Professional Documents
Culture Documents
VITU
Mobile to Network Call Procedure
VITU
GSM Enhancements
Customers Demand:
• High-speed packet switched data.
• Multimedia applications.
• High-speed remote corporate LAN access.
• Web browsing, e-mail, fax, and wireless imaging.
• Video telephony and digital TV reception on mobile
phones.
Solution:
GPRS, EDGE
VITU
Circuit Switching
VITU
Packet Switching
VITU
General Packet Radio Service (GPRS)
• Developed in 1999
• Supports packet switched data.
• Supports data rate up to 115 kbps
• GPRS is based on TDMA.
VITU
GPRS Architecture
VITU
GPRS
VITU
Security Issues in GSM and GPRS
VITU
Security Goals & Concerns
• Operators
Should bill the right person
Should provide systems to avoid fraud
Should protect their services against attacks
• Customers
Should have privacy, nobody should be able to detect their
identification or their location
Communication on the air should be encrypted to avoid
eavesdropping
Should be able to change mobile equipment independently
VITU
Security Mechanisms
The main security measurements of GSM security can be written in 4
principles;
• Authentication of a user; it provides the ability for mobile equipment
to prove that it has access to a particular account with the operator.
• Ciphering of the data and signalling; it requires that all signalling
and user data (such as text messages and speech) are protected
against interception by means of ciphering.
• Confidentiality of a user identity; it provides IMSI’s (International
Mobile Subscriber Identity) security. GSM communication uses IMSI
rarely, it uses TMSI (Temporary Mobile Subscriber Identity) to provide
more secure communication and to avoid disclosing of user’s identity.
This means someone intercepting communications should not be
able to learn if a particular mobile user is in the area.
VITU
Security Mechanisms
A3 and A8 algorithm
A5 algorithm
VITU
Security issues related to SIM card
VITU
Security issues related to SIM card
A3 Algorithm: It provides authentication to the user that it has privilege to
access the system. The network authenticates the subscriber through the use
of a challenge-response method.
1. Firstly, a 128 bit random number (RAND) is transmitted to the mobile
station over the air interface.
2. The RAND is passed to the SIM card, where it is sent through the A3
authentication algorithm together with the Ki.
3. The output of the A3 algorithm, the signed response (SRES) is
transmitted via the air interface from the mobile station back to the
network.
4. On the network, the AuC compares its value of SRES with the value of
SRES it has received from the mobile station. If the two values of SRES
match, authentication is successful and the subscriber joins the network.
The AuC actually doesn’t store a copy of SRES but queries the HLR or the
VLR for it, as needed.
VITU
Security issues related to SIM card
Signed Response
(SRES) is transmitted
via the air interface from
the mobile station back
to the network.
VITU
Security issues related to SIM card
VITU
Security issues related to SIM card
A8 Algorithm: GSM makes use of a ciphering key to protect both user
data and signalling on the vulnerable air interface.
• Once the user is authenticated, the RAND (delivered from the
network) together with the Ki (from the SIM) is sent through the A8
ciphering key generating algorithm, to produce a ciphering key
(Kc).
• The A8 algorithm is stored on the SIM card.
• The Kc created by the A8 algorithm.
VITU
Security issues related to SIM card
VITU
Security issues related to SIM card and MS
A5 Algorithm:
The Kc created by the A8 algorithm, is then used with the A5
ciphering algorithm to encipher or decipher the data. The A5
algorithm is implemented in the hardware of the mobile phone, as it
has to encrypt and decrypt data on the air.
VITU
A5 Algorithm
VITU
A5 Algorithm
VITU
GPRS security
VITU
Weakness in security
VITU
Weakness in GPRS Security
VITU