2. The motivations for security in cellular
telecommunications systems are :
To secure conversations
Signaling data from interception
To prevent cellular telephone fraud.
The security and authentication mechanisms
incorporated in GSM make it the most secure mobile
communication standard currently available,
particularly in comparison to the analog systems.
To intercept and reconstruct this signal would require
more highly specialized and expensive equipment to
perform the reception, synchronization, and decoding
of the signal.
3. GSM (group special mobile or general system for
mobile communications) is the Pan-European
standard for digital cellular communications.
The Group Special Mobile was established in 1982
within the European Conference of Post and
Telecommunication Administrations (CEPT).
In 1991 the first GSM based networks commenced
operations.
GSM provides enhanced features over older
analog-based systems, which are summarized
below:
4. Total Mobility: The subscriber has the
advantage of a Pan-European system allowing
him to communicate from everywhere and to
be called in any area served by a GSM cellular
network using the same assigned telephone
number, even outside his home location. The
calling party does not need to be informed
about the called person's location because the
GSM networks are responsible for the location
tasks. This mobility feature is preferred by
many business people who constantly need to
be in touch with their headquarters.
5. High Capacity and Optimal Spectrum Allocation:
The former analog-based cellular networks had to
combat capacity problems, particularly in
metropolitan areas. Through a more efficient
utilization of the assigned frequency bandwidth
and smaller cell sizes, the GSM System is capable
of serving a greater number of subscribers. The
optimal use of the available spectrum is achieved
through the application Frequency Division
Multiple Access (FDMA),Time Division Multiple
Access (TDMA), efficient half-rate and full-rate
speech coding, and the Gaussian Minimum Shift
Keying (GMSK) modulation scheme.
6. Security: The security methods standardized for
the GSM System make it the most secure cellular
telecommunications standard currently available.
Although the confidentiality of a call and
anonymity of the GSM subscriber is only
guaranteed on the radio channel, this is a major
step in achieving end-to- end security. The
subscriber’s anonymity is ensured through the use
of temporary identification numbers. The
confidentiality of the communication itself on the
radio link is performed by the application of
encryption algorithms and frequency hopping
which could only be realized using digital systems
and signaling.
7. Services: The list of services available to GSM
subscribers typically includes the following:
• Voice communication
• Voice mail
• Short message transmission
• Data transmission
• Supplemental services such as call forwarding.
8. GSM Network consists of:
The Mobile Station(MS)
The Base Station Subsystem (BSS)
The Network Switching Subsystem (NSS)
The Operation and Maintenance Centre(OMC)
9. Mobile Stations Base Station Network Subscriber and terminal
Subsystem Management equipment databases
OMC
BTS
Exchange
System
VLR
BTS BSC MSC
HLR AUC
BTS EIR
9
10. The security mechanisms of GSM are
implemented in three different system
elements:
The Subscriber Identity Module (SIM)
The GSM handset
The GSM network.
11. SIM: The SIM contains the IMSI, the individual
subscriber authentication key (Ki), the
ciphering key generating algorithm (A8), the
authentication algorithm (A3), as well as a
Personal Identification Number(PIN).
GSM handset: The GSM handset contains the
ciphering algorithm (A5).
The GSM network: The encryption algorithms
(A3,A5, A8) are present in the GSM network
12. Mobile Station Radio Link GSM Operator
Challenge RAND
SIM
Ki Ki
A3 A3
Signed response (SRES)
SRES SRES
A8 Authentication: are SRES A8
values equal?
Fn Kc Kc Fn
mi Encrypted Data mi
A5 A5
12
13. GSM networks utilize encryption for three
purposes:
Authentication
Encryption
Key generation
14. The GSM network authenticates the identity of the subscriber
through the use of a challenge-response mechanism. A 128-bit
random number (RAND) is sent to the MS. The MS computes the
32-bit signed response (SRES) based on the encryption of the
random number (RAND) with the authentication algorithm (A3)
using the individual subscriber authentication key (Ki). Upon
receiving the signed response (SRES) from the subscriber, the
GSM network repeats the calculation to verify the identity of the
subscriber. Note that the individual subscriber authentication key
(Ki) is never transmitted over the radio channel. It is present in the
subscriber's SIM, as well as the AUC, HLR, and VLR databases as
previously described. If the received SRES agrees with the
calculated value, the MS has been successfully authenticated and
may continue. If the values do not match, the connection is
terminated and an authentication failure indicated to the MS.
15. • A5 is a stream cipher consisting of three clock-
controlled LFSRs of degree 19, 22, and 23.
• The clock control is a threshold function of the middle
bits of each of the three shift registers.
• The sum of the degrees of the three shift registers is 64.
The 64-bit session key is used to initialize the contents
of the shift registers.
• The 22-bit TDMA frame number is fed into the shift
registers.
• Two 114-bit keystreams are produced for each TDMA
frame, which are XOR-ed with the uplink and
downlink traffic channels.
• It is rumored that the A5 algorithm has an "effective"
key length of 40 bits.
16. This section focuses on key length as a figure of
merit of an encryption algorithm. Assuming a
brute-force search of every possible key is the
most efficient method of cracking an encrypted
message (a big assumption), Table 1 shown
below summarizes how long it would take to
decrypt a message with a given key length,
assuming a cracking machine capable of one
million encryptions per second.
17. Brute-force
key search
times for
various
key sizes
Key length 32 40 56 64 128
in bits
Time 1.19 12.7 2,291 584,542 10.8 x
required to hours days years years 10^24
test all years
possible
keys
18. A machine capable of testing one million keys per
second is possible by today’s standards. In considering
the strength of an encryption algorithm, the value of
the information being protected should be taken into
account. It is generally accepted that DES with its 56-bit
key will have reached the end of its useful lifetime by
the turn of the century for protecting data such as
banking transactions. Assuming that the A5 algorithm
has an effective key length of 40 bits (instead of 64), it
currently provides adequate protection for information
with a short lifetime. A common observation is that the
"tactical lifetime" of cellular telephone conversations is
on the order of weeks.
19. Number of
machines
required to
search a key
space in a given
time
Key length in bits 1 day 1 week 1 year
40 13 2 -
56 836,788 119,132 2,291
64 2.14x10^8 3.04x10^6 584,542
128 3.9x10^27 5.6x10^26 10.8x10^24
20. The security mechanisms specified in the GSM
standard make it the most secure cellular
telecommunications system available. The use of
authentication, encryption, and temporary
identification numbers ensures the privacy and
anonymity of the system's users, as well as
safeguarding the system against fraudulent use.
Even GSM systems with the A5/2 encryption
algorithm, or even with no encryption are
inherently more secure than analog systems due to
their use of speech coding, digital modulation, and
TDMA channel access.