Index
GSM: Introduction
Security in GSM
Access control and authentication
Authentication
Authentication in GSM
Distribution of Security Features in the GSM Network
Confidentiality (Encryption)
Encryption
Key generation and Encryption
Algorithms used in GSM
Algorithms used in GSM
Conclusion
2. GSM: Introduction
GSM is the most widely used cellular
standard.
Over 600 million users, mostly in
Europe and Asia.
Provides authentication and encryption
capabilities.
Today’s networks are 2G.
Third generation (3G) and future (4G).
3. Security in GSM
GSM offers several security services using
confidential information stored in the AuC
and in the individual SIM.
1- Access control and authentication.
2- Confidentiality (encryption ).
3- Anonymity.
4. Access control and authentication
Authentication is based on the SIM, which
stores the individual authentication key Ki, the user
identification IMSI,
Access control AC generates a random number
RAND as challenge , and the SIM within the MS
answers with SRES (signed response) as
response.
The AuC performs the basic generation of
random values RAND, signed responses SRES,
and cipher keys Kc for each IMSI, and then
forwards this information to the HLR. The current
VLR requests the appropriate values for RAND,
SRES, and Kc from the HLR.
5. Authentication
For authentication, the VLR sends the
random value RAND to the SIM.
The MS sends back the SRES
generated by the SIM; the VLR can
now compare both values. If they are
the same, the VLR accepts the
subscriber, otherwise the subscriber
is rejected.
8. Confidentiality (Encryption)
To ensure privacy.
All user-related data is encrypted. After
authentication, BTS (base transceiver station) and
MS apply encryption to voice, data, and signaling by
applying the cipher key Kc .
Kc is generated using the individual key Ki and a
random value by applying the algorithm A8.
This confidentiality exists only between MS and BTS,
but it does not exist end-to-end or within the whole
fixed GSM/telephone network.
9. Encryption
Note that the SIM in the MS and the network both
calculate the same Kc based on the random value
RAND. The key Kc itself is not transmitted over the
air interface.
MS and BTS can now encrypt and decrypt data using
the algorithm A5 and the cipher key Kc.
As Figure 4.15 shows, Kc should be a 64 bit key – which is
not very strong, but is at least a good protection against
simple eavesdropping. However, the publication of A3 and
A8 on the internet showed that in certain implementations
10 of the 64 bits are always set to 0, so that the real length
of the key is thus only 54 consequently, the encryption is
much weaker.
11. Algorithms used in GSM
Three algorithms have been specified to
provide security services in GSM.
A3 is used for authentication,
A5 for encryption, and.
A8 for the generation of a
cipher key.
12. Algorithms used in GSM
The Algorithms Are Not Very Strong.
Algorithms A3 And A8 Are Located
On The Sim And In The Auc .
Only A5 Which Is Implemented In
The Devices Has To Be Identical For
All Providers.
13. Conclusion
The security mechanisms specified in the
GSM standard make it the most secure
cellular telecommunications system
available.
Types of attacks over the networks lead
the telecommunications companies to
provide different security mechanisms.
The use of authentication, encryption, and
temporary identification numbers ensures
the privacy and anonymity of the system's
users,