GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS & SECURITY full report
Active In SP
Joined: Apr 2010
04-06-2010, 05:01 PM
GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS
SARATH CHOWDARY P.
SURYA TEJA P.
ELECTRONICS & COMMUNICATION
ELURU, ANDHRA PRADESH.
In the past decade mobile communications has become one of the driving forces of the digital revolution. Everyday, millions of people are making phone calls by pressing a few buttons. Little is known about how one personâ„¢s voice reaches the other personâ„¢s phone that is thousands of miles away. Even less is known about the security measures and protection behind the system. The complexity of the cell phone is increasing as people begin sending text messages and digital pictures to their friends and family. The cell phone is slowly turning into a handheld computer. All the features and advancements in cell phone technology requires a backbone to support it. The system has to provide security and the capability for growth to accommodate future enhancements. General System for Mobile Communications, GSM, is one of the many solutions out there. GSM has been dubbed the Wireless Revolution and it doesnâ„¢t take much to realize why. GSM provides a secure and confidential method of communication.
General System for Mobile Communications, GSM, is an advanced mobile phone system used around the world. GSM has many benefits over its predecessors in terms of security, capacity, clarity, and area coverage. GSM aims to provide a secure connection for communication. Since its advent in the early 1980â„¢s it has grown into a family of services to provide everything from mobile voice to mobile data communication . The best way to appreciate security is by looking at how chaotic and dangerous a mobile communications system would be without security. At any given moment, any body could eavesdrop into your conversation. Your bank account information, daily schedule, and any other information you may disclose on the phone would be at risk. Besides listening in, at any given moment, a hacker could impersonate your user information to make calls that would later amount to thousands of dollars in service charges. The list goes on and on. GSM was designed to address security problems like those listed above.
GSM was originally developed in Europe as a replacement for their existing pan- European Cellular phone system. A committee was formed in 1982 to develop a roaming network that provides capacity and privacy By 1987, eighteen nations made commitments to implement cellular networks based on GSM. Four years later, commercial networks were in place. GSM is now made up of over 745.5 million subscribers in 184 countries . The GSM family is now composed of EDGE, 3GSM, and GPSR .
The GSM infrastructure is composed of a mobile station, a base transceiver
station, and a mobile switching center. Each piece is vital to the whole data exchange
Figure 1 Components of GSM
Mobile Station: GSM was designed to grow and meet the needs of new technologies. GSM is currently composed of EDGE, 3GSM, and GPSR. Each member of the family is designed to solve a particular need. EDGE is an upper level component used for advanced mobile services such as downloading music clips, video clips, and multimedia messages. GPSR is designed for always-on systems that are needed for web-browsing. 3GSM is the GSM running on third generation standards for multimedia services . In addition to growing, GSM was designed with security in mind. Older cellular systems were analog based and therefore very susceptible to security attacks. It was common for attackers to eavesdrop and intercept peopleâ„¢s conversations and data. Even worse yet, attackers were capable of stealing customer IDs to make fraudulent calls. Eavesdropping allowed attackers to listen in on a private conversation. One specific case involved the British Royal family and Princess Di, where an attacker was able to intercept a line of communication and release the conversation to the media . GSM also beats out its competition by providing authentication, secure data transfer, and subscriber data transfer.
In the broadest sense, the mobile station is any device capable of containing a subscriber identity module (SIM). The device is usually a cell phone. The cell phone consists of a SIM and an International Mobile Equipment Identity (IMEI). The SIM device stores sensitive information such as personal contacts, the International Mobile Subscriber Identity (IMSI), a personal identification number (PIN), and a secret key, Ki, for authentication . The PIN allows the user to make changes on the SIM device.
Base Transceiver Station:
The base station is responsible for providing the link between the mobile device and the switching center. When a call is initially made, it travels to the switching station via the hundreds of base stations. The stations are responsible for carrying and converting the voice signals .
Mobile Switching Center:
4 The switching center connects phones to phones. The base transceiver stations communicate with the switching station to link mobile devices together. The switching station is the hub of the whole network. The mobile center is responsible for authentication, data switching, location updating, and routing .
The two security goals of GSM are to provide an infrastructure, which protects access to the mobile services, and to prevent any information from being disclosed. In other words, GSM aims to prevent fraudulent phone use and to provide privacy for both parties. The following security measures are done to provide security : Authentication for registered users Secure Data Transfer Subscriber Identity protection Mobile phones are inoperable without SIM chip Duplicate SIMS on network are not permitted Keys are securely stored If all the measures listed above are met, GSM will be able to provide anonymity, authentication, confidentiality, and integrity . GSM divides security on three different levels. Each level provides the mechanism for anonymity, authentication, confidentiality, or integrity. On the lowest level of security, GSM provides authentication and anonymity for the user through the SIM card. The SIM chip serves as the identification of the user. Billing and authentication are verified through the SIM chip. The second layer of security identifies the location of the user and reveals the incoming callers name to the receiver so the receiver can choose whether or not to accept the call. The third layer encrypts any data traveling between the two users.
With the data encrypted and
connection secure, integrity and confidentiality is provided .
A cell phone call placed on a GSM network goes through two steps. Any mobile device must first be authenticated before any data transmission can begin. Following successful authentication, a private key, Kc, is generated for data exchange. Authentication is done through a challenge and response mechanism. The base station initially sends out a random 128-bit number, r, to the mobile device . Using A 3 encryption, with inputs Ki from the SIM and the random number r, a 32-bit encrypted number SRES is generated . The mobile device then sends the SRES generated number back to the network for validation. The network itself knows the mobile deviceâ„¢s Ki and can thus compare the value it generated to the value the mobile device generated. Authentication is successful if both numbers are identical . Figure 2 Initial Authentication Between User & Network If authentication is successful, a connection is made and a new key, Kc, is generated to be shared by the user and network. The key is generated by applying an A8 algorithm on values Ki and the random value r. By doing this, a private key Kc will be generated for later use when transferring information .
Figure 3 A8 Key generation
With a private key Kc generated, information can be exchanged between two parties. GSM voice ciphers by using the A5 algorithm with inputs Kc, which is known by both parties, and the incoming data . At that point data encryption and decryption is completed.
GSM provides many layers of security. A lot of the protection goes on behind the scenes with the user knowing very little about what is safe and what isnâ„¢t safe. Despite the security advancements with GSM, there still exist many security pitfalls. As the GSM family grows more complex, more security issues arise.
Security Issues Solved
SIM chip and PIN
One means of security that GSM provides is achieved through the use of a PIN. The PIN prevents unauthorized users from modifying data on another account. The PIN also prevents fraudulent use of a phone if it is stolen. GSM specifically prevents more than one SIM chip from being on the network at the same time. By doing this, a user who is able to impersonate and clone a SIM chip will still have troubles getting on to the system because the original owner of the SIM may still be on the network .
Security Issue Problems
At the current time, a lot of GSM phones apply a COMP 128 algorithm inside of the A3 and A8 encryption schemes. The COMP 128 algorithm has a weakness which allows an attacker to retrieve the secret key Ki from the mobile deviceâ„¢s SIM chip . This is achieved by sending known data to the mobile device and analyzing the results that are returned from the device. With this knowledge, the attacker can clone the SIM chip for fraudulent use. It is estimated that a hobbyist could purchase the necessary equipment to clone SIM chips for less tan $40,000 .
The COMP 128 algorithm became a public concern after IBM researchers demonstrated that they had discovered away to clone a SIM chip with in a few seconds . Efforts have been made to develop new algorithms to correct this problem.
A5 Implementation and Eavesdropping
The A5 algorithm used to encrypt streaming cipher data is not a universal standard. There are currently three implementations, A0 /0, A5/1, and A5/2. All of them are used throughout the world, varying from region to region. A5/1 is the strongest encryption because it has a time complexity of 2^54. A5/2 has a time complexity of only 2^16. The weaker A5 implementations are susceptible to eavesdropping.
Lack of Testing
The algorithms used for GSM are all hidden from the public At first glance this may seem reasonable but being hidden from the public eye prevents it from being tested by the world. As more and more people begin finding weaknesses about the network and the algorithms, more people will begin hacking the networks. When this does happen it will be difficult to fix the problem when the problem has already spread to million and millions of phones. If the algorithms were open source, then more testing could be done before the phones were all distributed to the public.
Lack of Internal Encryption
GSM solved most of the security issues involved with transmission of data through the radio channel. Currently data is only encrypted between the mobile device and the base stations.
All other communication and signaling on the fixed telecommunications network is done in plain text .
Short Message Service
Short message service (SMS) is a service provided through GSM that allows users to send text messages to other mobile users. Users often overlook the fact that SMS provides no real security . All messages sent via SMS are sent in a predictable, clear text format. The originating address of a SMS message can be forged. This weakness allows anybody the ability to send messages to phones with harmful instructions . People could be instructed to send sensitive information back to the sender. The sender would then be in place to record the information.
GSM packs all the information needed to use in a phone inside a single SIM chip. By doing that, the value of the phone itself has increased. A new phone can be used by replacing the SIM chip. No real measures can be taken against physical phone theft.
Solutions to Current Security Issues
A corrected version of the COMP 128 has been developed, however, the cost to replace all SIM chips and include the new algorithm is too costly to cellular phone companies. The new release of 3GSM will include a stronger version of the COMP 128 algorithm and a new A5 algorithm implementation. The A5/3 is expected to solve current confidentiality and integrity problems . Fixed network transmission could be fixed by simply applying some type of encryption to any data transferred on the fixed network.
GSM has many benefits over current cellular systems. The main problem now involves the COMP 128 algorithm problem. This problem will be solved as newer technology gets phased in. The lack of extra encryption on the telecommunications network doesnâ„¢t pose as a major problem because any data transfer on there will have the same security as the current public switched telephone networks. Despite the current problems more and more cellular companies will switch to GSM based standards. An estimated one billion subscribers are expected by the end of 2003. As GSM slowly moves towards 3GSM, more problems and security issues will be resolved.
Brookson, Charles. GSM (and PCN) Security and Encryption. August 2001.
Dua, Kunal and Jain, Anuj. GSM Technology. February 07, 2003.
GSM Cloning. isaac.cs.berkeley.edu/isaac/gsm.html
Li, Yong, Chen, Yin, and Ma, Tie-Jun. Security in GSM. February 2002.
Lord, Steve. Modern GSM Insecurities. itsecurity.com. February 02,2003.
Lord, Steve. "Bugwatch: GSM security flaws exposed." vnunet.com. May16, 2003.
Make Machines Talk. tdc.co.uk/competition/modules.htm10
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Joined: Apr 2012
07-07-2012, 09:51 AM
to get information about the topic "GLOBAL SYSTEM FOR MOBILE COMMUNICATION" full report ppt and related topic refer the link bellow