Professional Documents
Culture Documents
Synopsis
For M.Tech programme
Submitted By:
MEGHNA SHARMA
2013
JECRC UNIVERSITY, JAIPUR
INTRODUCTION
Global System for Mobile Communications (GSM) is the most popular mobile phone
system in the world. According to a press release by the GSM Association recently,
there are more than 747.5 million subscribers in over 184 countries today by the time
of September 2002, accounting for 71.2% of the World's digital market and 69% of
the World's wireless market. The number of subscribers worldwide is expected to
surpass one billion by the end of 2003[1] (GSM Association. www.gsmworld.com
The typical architecture of gsm :-
REVIEW OF LITERATURE
Security is the first and the foremost priority with in any communication, the advent in
technology is based upon the technology that promises the most secure and rapid
means of communication. GSM is one of the world's largest growing
communications. This review main focus is to bring forward the basic procedure
involved in call authentication starting from the switching on of cell. The report also
focuses on the basic algorithms involved in the authentication. Furthermore it is
intended to bring to the light the procedure involved in the encryption of call that
makes it secure over the air and keeps the privacy of the user intact. The algorithms
involved in the encryptions are therefore also discussed in the review.
The review provides an equipped background to cover the following field key areas
with all basicity:-
HISTORY & INTRODUCTION TO THE NEED OF SECURITY:For the first day of known mankind history the means of communication has always
been a keystone in human development. From the days of peace to the days of war
the message conveying is vulnerable to the needs of our day to day dealings
especially in wars where not only communication is needed but also a secure
communication is needed . as the land was discovered more and more need of
developing a communication system was felt which could transmit the base bands to
a larger coverage band around the globe
AMPS TECHONOLOGY:The evolution of mobile communication has been almost wholly in 3 different
geographic regions. The standards that were born in these regions were quite
independent. The 3 regions are North America, Europe and Japan. The earlier
mobile or wireless technologies were wholly analog and are collectively known as 1st
Generation (1G) technologies.[3]
GSM ARCHITECTURE:GSM is basically composed of two sets of communication chunks. One that is mobile
station (MS) and other is the network. MS further is divided into two components,
SIM (SUBSCRIBER IDENTITY MODULE), and mobile equipment (ME).mobile
equipment has all the necessary information how to transmit the data and voice calls
it has low power transmitter, and receiver. The ME further has a encryption
algorithms also which will be discussed later in encryption.[4]
INTRODUCTION TO BASIC GSM NETWORK:Gsm network has basically two divisions:1. BSS (BASE STATION SUBSYSTEM)
2. NSS (NETWORK AND SWITCHING SUBSYSTEM)
BSS consists of the BTS and BSC .BTS is a base transceiver station that can
transmit and receive the data and is connected to BSC at back end . BSC is base
station controller forms a interface with the MSC.
NETWORK SUBSYSTEM
Network subsystem is composed of the followings components:Mobile services Switching Center (MSC)
Home Location Register (HLR)
Visitor Location Register (VLR)
Equipment Identity Register (EIR)
Authentication Center (AuC)
Home location register is a permanent data base that stores all necessary
information regarding user particulars. For example msisdn, imsi etc. VLR stores any
location based update whenever a user transits between tow locations the data is
sent to new VLR from old VLR via HLR.AUC is a core of network security and
performs all tasks pertaining to call authentication encryption billing etc. EIR stores
the unique equipment identity number that is used by VLR and AUC if tracking is
necessary even it maintains the blacklist mobiles that are reported by federal
agencies as stolen.
GSM SECURITY FEATURES:Gsm involves two basic security parameters authentication and encryption.
INTRODUCTION TO A3 ALGORTHIM :AUC generates a 128 bit random challenge known as RAND. this RAND is sent to
the MS and Ki Both are used as an input to the A3 algorithm which proceses these
inputs and gives out a 32 bit SRES signed response.AUC and MS both calculate the
SRES abnd this SRES is compared if matched the authentication is granted note
that SRES is 32 bit. The GSM network authenticates the identity of the subscriber
through the use of a challenge-response mechanism. A 128-bit random number
(RAND) is sent to the MS. The MS computes the 32-bit signed response (SRES)
based on the encryption of the random number (RAND) with the authentication
algorithm (A3) using the individual subscriber authentication key (Ki). Upon receiving
the signed response (SRES) from the subscriber, the GSM network repeats the
calculation to verify the identity of the subscriber. Note that the individual subscriber
authentication key (Ki) is never transmitted over the radio channel. It is present in the
subscriber's SIM, as well as the AUC, HLR, and VLR databases as previously
described. If the received SRES agrees with the calculated value, the MS has been
successfully authenticated and may continue. If the values do not match, the
connection is terminated and an authentication failure indicated to the MS.[5]
INTRODUCTION TO ENCRYPTION IN GSM:-
allows the public key to be openly distributed. Data encrypted with a given public key
may only be decrypted with the corresponding private key, and vice versa. This is
functionally expressed as follows:
C=Epub(P), P=Dpriv(C)
C=Epriv(P), P=Dpub(C)
Public key cryptography simplifies the problem of key management in that two
parties may exchange encrypted data without having exchanged any sensitive key
information. Digital Signatures also make use of public key cryptography, and
commonly consist of the output of a one-way hash function for a message with a
private key. This enables security features such as authentication and nonrepudiation. The most common example of a public key algorithm is RSA, named
after its inventors Rivest, Shamir, and Adleman. The security features of GSM,
however, do not make use of any type of public key cryptography. [6]
Key Strength :
This section focuses on key length as a figure of merit of an encryption algorithm.
Assuming a brute-force search of every possible key is the most efficient method of
cracking an encrypted message (a big assumption), Table 1 shown below
summarizes how long it would take to decrypt a message with a given key length,
assuming a cracking machine capable of one million encryptions per second.
The time required for a 128-bit key is extremely large; as a basis for comparison the
age of the Universe is believed to be 1.6x10^10 years. An example of an algorithm
with a 128-bit key is the International Data Encryption Algorithm (IDEA). The key
length may alternately be examined by determining the number of hypothetical
cracking machines required to decrypt a message in a given period of time.
A machine capable of testing one million keys per second is possible by today's
standards. In considering the strength of an encryption algorithm, the value of the
information being protected should be taken into account. It is generally accepted
that DES with its 56-bit key will have reached the end of its useful lifetime by the turn
of the century for protecting data such as banking transactions. Assuming that the A5
algorithm has an effective key length of 40 bits (instead of 64), it currently provides
adequate protection for information with a short lifetime. A common observation is
that the "tactical lifetime" of cellular telephone conversations is on the order of
weeks.
Revise the review of literature and concern about 10-15 research papers and
mention paper wise outcome in standard format.
CONCLUSION
The security mechanisms specified in the GSM standard make it the most secure
cellular telecommunications system available. The use of authentication, encryption,
and temporary identification numbers ensures the privacy and anonymity of the
system's users, as well as safeguarding the system against fraudulent use. Even
GSM systems with the A5/2 encryption algorithm or even with no encryption are
inherently more secure than analog systems due to their use of speech coding,
digital modulation, and TDMA channel access
LIMITATIONS
Problems with GSM security
Security by obscurity - which means that all of the algorithms used are not available
to the public. Most security analysts believe any system that is not subject to the
scrutiny of the worlds best minds cant be as secure.
Only provides access security. All communication between the Mobile Station and
the Base Transceiver Station are encrypted. But all communications and signalling is
generally transmitted in plain text in the fixed network.
Difficult to upgrade the cryptographic mechanisms
Lack of user visibility (e.g. doesnt know if encrypted or not)
The flaw of the algorithms.
the
tool and
METHADOLOGY
The Security Mechanism
MUST NOT :
1.
2.
3.
4.
MUST :
1. Cost Effective Schemes.
some
idea
towards
REFERENCES
[1] GSM Association. www.gsmworld.com
[2] European Telecommunications Standards Institute, Recommendation GSM
02.09, "SecurityAspects".
[3] Van der Arend, P. J. C., "Security Aspects and the Implementation in the GSM
System," Proceedings of the Digital Cellular Radio Conference, Hagen, Westphalia,
Germany, October, 1988.
[4]Zheng Yuliang , Enhancing Security in GSM , October 2008
[5] Hodges, M.R.L., "The GSM Radio Interface," British Telecom Technology Journal,
Vol. 8, No. 1, January 1990, pp. 31-43.
[6] Cooke, J.C.; Brewster, R.L., "Cyptographic Security Techniques for Digital Mobile
Telephones," Proceedings of the IEEE International Conference on Selected Topics
in Wireless Communications, Vancouver, B.C., Canada, 1992.
[7] Recent and archived news articles by Kevin J. O'Brien of The International
Herald Tribune and The New York Times.
[8] Security Aspects , European Telecommunication Standards Institute , August
2000.