth of the channelIncrease bandwidth of the channel Increase error rateIncrease error rate Add expensive complexity to the systemAdd expensive complexity to the system  MUSTMUST Cost effective schemeCost effective scheme  Define security proceduresDefine security procedures Generation and distribution of keysGeneration and distribution of keys Exchange information between operatorsExchange information between operators Confidentiality of algorithmsConfidentiality of algorithms
  • 6. 6 GSM Security FeaturesGSM Security Features Key management is independent of equipmentKey management is independent of equipment  Subscribers can change handsets without compromisingSubscribers can change handsets without compromising securitysecurity Subscriber identity protectionSubscriber identity protection  not easy to identify the user of the system intercepting a usernot easy to identify the user of the system intercepting a user datadata Detection of compromised equipmentDetection of compromised equipment  Detection mechanism whether a mobile device wasDetection mechanism whether a mobile device was compromised or notcompromised or not Subscriber authenticationSubscriber authentication  The operator knows for billing purposes who is using the systemThe operator knows for billing purposes who is using the system Signaling and user data protectionSignaling and user data protection  Signaling and data channels are protected over the radio pathSignaling and data channels are protected over the radio path
  • 7. 7 GSM Mobile StationGSM Mobile Station Mobile StationMobile Station  Mobile Equipment (ME)Mobile Equipment (ME) Physical mobile devicePhysical mobile device IdentifiersIdentifiers  IMEI – International Mobile Equipment IdentityIMEI – International Mobile Equipment Identity  Subscriber Identity Module (SIM)Subscriber Identity Module (SIM) Smart Card containing keys, identifiers and algorithmsSmart Card containing keys, identifiers and algorithms IdentifiersIdentifiers  KKii – Subscriber Authentication Key– Subscriber Authentication Key  IMSI – International Mobile Subscriber IdentityIMSI – International Mobile Subscriber Identity  TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity  MSISDN – Mobile Station International Service DigitalMSISDN – Mobile Station International Service Digital NetworkNetwork  PIN – Personal Identity Number protecting a SIMPIN – Personal Identity Number protecting a SIM  LAI – location area identityLAI – location area identity
  • 8. 8 GSM ArchitectureGSM Architecture Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS BTS
  • 9. 9 Subscriber Identity ProtectionSubscriber Identity Protection TMSI – Temporary Mobile Subscriber IdentityTMSI – Temporary Mobile Subscriber Identity  GoalsGoals TMSI is used instead of IMSI as an a temporary subscriber identifierTMSI is used instead of IMSI as an a temporary subscriber identifier TMSI prevents an eavesdropper from identifying of subscriberTMSI prevents an eavesdropper from identifying of subscriber  UsageUsage TMSI is assigned when IMSI is transmitted to AuC on the first phoneTMSI is assigned when IMSI is transmitted to AuC on the first phone switch onswitch on Every time a location update (new MSC) occur the networks assignsEvery time a location update (new MSC) occur the networks assigns a new TMSIa new TMSI TMSI is used by the MS to report to the network or during a callTMSI is used by the MS to report to the network or during a call initializationinitialization Network uses TMSI to communicate with MSNetwork uses TMSI to communicate with MS On MS switch off TMSI is stored on SIM card to be reused next timeOn MS switch off TMSI is stored on SIM card to be reused next time  The Visitor Location Register (VLR) performs assignment,The Visitor Location Register (VLR) performs assignment, administration and update of the TMSIadministration and update of the TMSI
  • 10. 10 Key Management SchemeKey Management Scheme KKii – Subscriber Authentication Key– Subscriber Authentication Key  Shared 128 bit key used for authentication of subscriber byShared 128 bit key used for authentication of subscriber by the operatorthe operator  Key StorageKey Storage Subscriber’s SIM (owned by operator, i.e. trusted)Subscriber’s SIM (owned by operator, i.e. trusted) Operator’s Home Locator Register (HLR) of the subscriber’sOperator’s Home Locator Register (HLR) of the subscriber’s home networkhome network SIM can be used with different equipmentSIM can be used with different equipment
  • 11. 11 Detection of CompromisedDetection of Compromised EquipmentEquipment International Mobile Equipment Identifier (IMEI)International Mobile Equipment Identifier (IMEI)  Identifier allowing to identify mobilesIdentifier allowing to identify mobiles  IMEI is independent of SIMIMEI is independent of SIM  Used to identify stolen or compromised equipmentUsed to identify stolen or compromised equipment Equipment Identity Register (EIR)Equipment Identity Register (EIR)  Black list – stolen or non-type mobilesBlack list – stolen or non-type mobiles  White list - valid mobilesWhite list - valid mobiles  Gray list – local tracking mobilesGray list – local tracking mobiles Central Equipment Identity Register (CEIR)Central Equipment Identity Register (CEIR)  Approved mobile type (type approval authorities)Approved mobile type (type approval authorities)  Consolidated black list (posted by operators)Consolidated black list (posted by operators)
  • 12. 12 AuthenticationAuthentication Authentication GoalsAuthentication Goals  Subscriber (SIM holder) authenticationSubscriber (SIM holder) authentication  Protection of the network againstProtection of the network against unauthorized useunauthorized use  Create a session keyCreate a session key Authentication SchemeAuthentication Scheme  Subscriber identification: IMSI or TMSISubscriber identification: IMSI or TMSI  Challenge-Response authentication of theChallenge-Response authentication of the subscriber by the operatorsubscriber by the operator
  • 13. 13 Authentication and EncryptionAuthentication and Encryption SchemeScheme A3 Mobile Station Radio Link GSM Operator A8 A5 A3 A8 A5 Ki Ki Challenge RAND KcKc mi Encrypted Data mi SIM Signed response (SRES) SRESSRES Fn Fn Authentication: are SRES values equal?
  • 14. 14 AuthenticationAuthentication AuC – Authentication CenterAuC – Authentication Center  Provides parameters for authentication andProvides parameters for authentication and encryption functions (RAND, SRES, Kencryption functions (RAND, SRES, Kcc)) HLR – Home Location RegisterHLR – Home Location Register  Provides MSC (Mobile Switching Center) with triplesProvides MSC (Mobile Switching Center) with triples (RAND, SRES, K(RAND, SRES, Kcc))  Handles MS locationHandles MS location VLR – Visitor Location RegisterVLR – Visitor Location Register  Stores generated triples by the HLR when aStores generated triples by the HLR when a subscriber is not in his home networksubscriber is not in his home network  One operator doesn’t have access to subscriber keysOne operator doesn’t have access to subscriber keys of the another operator.of the another operator.
  • 15. 15 A3 – MS Authentication AlgorithmA3 – MS Authentication Algorithm GoalGoal  Generation of SRES response to MSC’sGeneration of SRES response to MSC’s random challenge RANDrandom challenge RAND A3 RAND (128 bit) Ki (128 bit) SRES (32 bit)
  • 16. 16 A8 – Voice Privacy Key GenerationA8 – Voice Privacy Key Generation AlgorithmAlgorithm GoalGoal  Generation of session key KGeneration of session key Kss A8 specification was never made publicA8 specification was never made public A8 RAND (128 bit) Ki (128 bit) KC (64 bit)
  • 17. 17 Logical ImplementationLogical Implementation of A3 and A8of A3 and A8 Both A3 and A8 algorithms areBoth A3 and A8 algorithms are implemented on the SIMimplemented on the SIM  Operator can decide, which algorithm to use.Operator can decide, which algorithm to use.  Algorithms implementation is independent ofAlgorithms implementation is independent of hardware manufacturers and networkhardware manufacturers and network operators.operators.
  • 18. 18 Logical ImplementationLogical Implementation of A3 and A8of A3 and A8 COMP128 is used for both A3 and A8 inCOMP128 is used for both A3 and A8 in most GSM networks.most GSM networks.  COMP128 is a keyed hash functionCOMP128 is a keyed hash function COMP128 RAND (128 bit) Ki (128 bit) 128 bit output SRES 32 bit and Kc 54 bit
  • 19. 19 A5 – Encryption AlgorithmA5 – Encryption Algorithm  A5 is a stream cipherA5 is a stream cipher Implemented very efficiently on hardwareImplemented very efficiently on hardware Design was never made publicDesign was never made public Leaked to Ross Anderson and Bruce SchneierLeaked to Ross Anderson and Bruce Schneier  VariantsVariants A5/1 – the strong versionA5/1 – the strong version A5/2 – the weak versionA5/2 – the weak version A5/3A5/3  GSM Association Security Group and 3GPP designGSM Association Security Group and 3GPP design  Based on Kasumi algorithm used in 3G mobile systemsBased on Kasumi algorithm used in 3G mobile systems
  • 20. 20 Logical A5 ImplementationLogical A5 Implementation A5 Kc (64 bit)Fn (22 bit) 114 bit XOR Data (114 bit) A5 Kc (64 bit)Fn (22 bit) 114 bit XOR Ciphertext (114 bit) Data (114 bit) Mobile Station BTS Real A5 output is 228 bit for both directionsReal A5 output is 228 bit for both directions
  • 21. 21 A5 EncryptionA5 Encryption Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS BTS A5 Encryption
  • 22. 22 SIM AnatomySIM Anatomy  Subscriber Identification Module (SIM)Subscriber Identification Module (SIM) Smart Card – a single chip computer containing OS, FileSmart Card – a single chip computer containing OS, File System, ApplicationsSystem, Applications Protected by PINProtected by PIN Owned by operator (i.e. trusted)Owned by operator (i.e. trusted) SIM applications can be written with SIM ToolkitSIM applications can be written with SIM Toolkit
  • 24. 24 Microprocessor CardsMicroprocessor Cards Typical specificationTypical specification  8 bit CPU8 bit CPU  16 K ROM16 K ROM  256 bytes RAM256 bytes RAM  4K EEPROM4K EEPROM  Cost: $5-50Cost: $5-50 Smart Card TechnologySmart Card Technology  Based on ISO 7816 definingBased on ISO 7816 defining Card size, contact layout, electrical characteristicsCard size, contact layout, electrical characteristics I/O Protocols:I/O Protocols: byte/block basedbyte/block based File StructureFile Structure
  • 26. 26 Attack CategoriesAttack Categories SIM AttacksSIM Attacks Radio-link interception attacksRadio-link interception attacks Operator network attacksOperator network attacks  GSM does not protect an operator’s networkGSM does not protect an operator’s network
  • 27. 27 Attack HistoryAttack History 19911991  First GSM implementation.First GSM implementation. April 1998April 1998  The Smartcard Developer Association (SDA) together with U.C.The Smartcard Developer Association (SDA) together with U.C. Berkeley researches cracked the COMP128 algorithm stored in SIM andBerkeley researches cracked the COMP128 algorithm stored in SIM and succeeded to get Ksucceeded to get Kii within several hours. They discovered that Kc useswithin several hours. They discovered that Kc uses only 54 bits.only 54 bits. August 1999August 1999  The week A5/2 was cracked using a single PC within seconds.The week A5/2 was cracked using a single PC within seconds. December 1999December 1999  Alex Biryukov, Adi Shamir and David Wagner have published theAlex Biryukov, Adi Shamir and David Wagner have published the scheme breaking the strong A5/1 algorithm. Within two minutes ofscheme breaking the strong A5/1 algorithm. Within two minutes of intercepted call the attack time was only 1 second.intercepted call the attack time was only 1 second. May 2002May 2002  The IBM Research group discovered a new way to quickly extract theThe IBM Research group discovered a new way to quickly extract the COMP128 keys using side channels.COMP128 keys using side channels.
  • 29. 29 COMP128COMP128 Pseudo-code of the compression in COMP128 algorithm •X[0..15] = Ki; X[16..31] = RAND; •Lookup tables: T0[512], T1[256], T2[128], T3[64], T4[32]
  • 31. 31 Actual Information AvailableActual Information Available Side Channels •Power Consumption •Electromagnetic radiation •Timing •Errors •Etc. Side Channel Attacks Input Crypto Processing Sensitive Information Output Smart CardSmart Card
  • 32. 32 Simple Power DES AnalysisSimple Power DES Analysis SPA of DES operation performed by a typical Smart CardSPA of DES operation performed by a typical Smart Card  Above: initial permutation, 16 DES rounds, final permutationAbove: initial permutation, 16 DES rounds, final permutation  Below: detailed view of the second and third roundsBelow: detailed view of the second and third rounds
  • 33. 33 Partitioning Attack on COMP128Partitioning Attack on COMP128 Attack GoalAttack Goal  KKii stored on SIM cardstored on SIM card  KnowingKnowing KKii it’s possible to clone SIMit’s possible to clone SIM Cardinal PrincipleCardinal Principle  Relevant bits of all intermediate cycles and their values shouldRelevant bits of all intermediate cycles and their values should be statistically independent of the inputs, outputs, and sensitivebe statistically independent of the inputs, outputs, and sensitive information.information. Attack IdeaAttack Idea  Find a violation of theFind a violation of the Cardinal PrincipleCardinal Principle, i.e. side channels with, i.e. side channels with signals does depend on input, outputs and sensitive informationsignals does depend on input, outputs and sensitive information  Try to exploit theTry to exploit the statistical dependencystatistical dependency in signals to extract ain signals to extract a sensitive informationsensitive information
  • 34. 34 Partitioning Attack on COMP128Partitioning Attack on COMP128 How to implement 512 element THow to implement 512 element T00 table ontable on 8 bit Smart Card (i.e. index is 0..255)?8 bit Smart Card (i.e. index is 0..255)? Split 512 element table into two 256 element tablesSplit 512 element table into two 256 element tables It’s possible to detect access ofIt’s possible to detect access of different tables via side channels!different tables via side channels!  Power Consumption  Electromagnetic radiation
  • 35. 35 Partitioning Attack on COMP128Partitioning Attack on COMP128 Pseudo-code of the compression in COMP128 algorithm •X[0..15] = Ki; X[16..31] = RAND; •Lookup tables: T0[512], T1[256], T2[128], T3[64], T4[32]
  • 36. 36 Partitioning Attack on COMP128Partitioning Attack on COMP128 K[0]K[0] K[1]K[1] K[15]K[15] R[0]R[0] R[15]R[15]…… ……R[0]R[0] TT00[y][y] K[1]K[1] K[15]K[15] TT00[z][z] R[15]R[15]…… ……R[0]R[0] y = K[0] + 2R[0]y = K[0] + 2R[0] z = 2K[0] + R[0]z = 2K[0] + R[0] 0 15 16 32 X Values ofValues of yy andand zz depend on the first bytes ofdepend on the first bytes of KK andand RR It’s possible to detect via side channels whether valuesIt’s possible to detect via side channels whether values ofof yy andand zz are within [0..255] or [256..511].are within [0..255] or [256..511].
  • 37. 37 Partitioning Attack on COMP128Partitioning Attack on COMP128 All we need is…All we need is…  A) FindA) Find R[0]R[0] such thatsuch that K[0] + 2R[0] (mod 512) < 256K[0] + 2R[0] (mod 512) < 256 K[0] + 2(R[0]+1) (mod 512) >= 256K[0] + 2(R[0]+1) (mod 512) >= 256 (There are only two options)(There are only two options)  B) Find R’[0] such thatB) Find R’[0] such that 2K[0] + R’[0] (mod 512) < 2562K[0] + R’[0] (mod 512) < 256 2K[0] + R’[0] + 1 (mod 512) >= 2562K[0] + R’[0] + 1 (mod 512) >= 256  C) One ofC) One of K[0]K[0] from A) will match B)from A) will match B) The key byte is always uniquely determined fromThe key byte is always uniquely determined from partitioning information.partitioning information. Computation of the others bytes ofComputation of the others bytes of KK is similar.is similar.
  • 38. 38 SummarySummary GSM Security ObjectivesGSM Security Objectives  Concerns, Goals, RequirementsConcerns, Goals, Requirements GSM Security MechanismsGSM Security Mechanisms SIM AnatomySIM Anatomy Algorithms and AttacksAlgorithms and Attacks  COMP128COMP128  Partitioning Attack on COMP128Partitioning Attack on COMP128