Introduction
The Global system for Mobile Communications (GSM) is the most widely used system for cellular mobile communication. The GSM accounts for over 100 million mobile subscribers scattered across the globe. The system was developed to overcome weaknesses inherent in preceding analog system that was used for mobile communication. Analog systems were prone to fraud through techniques such as cloning of phones to allow calls at the expense of another individual and the ease of intercepting calls over the air (Pesonen 2).
These inconsistencies in the analog system were costly and as such the GSM system was developed to correct these problems. Among the schemes that were implemented in the GSM system to achieve this included the improvement of authentication between communicating parties and the improvement of data encryption for data transmitted from one point to the next (Pesonen 2).
For security purposes the GSM consortium shrouded the specifications for the system in secrecy and placed restrictions on its distribution. The objective of the consortium in doing this was to prevent the open science community from studying the encryption and ciphering techniques as well as the entire GSM security model. It was believed that the less the public knew about the algorithms the harder they would be to crack. However, the scrutiny of algorithms by the open science community is not without benefit (Pesonen 2).
Reports indicate that the source of strength for any cryptographic algorithm lies in the key. The exposure of this key for analysis by a team of experts is useful in making the algorithm stronger. Thus keeping an algorithm locked up is likely to maintain any weaknesses inherent in the algorithm. However, the algorithm eventually leaked and was extensively analyzed with some very interesting outcomes (Pesonen 2).
Security within the GSM Architecture
The GSM system revolves around two components which are essential for operation of the architecture namely the actual network and its components and mobile stations (MS). The users communicating over GSM systems use radio waves for communicating and the network services to facilitate the process. The infrastructure of a GSM network consists of Base Stations (BSS), Switching and Management System (SMSS) and the Operation and Maintenance System (OMSS). The function of a Base Station is provision of radio channels BSS provides the radio channels and handling of all user data traffic on the network (Peng 2). The SMSS is in place to route all traffic on the network while the OMSS handles all the network control and maintenance.
The Mobile Station consists of a physical device that is also referred to as Mobile equipment (ME) e.g. cell phone and the microprocessor based SIM module. The SIM or Subscriber Identification Module is normally either a fixed microchip in the device or an exchangeable chip inserted into a communication device. The SIM is microprocessor based device with onboard non volatile memory. The SIM has three types of memory installed each with a different function. The ROM contains the operating system, applications and security algorithms A3 and A8 which will be discussed later. The SIM module has built in memory that is used during data transmission and as a buffer during execution of applications. The SIM also has EEPROM which serves as a repository information about the subscriber such as the Personal Identification Number (PIN), call number, manufacturers IMEI, IMSI and security keys (Peng 3). Through a series of complex procedures these components are used to provide service to the user and form the basis upon which GSM systems operate.
As earlier mentioned, security is among the top reasons why GSM is currently the most used mode for cellular communication. The security on the GSM system is modeled around the concept of a shared secret that is crucial in forming communication paths between a SIM module and the network. As earlier mentioned on the memory located on the SIM is some information pertaining to security keys (Peng 2). The shared secret key sometimes referred to as Ki. This is a 128 bit key that is used in the generation of a 32 bit response known as SRES. This response is made in response to a Random Challenge known as RAND transmitted by the mobile substation. The mobile substation transmits the RAND request alongside a 64 bit key, Kc, which is used for encryption of the over the air communication channel (Pesonen 5). This forms the basis of authentication between the device and the network in a GSM system.
Authentication
The GSM system relies on specific security algorithms designed by the consortium to authenticate communication sessions between users. As earlier stated in the report the SIM module stores both A3 and A8 security algorithms (Peng 3). The A3 is the algorithm used for authentication in the GSM system. When a mobile device moves in to an area covered by a particular BSS, the BSS sends a random challenge to the device. The device will in response be calculated using the A3 algorithm and the unique key Ki stored on the subscriber SIM module. The device then transmits its response (SRES) back to the Base Station for authentication. The Base Station will make a comparison of this response with a response from the subscribers Home Location Register. This Home Location Register stores vital information such as the SRES of the device to assist it keep track of the device at all times. Through this series of messages the device can authenticate itself to any Base Station and make or receive calls on the network (Pesonen 5).
After authentication the device generates a session key, Kc. To accomplish this, the device utilizes the A8 algorithm, Ki and the challenge from the Base Station. As in the earlier case the Base Station makes a comparison of this data and what is sent by the HLR. Once this has been confirmed the aerial channel of communication between the Base Station and the device is open for use. However, for security purposes data being relayed still needs to be encrypted. Each frame of data transmitted over the aerial channel is encrypted with a different key stream. For this encryption a calculation is performed using the A5 algorithm. This is accomplished by using the A5 algorithm each time with the number of the frame to be transmitted thus generating an alternate key stream for each frame transmitted (Pesonen 5).
Essentially this signifies that an attacker would only be able to decrypt a call when they have the Kc and the frame numbers. This drawback was found to pose a security risk due to the implicit generation of frame numbers and the fact that anyone has access to any frame number on the network. In addition to that, the same Kc is also used throughout unless the Base Station makes a second request to authenticate a device implying the generation of a new Kc. It is reported that in practice the same Kc may be used for days thus suggesting that with adequate know how interception of calls on a GSM network is possible (Pesonen 6).
In practice these drawbacks have led researchers to look into options to improve the architecture of the GSM system to ensure improved performance. In the GSM system in addition to the Home Location Register (HLR) there is also a Visiting Location Register (VLR) that store information on the MS within the network. The amount of communication to enable the authentication procedure be carried out has been seen as a possible reason for bandwidth congestion. In addition to this the cost of storage of redundant information in the VLR is an unnecessary expense on the system. In an effort to curb these drawbacks and improve the performance of the system some researchers have suggested the use of multiple authentications between the device and the Base Station (Chang, Lee and Chang 924). As earlier mentioned the major drawback of the existing authentication procedure lies in the fact authentication is optional and often may not be repeated. Thus, making the encryption key easily accessible and enables the interception of information over the channel. The section on encryption algorithms will provide more detail on available options.
Signaling and Data Confidentiality
When using a GSM network a device is required to authenticate itself when one of the following events takes places; subscriber applies for change of subscriber related information such as temporary identification information; subscriber access a service such as placing a call; subscriber accesses the network for the first time after restarting Base Station; encryption key sequence numbers mismatch as in the case of authentication. In any of these instances a signaling process between the device and Base Station is initiated to identify the device (Peng 8).
When a subscriber joins a network, the network assigns a unique subscriber identification key, Ki. This key is assigned to provide anonymity because the International Mobile Subscriber Identity or IMSI is unsafe to use over a public communication channel. The IMSI is an international access number for the device and if used publicly on a network access to it can hinder efforts to provide privacy in relation to data transmission. It is for this reason that this number needs to be kept secret when transmitting signals across the network. The network stores this information in the Authentication Center or AuC while the device stores this data on the SIM module memory.
With this information stored at both ends of the network data confidentiality can be achieved. Upon change of location the device receives a challenge from the VLR which it responds to via SRES. This response is calculated and can be compared for accuracy with results obtained from the HLR. Authentication is only successful when both keys match thus making it difficult to violate data integrity as the correct Ki is stored on the SIM module. In addition to that each execution of the A3 algorithm must be performed on a new randomly generated challenge (Peng 8).
In addition to authentication procedures data such as IMSI must be protected even after connection has been established. It is for this reason that the GSM system utilizes encryption for signaling and voice data. For the encryption of signaling and voice data the GSM system uses the A5 algorithm. This encryption is performed using a unique key Kc in conjunction with the A5 algorithm. This Key Kc is generated using the A8 algorithm at both ends thus the name symmetric ciphering is used in this process. The values of this key Kc are also stored in the AuC and HLR until it is updated during the next authentication. To successfully complete this operation the process of ciphering at one end and deciphering at the other must be synchronized (Peng 10). In GPRS this security feature is also necessary but is implemented between the device and Base Station. For GPRS an alternative algorithm used known as GPRS A5. The GPRS Kc is also handled by the SGSN as opposed to the Base Station or Mobile Services Switching Center (MSC) (Bettstetter, Vogel and Eberspacher 3).
Subscriber Identity Confidentiality
This is carried out with the purpose of preventing intrusion or eaves dropping on the network. This involves the protection of the subscriber IMSI (International Mobile Subscriber Identity) data and essential elements of signal information e.g. security keys. This suggests a screened method of identification be used in identifying the mobile subscribers (Peng 6). For the above reason all transmission of identification information is encrypted.
For this the system utilizes a Temporary Mobile Subscriber Identity or TMSI is used for identification. This is a local number which maintains validity only within a given area. For greater clarity this unique TMSI must be transmitted together with the current Location Area ID or LAI. As earlier mentioned the OMSS is an essential network component and its function is management of databases such as the VLR and HLR that store vital data about the devices. An example of the data stored on these databases is the relationship between the TMSI and IMSI (Peng 6). When the TMSI is received and the LAI that does not correspond, the IMSI must be retrieved from the VLR to which the LAI belongs. Otherwise the IMSI is requested from the device thus making it difficult to impersonate a device on the network.
In addition to these measures it is required that with each authentication procedure in a new area, another TMSI is allocated. This process helps to mask the identity of the subscribers IMSI as they move to different locations. The allocation of the new TMSI is implicit in that upon relocation of the device from one Base Station to the next. Upon allocation of a new TMSI the Base Station makes a transmission of the new number in an encrypted form. The information pertaining t the current device TMSI is stored in the non volatile memory together with data about the LAI so that so as to maintain it even if the device is switched off (Peng 6).
GPRS
Due to the increase in users of both the internet and mobile networks a new opportunity has been observed in the provision of wireless data services. This increase in demand led the GSM consortium to develop viable alternatives such as the General Packet Radio Service or GPRS to ease access to non wired based packet networks (Bettstetter, Vogel and Eberspacher 2). The GPRS system utilizes packet radio principles in operation which allows for much greater efficiency in terms of data transfer both on the GSM network and external networks.
The innovation has allowed data transmission from networks based on the internet protocol (IP) to GPRS mobile stations. Through this innovation it is possible to perform packet based activities prior to only accessible via IP e.g. video streaming. This has brought with many advantages such as improved billing in comparison to circuit switched networks. The process of calculating cost of service on circuit switched networks primarily considers the duration spent on a connection disregarding idle time and wait periods. However n a packet based network billing can be done by assessing the amount of data transferred thus avoiding unnecessary costs and improving overall efficiency for users. This allows the user to save by avoiding payments for connection time that may have been used unproductively waiting or doing other tasks. GPRS has been found to improve the use of radio resources, provide shorter access time and reduce complexity in handling packet data (Bettstetter, Vogel and Eberspacher 3).
GSM and M commerce
As mentioned earlier in the report the introduction of GSM solved problems that were inherent in analog communication systems. Among these problems was the ease of eavesdropping in an analog system. However, due to improvements in security and advances in mobile networks a new form of commerce known as m-commerce is beginning to take root. In this mode of e commerce mobile devices such as mobile phones, PDA’s, palm top pc, etc. are used to perform transactions (Schiwderski-Grosche and Knospe 228).
In the conventional analog systems it was possible to provide data services over the circuit switched network but at a relatively low speed. The GSM network has extended the number of services available thus making it possible for business to be conducted on the network via devices. Among the services included are SMS, WAP, HSCSD (provides high data rate by channel bundling) and GPRS (enables packet transfer on a GSM network) (Bettstetter, Vogel and Eberspacher 2).
As is the case in e commerce much of the business is accomplished on the internet. The main difference is that the bulk of transactions originate from mobile devices to enable the users pay for essential services or goods. Such interactions between the devices and the websites or servers have a promising future given the increased security on GSM networks (Schiwderski-Grosche and Knospe 230). The initiatives often come with interfaces that allow the subscriber means to track the date of transaction, amounts paid, provide some form of proof of completion and maintain anonymity of the subscriber data when being relayed over the network (Schwiderski and Knospe 230). Anonymity is required because these transactions have a lot in common with conventional transactions that involve the transfer of sensitive financial data such as PIN and Account numbers. It has been suggested that the future for such business is bright in light of new security and data capabilities of GSM architecture (Schiwderski-Grosche and Knospe 230).
GSM Analysis: Drawbacks and Solutions
The biggest flaw in the GSM system lies in the authentication procedure. Though the device is required to identify itself to the network, the network is not required to provide any identification information to the device. Based on this therefore, it becomes possible to impersonate a Base Station (Quirke 13). The false station can request authentication information and ignore the response to capitalize on the now open channel. In addition to this the attacker can then set parameters that will cause unsuspecting users to camp on the network.
Another vulnerability of the GSM system is observed in attempts to obscure the subscriber identity. As mentioned in the report the subscriber identity is shielded using a temporary identity number. When the network is unable to verify this number the device is requested to reproduce the number. In such instances the encryption is disabled since the device has not yet been identified and is transmitted as plain text (Quirke 14). Again using the ability to impersonate a Base Station the user information can easily be compromised by requesting this temporary identification upon which the device is forced to send its IMSI (Quirke 14).
Another drawback of the GSM system lies in the flaws in the A5 algorithms. It has been demonstrated that using a high powered computer and large pre computed tables the A5 algorithm can easily be broken (Quirke 18). This presents a serious challenge given that these algorithms are used to encrypt data being transmitted. This is an issue because if the channel can be compromised as indicated in the previous paragraph the only security remains is data encryption. However, this information reveals that even the encrypted data can be deciphered once the A5 algorithm is broken.
Fortunately the GSM specifications are not static and numerous adjustments have been made to accommodate the ever changing requirements. Revision of the standards has seen several new technologies designed for the GSM system such as EDGE, GPRS 1800, HSCSD and GPRS. The most recent of the efforts has seen the introduction of the 3rd generation or 3G technologies such UMTS. Much has been done to overcome the flaws of earlier versions especially in the new UMTS standard (Quirke 18).
In keeping with the demands for improved security implementations newer versions of the A3 and A8 algorithms have been introduced such as COMP 128-2 and COMP 128-3. A3 and A8 are used for authentication and for setting up a communication channel respectively. As earlier pointed out use of a single authentication key Kc for long periods posed a security threat to the subscriber. The newer versions have so far been reported to be performing well despite the fact that the consortium has still kept them a secret (Quirke 18). Though it has been reported COMP 128-2 still has the 10 bit weakening of the Kc cipher. COMP128-3 on the other hand still applies the same algorithm but has increased the bit length of the cipher to 64 bits (Quirke 18).
Reports indicate that COMP 128-2 and COMP 128-3 have successfully stopped the practice of SIM cloning and have made extraction the Ki from the aerial communication channel unfeasible. For use with UMTS technology 3GPP has developed another new encryption algorithm that promises even greater security (Quirke 19). By 2004 GSM systems supported 7 different algorithms for creation of the A5 cipher. The introduction of UMTS technology within the GSM system architecture has seen the inclusion of improved algorithms such as the new A5/3 algorithm based on the Kasumi core. It is hoped that as the 3G technology begins to spread more handsets will be developed that support this algorithm. In addition to this a similar GPRS algorithm known as GEA3 was also introduced (Quirke 19).
An additional security feature in UMTS technology that makes it very secure is the need for the network to authenticate itself to the device. In prior GSM systems there was no need for this hence an attacker could impersonate the BSS and send a signal to the device to extract its data. To overcome the problem of false Base Stations, UMTS technology requires the Base Station to provide authentication information via an Authentication Token (AUTN) along with the RAND challenge. When the device receives the RAND it first confirms whether the token matches and if not it terminates the connection (Quirke 20). This improved 2 way authentication procedure has provided much additional security to the UMTS technology and subscribers.
Conclusion
In this report some brief information about the GSM technology for telecommunication has been discussed. In an overview of the system it has been observed that the system is very widely used. The standard has spread all over the world and is currently applied in almost all regions across the globe. With the increased use developments have seen the system improve the delivery of services to subscribers. It is reported that the current system supports a wide variety of data services prior to inaccessible via a mobile device.
The increased data services and use has also led to increased security concerns. This arises owing to the fact that more sensitive data is being transmitted over these networks on a daily basis. In addition to that, entrepreneurs have seized the opportunity and started to use the channel for business. The future for business within the mobile sector is bright and poor security would seriously hamper progress in this direction. Though initial standards were characterized by flaws that allowed the interception of data, improvements have been made that have once again put the system on top in mobile communication. The current status of the GSM systems, if sustained suggests that this technology is likely to remain dominant in mobile communication for years to come.
References
Bettstetter, Christian, Hans-Jorg Vogel and Jorg Eberspacher. “GSM Phase 2+ General packet Radio Service GPRS: Architecture, Protocols and Air Interface.” IEEE Communications Surveys 2, (1999): 2-14. Print.
Chang, Chin-Chen, Jung-San Lee and Ya-Fen, Chang. “Efficient Authentication protocols of GSM.” Computer Communications, 28 (2005): 921-928. Print.
Peng, Chengyuan. GSM and GPRS Security. Presentation, Seminar on Network Security. Telecommunications Software and Multimedia Laboratory, Helsinki University of Technology. 2000:1-12. Print.
Pesonen, Lauri. GSM Interception. Lecture Notes, Department of Computer Science and Engineering, Helsinki University of Technology 1999:1-16. Print.
Quirke, Jeremy. “Security in the GSM System.” Ausmobile (2004): 1-26. Print.
Schiwderski-Grosche, S and Knospe, H. “Secure Mobile Commerce.” Electronics & Communication Engineering Journal (2002): 228-238. Print.