GSM SECURITY




Faculty Mentor:
Dr. Manjot Kaur Bhatia

Student Name:
Rishabh Gupta (MCA-I)
Ankit Sharma(MCA-I)



1. Introduction:

Global system for mobile (GSM) It’s standard developed by European telecommunications standards institute. It was developed in Finland by Radiolinja in Dec’1991. Later on, it was known as Group special module. In 2014, it has become the global standard for mobile communications which is used to describe protocols for 2G networks. In this article we are going to read about GSM security, GSM is the most secured cellular telecommunication system available. It provide end-to-end confidentiality of the calls. In GSM security mechanism it Authenticate the user, Ciphering the data, Confidentiality of a user identity and Using SIM as security module. And we’re going to cover that how Authentication and Encryption can be done in GSM security.

2. PROBLEMS IN GSM SECURITY:

The more application and software devices get connected to through the internet, the more unsafe these devices become. It is more important to separate the network traffic from the databases where the data or information is stored. All web applications may not be trusted due to lack of security on a network between mobile users are considered unprotected.

1. Unilateral authentication & vulnerability to the man-in-the-middle: This is the network that verifies users. The user does not verify network so the attacker can use a false BTS (Base Transciever Station) with the
same mobile network and perform a man-in-the-middle attack. The attacker can perform various structure to modify the exchanged data.
2. SIM card cloning: This attack can be indicated as a more active attack because of the attacker clone the SIM and use it for his unlawful purposes. The attacker gets the data from the Auc servers of the user's network operator and with the help of that data, the attacker listens to the user's communications.
3. Over-the-air cracking: This can be practised by sending various challenges over the air to the SIM and examine the responses . after finding Ki and IMSI of the target subscriber, the attacker can clone the SIM and make other services such as SMS in the name of the victim subscriber. The attacker will experience a minor problem. The GSM network allows only one SIM to access to the network so if the attacker and the victim subscriber try to access the SIM from a different location, the network will detect the duplication and damage the affected account. 3. User Authentication in GSM:



As you can see in figure1 that how authentication has been done in Mobile network and SIM (End user). The mobile network generates a random number(RAND) of 128bits then send it to SIM. SIM receives those RAND number from a mobile network. SIM is having Ki (ki is Individual subscriber authentication number) which is different for a person to person. Every different SIM having different Ki number. Ki is assigned by Mobile network. SIM took RAND and Ki (authentication number) of 128 bits then we apply the A3 algorithm on it which is used for Authentication. Then SIM generates SRES(Signal response) of 32bits. Parallel, the mobile network takes RAND and Ki of 128bits to use the data to produce an ideal signal response by using A3 also. Then both the SRES are stored in MSC(Mobile switching centre) in which we check that whether the SRES(Signal response) of mobile network and SIM are equal or not. Once access control (AC) found both SRES are same then it connect the call.

There are essentially 4 different algorithms are used to secure GSM communication. These are called A5/0 up to A5/3.Out of these four algorithms, only 3 provide the encryption. In today’s time, only 2 out of these 4 algorithms is used for encryption.

These are those Stream Cipher algorithms:

1. A5/0

When we choose the encryption cypher then it does not encrypt the communication between the Base station sub-system and mobile device.

2. A5/1

This is the most widely used algorithm around the world in order to ensure the privacy of conversation on GSM mobile phones. A5/1 produced 114 bits of output which is XOR-ed with plain-text which is used for encryption and decryption. This cipher is developed in 1987.

3. A5/2

Its also one of the types of a stream cipher, which has not been used for a very long time because A5/2 cipher is weak. It has been developed a little while after A5/1 as a deliberately weakened version due to the export restrictions on cryptography. In fact, A5/2 does not provide a higher level of protection then A5/2 does not provide a higher level of protection than A5/0. A5/0 is used to provide voice privacy in the GSM cellular telephone protocol. Only A5/0, A5/1, A5/2 provides encryption.

4. A5/3
A5/3 cipher is also known as KASUMI. It is a block cipher, not a system cipher. KASUMI to use in UNTS (universal mobile telecommunication), GSM and GPRS mobile communication system GPRS. The A5/3 algorithm is more secure in comparison to A5/1.
4. Encryption is one of the mean for User Authentication in GSM:



Figure2 shows that how to generate the cipher key and how data can be encrypted.
Again same this process has been taken place between Mobile network and Mobile station/SIM (End user). As we already read that Mobile network generates the random number(RAND) of 128bits then send it to SIM. SIM receives those RAND number from a mobile network. SIM has Ki (that is Individual subscriber authentication number) which is different for a person to person. Different SIM card having different Ki number. Ki is assigned by Mobile network. SIM took RAND and Ki (authentication number) of 128 bits then we pass it in the A8 algorithm to generate the cipher key. Then SIM generates cipher key(KC) which is of 64 bits.
Equidistant, mobile network take RAND and Ki of 128bits to produce cipher key of 64bits by using A8. Then after it, we use that cipher key with some data to use encryption over that data by using the A5 algorithm. Mobile network encryption takes place in BTS & cipher key generated in access control. SIM encryption has been done in MS & cipher key generated in SIM.