2. GSM is the most widely used cellular standard
Over 600 million users, mostly in Europe and Asia
Provides authentication and encryption capabilities
Today’s networks are 2G & 3G
Future (4G LTE)
4. Authentication
◦ network operator can verify the identity of the subscriber making
it infeasible to clone someone else’s mobile phone
Confidentiality
◦ protects voice, data and sensitive signalling information
(e.g. dialled digits) against eavesdropping on the radio
path
Anonymity
◦ protects against someone tracking the location of the user or
identifying calls made to or from the user by eavesdropping on
the radio path
5. Three algorithms have been specified to provide
security services in GSM.
A3 is used for authentication,
A5 for encryption, and
A8 for the generation of a cipher key
6. For authentication, the VLR sends the random value
RAND to the SIM.
The MS sends back the SRES generated by the SIM;
the VLR can now compare both values. If they are the
same, the VLR accepts the subscriber, otherwise the
subscriber is rejected.
7.
8. To ensure privacy .
All user-related data is encrypted. After authentication,
BTS (base transceiver station) and MS apply encryption
to voice, data, and signaling by applying the cipher key
Kc .
Kc is generated using the individual key Ki and a random
value by applying the algorithm A8.
This confidentiality exists only between MS and BTS, but
it does not exist end-to-end or within the whole GSM
network.
9. Note that the SIM in the MS and the network both calculate the
same Kc based on the random value RAND. The key Kc itself is
not transmitted over the air interface.
MS and BTS can now encrypt and decrypt data using the
algorithm A5 and the cipher key Kc.
Kc should be a 64 bit key – which is not very strong, but is at least a
good protection against simple eavesdropping.
However, the publication of A3 and A8 on the internet showed that in
certain implementations 10 bits out of 64 bits are always set to 0, so
that the real length of the key is thus only 54 consequently, the
encryption is much weaker.
10.
11. To provide user anonymity, all data is encrypted
before transmission, and user identifiers (which
would reveal an identity) are not used over the air.
Instead, GSM transmits a temporary identifier
(TMSI), which is newly assigned by the VLR after
each location update.
Additionally, the VLR can change the TMSI at any
time.
12. User identity confidentiality on the radio access link
◦ temporary identities (TMSIs) are allocated and used instead of
permanent identities (IMSIs)
Helps protect against:
◦ tracking a user’s location
◦ obtaining information about a user’s calling pattern
IMSI: International Mobile Subscriber Identity
TMSI: Temporary Mobile Subscriber Identity
13. The GSM cipher A5/2
◦ A5/2 is now so weak that the cipher key can be
discovered in near real time using a very small amount
of known plaintext
14. No requirement of
decrypting skills
Need a instrument that
captures microwave
Gains control of
communication between
MS and intended receiver
15.
16. • Design only provides access security - communications and
signalling in the fixed network portion aren’t protected
• Design does not address active attacks, whereby network elements
may be impersonated
• Design goal was only ever to be as secure as the fixed networks to
which GSM systems connect
• Short key size of Kc (64 bits) makes it more vulnerable to various
attacks
17. Mutual Authentication
• provides enhanced protection against false base station
attacks by allowing the mobile to authenticate the
network
Data Integrity
• provides enhanced protection against false base station
attacks by allowing the mobile to check the authenticity
of certain signalling messages
Network to Network Security
• Secure communication between serving networks.
MAPSEC (Mobile Application Part Securit) or IPsec can
be used
18. Wider Security Scope
• Security is based within the RNC rather than the base
station
Flexibility
• Security features can be extended and enhanced as
required by new threats and services
Longer Key Length
• Key length is 128 as against 64 bits in GSM
20. Mutual Authentication between user and the
network
Establishes a cipher key and integrity key
Assures user that cipher/integrity keys were not
used before, thereby providing protection against
replay attacks
21. Protection of some radio interface signalling
• protects against unauthorised modification, insertion and replay
of messages
• applies to security mode establishment and other critical
signalling procedures
Helps extend the influence of authentication when
encryption is not applied
Uses the 128-bit integrity key (IK) derived during
authentication
Integrity applied at the Radio Resource Control (RRC)
layer of the UMTS radio protocol stack
• signalling traffic only
22. Data on the radio path is encrypted between the Mobile
Equipment (ME) and the Radio Network Controller (RNC)
• protects user traffic and sensitive signalling data against
eavesdropping
• extends the influence of authentication to the entire duration of the
call
Uses the 128-bit encryption key (CK) derived during
authentication
23. No security for
communication
between network
elements in GSM
Easy to gain access
to sensitive
information such as
Kc
Network Domain
Security in UMTS
foils these attacks
24. UMTS builds upon security mechanisms of GSM, and in
addition provides following enhancements:
Encryption terminates at the radio network controller
Mutual authentication and integrity protection of critical
signalling procedures to give greater protection against false
base station attacks
Longer key lengths (128-bit)
Network Domain Security using MAPSEC or IPSec
25. GSM-Security: a Survey and Evaluation of the Current Situation, Paul
Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004
UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics &
Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp.
191- 204
"Evaluation of UMTS security architecture and services“, A. Bais, W.
Penzhorn, P. Palensky, Proceedings of the 4th IEEE International
Conference on Industrial Informatics, p. 6, Singapore, 2006
UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and
Sons, 2003
GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-
240, Springer-Verlag 1998