You are on page 1of 5


An Approach for Implementing Security between Base Stations in Cellular Communication System
Nusrat Sharmin and Farhana Haider
Abstract—According to Cellular Communication System cellular wireless networks are more vulnerable to unauthorized access and eavesdropping. The existing security algorithms ensure the security of voice signals between the mobile station and base station and authentication of users while the transmission of the voice signals in between base stations are not secured that means the traffic is transitted in plain text after base stations. This paper concentrates on the secured transmission of voice signals in cellular communication system. Vulnerabilities of the current GSM architecture are ensured and proposed a security mechanism using private and public key cryptography. A comparative analysis is given at the end of the paper by considering factors like cost, efficiency and performance in comparison with the existing security techniques Index Terms—BTS, GSM, MS, RSA, Symmetric Key Cryptography.

—————————— u ——————————



ellular communication is one of the most important feature of digital communication system. The special requirement of communication system is Security. GSM network was designed to be a secure mobile phone system with strong subscriber’s authentication and overthe – air transmission encryption [1]. From mobile station to base station that means the air part of a GSM communication is encrypted. The signal is decrypted at the base station and then transmitted in clear text across the network [1], [2], [3], [4]. That means the intruder will be able to listen to voice signals if they can access the operator’s signaling network by using required powerful equipments [1]. Especially over the fixed network the security of GSM is not guaranteed [4]. Since, the voice signals are not encrypted when they are transmitted between BTSs. The proposed system encrypts voice signals to ensure the security between base stations. Crptography means the technique, method and science of keeping message secure. A cryptography Algorithm, also called a cipher, is the mathematical function used for encryption and decryption. The proposed system is based on two types of cryptography techniques that include: Symmetric Cryptography and Public Key Cryptography. Both techniques are ensures the encryption and decryption of voice signals for base stations. The main purpose for security in cellular communication systems are to secure conversations and signaling data from interception more specifically to prevent fraud. It is a relatively simple matter for the intruder to intercept cellular telephone conversations by using police scanner in the older analog-based cellular telephone systems such as the Advanced Mobile Phone (AMPS) and Total Access Communication System (TACS) [6]. Accessing signaling network is another technique of signal interception. No decryption skills are required to access the signaling network, since signal transmitted

between base stations are not encrypted. By using necessary equipments intruders only captures microwave links. Man-in-the-Middle attack is a most popular threat for network architecture which uses rouge BTS in conjunction with modified MS to eavesdrop, modify, delete, re-order, replay and spoof signaling and user data messages exchanged between the two parties [2]. To ensure the security of voice signals which is transmitted in plain text in operator’s network, strong encryption procedure is required. If the traffic on the operators back bone is encrypted, the network will be more secured to avoid signal interception. A stepwise procedure of developmet activities are used in this research of achieving the security of transmission between the base stations.

The fixed area network which is also known as core network of the traditional GSM architecture is not secured, this means the traffic is transmitted in plain text within the network [3]. So the intruder will be able to listen to everything that is transmitted including the actual phone call as well as the RAND, SRES and Kc if he can access the operator’s signaling network with appropriate equipment [1]. According to the previous researches voice signals are transmitted across the fixed area networks in clear, in the form of PCM or ADPCM speech which ensures the possibility of unauthorized access to GSM-to-GSM or GSM-toPSTN conversations that ensures End-to-End security for the GSM network, the resultant is, there are no securities for the speech over the core network. Speech must be encrypted before it enters the GSM network for ensuring an end-to-end security. But in case of randomizing the encryption process and the speech signal is encrypted be-


fore it comes to the encoding block then it will not perform in speech-like characterstics on which the GSM speech transcoding principles are based. Therefore the GSM handset would result in a significantly distorted received signal because of directly transmitting an encrypted speech signal which is unsuitable for the decryption process [4]. S. Islam and F. Ajmal have proposed a very practical and highly attractive solution about the security of the GSM system. GSM speech service is secured up to the core network. To achieve the encryption on the speech channel in GSM architecture is must based on GSM subscribers, not the network operator. Only the path between the mobile terminal and the base station known as radio link is encrypted whereas the fixed area network transmits data in clear-text. For ensuring end-to-end security the radio link confidentiality in GSM is not sufficient. It is strongly need to secure the communication for confidentiality of the traffic. An embedded hardware system (i.e TMS320C6713 DSK) along with a simulation code developed in CCS (Code Composerr Studio 3.1) to encrypt the speech signals is used for the proposed system that encrypts the speech before entering the GSM handset which ensures security and privacy [5]. A famous Cryptographic Algorithm that is A5 Algorithm which is known as also Stream Cipher algorithm is used in current architecture of cellular communication system. For voice ciphering in the radio access network it is used in GSM architecture. The existing versions of A5 algorithms are known as A5/0, A5/1, A5/2, A5/3 [1]. By using cryptography the proposed approach is developed for transmission of voice signals between base stations which ensures better security and confidentialty.

Voice Signals

Capturing voice signals as plain text

Encrypt the plain text

Transmit the Encrypted signal between BTSs

Decrypt the transmitted Encrypted Signals

Plain Text

Fig. 1. Work Flow of the System.

Generally methodology is guideline for solving a problem, with specific components such as phases, tasks, methods, techniques, and tools which can be defined simply a method of doing something. Basically Cryptography Algorithms are used for establishing Methodology. As the core network of GSM architecture is vulnerable that means the transmission of voice signals after BTS is not secure. So the voice signals are transmitted in plain text between BTSs which are the component of GSM network architecture. By using the combination of Symmetric and Asymmetric Cryptography a security mechanism is proposed for ensuring the better security of the voice signal According to the proposed security method Fig. 1 contains a simple model. The model represents how the system works for ensuring the security of voice signals between two base stations in GSM network architecture. The flow represents the receiving of voice signals as plain text, encryption of the plain text, transmitting of the encrypted signal and then decryption of the encrypted signals. By considering the cost ans many other advantages and disadvantages the transcoder unit in BTS, BSC or MSC that includes in the architecture of GSM which is based on the operator’s demand of the Cellular Communication. In case of securing the transmission of voice signals between BTSs requires buffering the signals in BTSs [6]. Transcoders are used in the BTSs and transcoder have a special characterstic for buffering the 8-bit PCM signals. Though the intelligence behind the BTS is control by Base Station Controller (BSC) and the equipment used in the BTS, so all the functionality of the BTS and reloading system of the software are controlled by BSC [6]. By implementing two security techniques and also using the buffering process as well as the funcltionality of transcoder the security mechanism is prescribed. The two techniques are: Symmetric Key Cryptography and RSA algorithm known as Public Key Cryptography. The proposed mechanism works as follows: 1. Encryption of the plain text is done by generating secret key. 2. Public key cryptography is used for the encryption of selected secret key. 3. Then both the plain text and the secret key can be transmitted securely. By using private key the secret key is decrypted. The sending BTS which is


process is known as digital envelop. The sending BTS which is consider as the first BTS is done the encryption of text that receives the voice signals generated by the caller Mobile Station (MS). The signal remains encrypted throughout the core network and the plain text decrypts by the receiving BTS that is the last BTS to send it to the receiver MS in typical manner.

22. If M == K then, D = T M. 23. Take the reverse from of D to get the actual plain text. Decision Module 2 1. 2. Take the encrypted signal T as input from the BTS. Check for receiving BTS; if yes performs decryption. Signal Decrypted.

There are three modules in the proposed technique. The first one is Decision Module 1 and the second one is Decision Module 2. These are designed to be used at the BTS ends to decide whether to encrypt, decrypt or keep the voice data received as it is. The other module is the Security Algorithm which is the mechanism to encrypt and decrypt converted plain text from voice signal. Decision Module 1 1. 2. 3. Take the voice signal P as input fro the MS. Check for sending BTS; if yes performs encrypttion. Signal Encrypted.


Input No Check whether that is sending BTS or not Yes

Fig. 2. Decision Module for Encryption in BTS.

The Security Algorithm 1. Generate a seceret key for symmetric cryptography by using K = (n2*n3) + n4/n1 where n1, n2, n3 & n4 are four randomly chosen numbers. 2. Input a plain text P that is a combination of ‘01’. 3. Take the reverse form of P. 4. T = P' K. 5. Take the key K. 6. Select p, q where p and q are both prime, p ≠ q. 7. Calculate n = p*q. 8. Calculate (n) = (p-1)(q-1). 9. Select an integer e when gcd ( (n, e)) = 1; 1< e < (n). 10. Calculate d when d e -1 (mod (n)). 11. Finally Public Key PU = {e, n} and 12. Private Key PR = {d, n}. 13. Create the binary representation of e. 14. Set the variable C to 1. 15. Repeat steps 15a and 15b for i = k, k-1, …, 1, 0: 15a. Set C to the remainder of C2 when devided by n. 15b. If ei = 1, then set C to the remainder of C * K when devided by n. 16. Halt. Now C is the encrypted form of K. 17. If the BTS is the receiver and, decrypt it using the following steps: 18. Create the binary representation of d. 19. Set the variable M to 1. 20. Repeat steps 20a and 20b for i = k, k-1, …., 1, 0: 20a. Set M to the remainder of M2 when deivided by n. 20b. If di = 1, then set M to the remainder of C * M when divided by n. 21. Halt. Now M is the decrypted form of C.
Plain Text

Generate the Secret Key, K

Plain Text, M

Secret Key, K

Cipher Text, T

Generate two prime numbers p, q so that, n=p*q, Φ (n)=(p-1)(q-1)

Generate 'e' so that gcd(Φ( n), e)=1; 1< e < Φ (n) and

d ≡ e−1 mod(Φ(n))
PU = {e, n} PR = {d, n}

Cipher Text, T Secret Key, K

Pick K and match with the previous secret key, K

Encryption , C = Ke mod n Decryption, K = Cd mod n

Fig. 3. Proposed Algorithm


Input No Check whether that is receiving BTS or not Yes
By considering some common factors a comparative study is given which representing the performance analysis between the three approaches namely The Proposed Approach, The Traditional Approach and The Approach by Saad & Fatima [5]. P1, P2 and P3 will use to address the three approaches respectively. Some specific factors considered are: Processing Steps, Equipment Used (E), Cost (C), Speed (S) & Security and Accuracy of data(S & A). A range of weights are assigned for step 2 to step 5. Comparisons among the mentioned works are shown logically by considering the weights for every step. On the basis of unique grade 10 weights are assigned. It contains greater than or equal to 80% score when P1 is better than P2 and it contains less if it is not better than 80% score. The results of the factors measured out of 10 as Table 3 according to the points. In case of equipment used that means an extra device is used by P3 and it may change the normal architecture because of using an extra hardware and also increase the costs which has ultimately a bad effect. So it is assigned a negative weight of 6 points and it scores 10% because of using extra device. An algorithm is used by P2 in MS but no extra device is needed. Therefore 0 point is assigned for it and scores 80%. Besides, P1 is software based mechanism and does not require any extra device. Hence it is easily adaptable resulting 0 point and 80% score by architecture By using the similar procedure described earlier other weights of the factors are assigned. TABLE 3 POINTS FOR COMPARING FACTORS

Fig. 4. Decision Module for Decryption in BTS.

Our main concern is to secure the data that transmitted at the communication path where no such attempt is kept traditionally, only the security mechanism used at the MS and the BTS sending or receiving the data to or from the MS. Impersonation of the network and Man – In – The – Middle - Attack are the major threats for this unsecured path namely the core network in traditional GSM networks security. These threats are done with the use of a fake BTS and MS. The techniques enables sending fake data and signal to the user which ensures the user that the data or signals are from a genuine network and thus interception of the signal and data is possible [3]. The given methodology relates to the encrypted signal throughout the network consisting of BTSs. So attacks like this cannot reach the targeted aim. Some test data are given below in the Table 1 & Table 2 which gives an idea how the security mechanisms work. TABLE 1 TEST DATA
Plain Text Key Encrypted Signal Decrypted Signal

Factors(out of 10) E C S S&A
8 7 6 5 4 3 2 1 0

P3 6 8 5 4

P2 0 2 8 2

P1 0 4 3 8

[1 1 0 0 1 0 1 0 1 1 0 0 1 1 [1 0 1 0 1 0 1 0 1 0 1 0 1 1 [1 1 0 0 1 0 1 0 1 1 0 0 1 1 [0 1 1 1 1 1 1 0 1 1] 0 0 1 0 1 0 0 0 1 0 1 0 1 1] 0 0 1 1 0 1 0 1 0 1 1 0 0] 0 0 1 0 1 0 0 0 1 0 1 0 1 1]

[1 1 1 1 0 1 0 1] [1 1 0 1 0 0 0 0]

[1 0 1 1 1 1 0 1 1 1] [1 1 1 1 1 1 1 1 1 0]

[0 0 0 1 0 0 1 0] [1 1 1 1 0 1 0 0]

[1 1 1 1 0 1 0 1] [1 1 0 1 0 0 0 0]

P3 P2 P1





S  &  A

Secret Key 507 759 1022

Encrypted Key 63344721 494758528 453952718

Decrypted Key 507 759 1022

Fig. 5. View 1 of Comparative Analysis Factors on the Techniques observed


Table 4 is shown the comparison in performance in percentage TABLE 4 PERFORMANCE OF DIFFERENT RESEARCHES

To analysis about the GSM security structure, flaws in its network architecture and to propose a new encryption algorithm for security of base stations which secure the voice signal from BTS to BTS is the main purpose of the research paper. The proposed system scores 80% for the average performance. It is projected 7.875 in the range of 10 units for average performance, which shows better analytical result over the existing research works studied. We are working later to shorten the time delay which is currently a bit larger than the traditional system and ensure more strong authentication which involved additional functionaltiy for security.

Factors(out of 10) E C S S&A
10 8 6 4 2 0 E C

P3 10% 50% 75% 40%

P2 80% 90% 80% 30%

P1 80% 85% 70% 80%

P3 P2 P1
[2] [1] Wamil, T. Magdalene and Mu’azu, B. Muhammad, “GSM NETWORKS: A Review of Security Threats and Mitigation Measures”, The Information Manager, Vol. 6, pp. 1-2, 2006. “Interception GSM Traffic”, http://www.blackhat.compresentationbh-dc-08SteveDHultonWhitepaperbh-dc-08-steve-dhulton-WP.pdf, February, 2008. A. D. Mohammed et al., “Threats to Mobile Phone User’s Privacy”, Memorial University of Newfoundland, Canada, March 2009 N. Katugampala, S. Villette, and A. M. Kondoz,”Secure voice over GSM and other low bit rate system”, ubsiee03.pdf, October 2011. I. Saad and A. Fatema, “Developing and Implementing Encryption Algorithm for Addressing GSM Security Issues”, Electro/Information Technology, 2009. Eit ‘ 09. IEEE Iternational Conference, 2009. E. Jorg et al., GSM – Architecture, Protocols and Services, 3rd Edition, John Wiley & Sons LTD, 2009. N. Sharmin, F. Haider, “Security between Base Stations in Cellular Communication System”, International Conference on Inforamations, Electronics & Visions, 2012, doi : 10.1109/ICIEV.2012.6317512. (IEEE Conference)


S  &  A


Fig. 6. View 2 of Comparative Analysis Factors on the Techniques observed


The weight for Equipment (E), Cost (C), Speed (S), Security & Accuracy (S & A) are shown in Fig. 6. It is clearly shown on the projected graph on the fact that the traditional approach performs fair in all aspects while its performance degrades in case of Security and Accuracy. Again performance fall is observed in Equipment used and Cost in case of P3 which ensures slightly better security. On the other hand, our proposed approach ensures the highest security and accuracy among all the three techniques abserved but performs almost similar as P2 for the first two factors. Finally an overall comparative performance presented in Table 5 and also Fig. 7 shows the best result for the proposed method. TABLE 5 AVERAGE PERFORMANCE


[6] [7]

Name(out of 10) Performance
10 8 6 4 2 0 P3 P2

P3 4.375

P2 7

P1 7.875

Nusrat Sharmin graduated from Inertnational Islamic University Chittagong in B. Sc in Computer Science & Engineering. Currently working as an Oracle developer in a renowned company namely New Technology Systems and also researching on Security mechast st nisms of Cellular Communication System. 1 paper published in 1 IEEE/OSA/IAPR conference ICIEV’2012. DOI: 10.1109/ICIEV.2012.6317512 Farhana Haider compeleted post graduation from University of Dhaka in Iformation System and completed graduation from International Islamic University Chittagong in B. Sc in Computer Science & Engineering. Currently servicing as an Assistant Professor in International Islamic University Chittagong under the Department of Computer Science & Engineering.



Fig. 7. Overall Performance