Beruflich Dokumente
Kultur Dokumente
Abstract
In any mobile system, it is important to send or receive or any kind of data in security situation, it is important to reach
to the services in any time, it is also important to not any one to use other accounts. All these threats require good
security in the mobile system.
This project will discuss security issue. Security is complex subject, so the project tries to view this feature in easy way
without review all details, because that the main goal is to explain what is the security in mobile systems (GSM ,GPRS
and CDMA)?
There are security mechanism in mobile system which will be explained in this project and these mechanism applied by
vary algorithms and functions. As seen to GSM system,
The GSM was designed to be a secure mobile phone system with strong subscriber authentication and over-the-air
transmission encryption. The security model and algorithms were developed in secrecy and were never published.
Eventually some of the algorithms and specifications have leaked out. The algorithms have been studied since and
critical errors have been found. Thus, after closer look at the GSM standard, one can see that the security model is not
all that good. An attacker can go through the security model or even around it, and attack other parts of a GSM
network, instead of the actual phone call.
The security was improved in the CDMA system to avoid the weaknesses in the GSM system, the improvement
appeared clearly in authentication, confidentiality and integrity procedure.
The GSM,GPRS and CDMA architectures must be explained before studying security. Chapter one explain the
important 3G elements and their functional.
In chapter two, the project explain the main security aspects as the security architecture, security requirement and
security services authentication, confidentiality and integrity.
The Authentication and Key Agreement (AKA) which means the authentication procedures, data encryption (data
confidentiality) and data integrity will be explained more in chapter three. These services make by algorithms and
functions varies from generation to other, due to that are complex and some of that still secrecy, it is not explained in
detail.
To study AKA procedures more deeply we will present in chapter four program that simulates the AKA and algorithms
used in GSM.
GSM
(Global System for Mobile communications)
1.1.1-Introduction [1]
In the early 1980s many countries in Europe witnessed a rapid expansion of analog cellular telephone system however,
each country developed its own system, and interoperability across borders became limiting factor.
In 1982, the conference of European post and telecommunications (CEPT), an association of telephone and telegraph
operators in Europe, established a working group to develop a new public land mobile system to span the continent.
Because their working language was French, the group was called the group special mobile (GSM).
1.1.2-GSM Properties [15]
• cellular radio network
• digital transmission up to 9600 bit/s
• roaming (mobilität among different network providers, international)
• Good transmission quality (error recognition and correction)
• scalable (große Teilnehmerzahlen möglich)
• worldwide 900 million subscribers
• Europe : over 300 million subscribers
• security mechanisms provided (authentication, authorisation, encryption)
• good usage of resources (frequency- and time-multiplex)
• integration with ISDN and analogue telephone network
• standard (ETSI, European Telecommunications Standards Institute)
The Mobile Station (MS) is the user equipment in GSM. The MS is what the user can see of the GSM system. The
station consists of two entities, the Mobile Equipment (the phone itself), and the Subscriber Identity Module (SIM), in
form of a smart card contained inside the phone.
The Base Transceiver Station (BTS) is the entity corresponding to one site communicating with the
Mobile Stations. Usually, the BTS will have an antenna with several TRXs (radio transceivers) that each communicate
on one radio frequency. The link-level signaling on the radio-channels is interpreted in the BTS, whereas most of the
higher-level signaling is forwarded to the BSC and MSC. Speech and data-transmissions from the MS is recoded in the
BTS from the special encoding used on the radio interface to the standard 64 kbit/s encoding used in
telecommunication networks. Like the radio-interface, the Abis interface between the BTS and the BSC is highly
standardized, allowing BTSs and BSCs from different manufacturers in one network.
Each Base Station Controller (BSC) controls the magnitude of several hundred BTSs. The BSC takes care of a number
of different procedures regarding call setup, location update and handover for each MS.
The Mobile Switching Centre is a normal ISDN-switch with extended functionality to handle
mobile subscribers. The basic function of the MSC is to switch speech and data connections
between BSCs, other MSCs, other GSM-networks and external non-mobile-networks. The MSC
also handles a number of functions associated with mobile subscribers, among others
registration, location updating and handover. There will normally exist only a few BSCs per
MSC, due to the large number of BTSs connected to the BSC. The MSC and BSCs are connected
via the highly standardized A-interface [GSM0808]. However, due to the lack of standardization
on Operation and Mangement protocols, network providers usually choose BSCs, MSCs and
Location Registers from one manufacturer.
Each Base Station Controller (BSC) controls the magnitude of several hundred BTSs. The BSC takes care of a number
of different procedures regarding call setup, location update and handover for each MS.
The Equipment Identity Register (EIR) is an optional register. Its purpose is to register IMEIs of
mobile stations in use. By implementing the EIR the network provider can blacklist stolen or
malfunctioning MS, so that their use is not allowed by the network.
Fig
1.2
GPRS
General Packet Radio Service
chat over the mobile network. Other new applications for GPRS, profied later, including file transfer and home
automation-the ability to remotely access and control in-house appliances and machines. A wide range of corporate and
consumer applications are enabled by no voice mobile services such as SMS and GPRS. This section will introduce
those that are particularly suited to GPRS.
Applications [4]
1-Chat
2- Textual and visual information
3- Still images
4- Moving images
5- web browsing
6-Audio
7-Internet email
1.2.13 SERVICE ACCESS [15]
To use GPRS, users specifically need:
• A mobile phone or terminal that supports GPRS (existing GSM phones do NOT support GPRS)
• A subscription to a mobile telephone network that supports GPRS
• Use of GPRS must be enabled for that user. Automatic access to the GPRS may be allowed by
some mobile network operators, others will require a specific opt-in
• Knowledge of how to send and/or receive GPRS information using their specific model of
mobile phone, including software and hardware configuration (this creates a customer service
requirement)
• A destination to send or receive information through GPRS. Whereas with SMS this was often
another mobile phone, in the case of GPRS, it is likely to be an Internet address since GPRS is designed
to make the Internet fully available to mobile users for the first time. From day one, GPRS users can
access any web page or other Internet applications-providing an immediate critical mass of uses.
• Having looked at the key user features of GPRS, lets look at the key features from s network
operator perspective.
CDMA
(Code division multiple access)
1.3.1 Background history [4]
Code Division Multiple Access (CDMA) is a radically new concept in wireless communications. It has gained
widespread international acceptance by cellular radio system operators as an upgrade that will dramatically increase
both their system capacity and the service quality. It has likewise been chosen for deployment by the majority of the
winners of the United States Personal Communications System spectrum auctions. It may seem, however, mysterious
for those who aren't familiar with it. This site is provided in an effort to dispel some of the mystery and to disseminate
at least a basic level of knowledge about the technology. CDMA is a form of spread-spectrum, a family of digital
communication techniques that ,have been used in military applications for many vears. The core principle of spread
spectrum is the use of noise-like carrier waves, and, as the name implies, bandwidths much wider than that required for
simple point-to-point communication at the same data rate. Originally there were two motivations: either to resist
enemy efforts to jam the communications (anti-jam, or AJ), or to hide the fact that communication was even taking
place, sometimes called low probability of intercept (LPI). It has a history that goes back to the early days of World
War 11. The use of
CDMA for civilian mobile radio applications is novel. It was proposed theoretically in the late 1940's, but the practical
application in the civilian marketplace did not take place until 40 years later. Commercial applications became possible
because of two evolutionary developments. One was the availability of very low cost, high density digital integrated
circuits, which reduce the size, weight, and cost of the subscriber stations to an acceptably low level. The other was the
realization that optimal multiple access communication requires that all user stations regulate their transmitter powers
to the lowest that will achieve adequate signal quality.
1.3.2 overview of Division Multiple Access [4]
It is easier to understand CDMA if it is compared with other multiple access technologies . The following sections
describe tlle fundamental differences between a frequency division Multiple Access Analog technology (TDMA), a
Time Division multiple Access Digital technology (TDMA)
Code Division Multiple Access subscribers share a common channel (frequency). All users are on the same frequency
at the same time, they are divided however by codes. CDMA Cocktail Par v (analogy)
All subscribers are in the same room together. They can be all talking at the same time. They can be grouped together
or standing across the room from each other. Unlike the other two multiple access systems, they do not have to leave
the room!
Each user's narrowband signal hops among discrete frequency, and the receiver follows in sequence Frequency-
Hopping Spread Spectrum (FHSS) CDMA is not currently used in wireless system, although by the military
CDMA2000 represents a family of ITU-approved. IMT-2000 (3G) standard and network capacity to meet growing
demand for wireless services and high-speed data services. CDMA2000 1X was the world's first 3G technology
commercially deployed (October2000). CDMA2000 represents a family of technologies that includes CDMA2000 1X
and CDMA2000 1X EV.
A:- CDMA2000 1X
The world's first 3G (CDMA2000 1X) commercial system CDMA2000 1X can double the voice capacity of cdmaOne
networks and delivers peak packet data speeds of 307 kbps in mobile environment. There is only one 1.25-MHZ carrier
b: CDMA2000 1X EV
CDMA2000 1X EV includes:
CDMA2000 1X EV-DO
CDMA2000 1X EV-DO delivers peak data speeds of 2.4Mbps and supports applications such as MP3 transfers and
video conferencing.
CDMA2000 1X EV-DV
Hugh-speed packet multimedia services at speeds of up to 3.09 Mbps. 1XEV-DO and 1XEV-DV are both backward
compatible with CDMA2000 1X and cdmaOne (IS-95a & IS-95B).
C: CDMA2000 3X
US (CDMA2000) version: 3X chip rate and more Even faster data:2MB burstingThe Figure Blew IIIustrate that
It has focused on the components that are added to the CDMA system
• Establishes, maintains and terminates point-to-point protocol (999) session with the MS.
• Establishes, maintains and terminates the logical link to the radio network across the radio-
packet (R-9) interface.
• Initiates authentication , authorization and accounting (AAA) for the MS to the packet data
network (internet) via the AAA server .
• Receives service parameters for the MS from the AAA.
• Routes packet data between the RAN and the internet (like NAS in the internet).
• Collects usage data that is related to the AAA server.
• Supports both simple and mobile IP.
• For mobile IP the FA (foreign agent ) should be implemented on the PDSN (also a HA (home
agent) is needed).
• One BSC can interconnect to a few PDSNs for load balancing.
1.3.7.1 Advantages of CDMA2000 [4]
1.3.7.2 Coverage:
Forward and reverse link power control helps a CDMA network dynamically expand the coverage area . the coding and
interleaving techniques used in CDMA provide the ability to cover a larger area for the same amount of available
power used in the system . under line of sight condition CDMA has a 1.7 to 3 times more coverage than time division
multiple access(TDMA)
1.3.7.3 Capacity:
Third generation cellular systems are designed to provide enhanced voice capacity and the support of high data rate
packet data services . these data services are typically characterized by asymmetric traffic requirement subjected to the
adverse effect of the mobile channel . such condition require that use of advances techniques such as fast feedback
channel information adaptive modulation and coding incremental redundancy multiuse diversity ,efficient handoff
algorithm , adaptive data rate control ,etc.
1.3.7.7 Applications:
CDMA offering a world of opportunities for multimedia services, satellite communication, military communication,
wireless local loop (WLL) and so on.
1.3.8.1 Benefits
Backward-compatibility with cdma one deployments:
-protect operator investment in exiting cdma one networks.
-provides simple and cost-effective migration to 3G service voice improvement
GSM SECURITY
2.1.1 Introduction [7]
The security methods standardized for the GSM System make it the most secure cellular telecommunications standard
currently available. Although the confidentiality of a call and anonymity of the GSM subscriber is only guaranteed on
the radio channel, this is a major step in achieving end-to- end security. The subscriber's anonymity is ensured through
the use of temporary identification numbers. The confidentiality of the communication itself on the radio link is
performed by the application of encryption algorithms and frequency hopping which could only be realized using
digital systems and signaling.
2.1.3.2User‘s view
• confidentiality of communication (voice and data)
• privacy, no profiles of the movements of the users
The MS identifies itself by means of the Temporary Mobile Subscriber Identity (TMSI). which is issued by the network
a d may be changed periodically (i.e. during hand-offs) for additional security. The security mechanisms of GSM are
implemented in three different system elements; the Subscriber Identity Module (SIM), the GSM handset or MS, and.
the GSM network. The SIM contains the IMSI, the individual subscriber authentication key (Ki), the ciphering key
generating algorithm (A8), the authentication algorithm (A3), as well as a Personal Identification Number (PIN). The
GSM handset contains the ciphering algorithm (A5). The encryption algorithms (A3, A5, AS) are present in the GSM
network as well. The Authentication Centre (AUC), part of the Operation and Maintenance Subsystem (OMS) of the
GSM network, consists of a database of identification and authentication information for subscribers.
This information consists of the IMSI, the TMSI, the Location Area Identity (LAI), and the individual subscriber
authentication key (Ki) for each user. In order for the authentication and security mechanisms to function, all three
elements (SIM, handset, and GSM network) are required. This distribution of security credentials and encryption
algorithms provides an additional measure of security both in ensuring the privacy of cellular telephone conversations
and in the prevention of cellular telephone fraud. Distribution of security information is among the three system
elements, the SIM, the MS, and the GSM network. Within the GSM network, the security information is further
distributed among the authentication centre (AUC), the home location register (HLR) and the visitor location register
(VLR).
The AUC is responsible for generating the sets of RAND, SRES, and Kc, which are stored in the HLR and VLR for
subsequent use in the authentication and encryption processes. Fig(2.1) demonstrates the distribution of security
information among the three system elements, the SIM, the MS, and the GSM network. Within the GSM network, the
security information is further distributed among the authentication center (AUC), the home location register (HlR) and
the visitor location register (VLR).
The GSM system promises to provide security over the air interface that is as good as the security offered by traditional
fixed networks .[l] The GSM standard specifies the following security features to be implemented in every PLMN.
-Subscriber identity. (lMSI) confidentiality. This feature protects the Subscriber ID (IMSI) from being attacked by
eaves-droppers.
-Subscriber (IMSI) authentication This feature protects the Network Assets from Attacks by imposters.
Fig connections.
Use data confidentiality an physical 2.1 Architecture
This security for GSMthe protection of user speech data and other
feature provides
user related identification information.
GPRS Security
Services that demand a high level of security could be financial transactions transfer of medical information or
exchange of personal e-mail messages. In the next two subchapters we have explained which part in the GPRS system
we are focusing on and the test we did in the Ericsson AS'a lab environment.
Confidentiality – The property of information that has not been disclosed to unauthorized parties. Confidentiality has
traditionally been seen as the most formidable threat in the communications system. To provide confidentiality
encryption is used.
Integrity – the property of information that has not been changed by authorized parties Integrity is normally associated
with error correction and retransmission techniques to ensure that data are not corrupted. Cryptographically checksum
is a technique to ensure that data is not willfully modified.
Authentication – The provision of assurance of the claimed identity of an entity. Authentication is reference to the user
identity verification. Challenge- Response is a common authentication mechanism that active challenge the user to
claim that he is the right person, so the user has to give that right response.
Access control – The prevention of unauthorized use of a resource, including the prevention of a resource in an
unauthorized manner. Access control is to give access to services for authorized user and denying unauthorized user the
same services.
Denial-of-Service – While access control is about denying the unauthorized user access to the services, Denial-of-
Service can be seen as a security service to ensure that unauthorized users are denied access to the services.
2.the new SGSN responds with the identity of the handset. The old SGSN responds with identity of the handset.
3.the new SGSN requests more informationA from MS .this information is used to authentication the MS to the new
SGSN .
4-The authentication process continues to the HLR. The HLR acts like a RADIUS server using a handset-level
authentication based on IMSI and similar to the CHAP authentication process in PPP.
5. A check of the equipment ID with the EIR is initiated.
6. If the equipment ID is valid, the new SGSN sends a location updated to the HLR indicating the change of location to
a new SGSN. The HLR notifies the old SGSN to cancel the location process for this MS. The HLR sends an insert
subscribe data request and other information associated with this mobile system and notifies the new SGSN that the
update location has been performed.
7. The new SGSN initiates a location update request to the VLR. The VLR acts like a proxy RADIUS that queries the
home HLR.
8. The new SGSN sends the Attach Accept message to the MS.
9. The MS sends the Attach Complete message to the new SGSN.
10. The new SGSN notifies the new VLR that the relocation process is complete.
The GPRS authentication process is very similar to the CHAP with RADIUS server the authentication process follows
these steps:
1.The SGSN sends the authentication information to the HLR . the HLR sends information back to the SGSN based on
the user profile that was part of the user's initial setup.
2.The SGSN sends a request for authentication and ciphering (used a random key to encrypt information ) to the MS .
the MS uses an algorithm to send the user ID and password to the SGSN. Simultaneously , the SGSN uses the same
algorithm and compares the result. If match occur . the SGSN authentications the user.
point of view necessary that on the radio path a protected identifying method is used instead of the IMSI. The IMSI
should not normally be used as addressing means. But when signaling procedures permit it it, signaling information
elements that can expose information about the mobile subscriber identity must be ciphered for transmission.
To identify a mobile subscriber on the radio path a Temporary Logical Link Identity (TLLI) is used. The TLLI is a
local number and has only a meaning in a given Routing Area (RA), it is accompanied by the Routing Area Identity
(RAI). The relation between the TLLIs and IMSIs are stored in a database at the, SGSN. So when a TLLI is received
with a RAI that does not correspond to the current SGSN, the IMSI is requested from the SGSN in charge of the RA
indicated in the RAI. If the address of that SGSN is unknown the IMSI is requested from the MS. When a new TLLI is
allocated to a MS, it is transmitted from the SGSN to the MS in a ciphered mode produced with the GPRS-A5
algorithm. This is not completely the truth since the fixed part of the network can acquire the identification of the MS
in clear. However this is a breach in the provision of the service, and should only be used when necessary to cope with
malfunctioning e.g. arising from software failure
Authentication key Ki. The MS and the SGSN must coordinate when the ciphering and the deciphering processes
should start.
indicating if the frame is ciphered or not. The SGSN indicates if the ciphering should be used or not in the
Authentication and Ciphering Request message, and the MS starts the ciphering after sending the Authentication and
Ciphering Response message. In order for the enciphering bit stream at one end and the deciphering bit stream at the
other end to coincide, the streams must be synchronized. This is done by using an explicit variable INPUT, the
DIRECTION and the Kc in the algorithm GPRS-A5, The synchronization of ciphering at LLC frames level is done by
a bit in the LLC header
When a inter SGSN routing area update occurs, the necessary information (i.e Kc ,INPUT) is transmitted within the
system infrastructure to enable the communication to proceed from the old SGSN to the new one. The key Kc may
remain unchanged at Inter SGSN routing area update. The MS should indicate which version of the GPRSA5 algorithm
it supports when it wants to establish a connection to the network. The negotiation of the GPRS-A5 algorithm happens
during the authentication procedure. The network can decide to release the connection if there is no common GPRS-A5
algorithm, or if the MS indicates an illegal combination of supported algorithms. Otherwise the network selects one of
the mutual acceptable versions of the GPRS-A5 algorithms to bused.
CDMA security
2.3.1 Introduction [6]
Since the birth of the cellular industry, security has been a major concern for both service providers and subscribers.
Service providers are primarily concerned with security to prevent fraudulent operations such as cloning or
subscription fraud, while subscribers are mainly concerned with privacy issues. In 1996, fraudulent activities through
cloning and other means cost operators some US$750 million in lost revenues in the United States alone. Fraud is still
a problem today, and IDC estimates that in 2000, operators lost more than US$180M in revenues from fraud.
Technical fraud, such as cloning, is decreasing in the United States, while subscription fraud is on the rise1. In this
paper, we will limit our discussions to technical fraud only. With the advent of second-generation digital technology
platforms like TDMA/CDMA-IS-41, operators were able to enhance their network security by using improved
encryption algorithms and other means. The noise-like signature of a CDMA signal over the air interface makes
eavesdropping very difficult. This is due to the CDMA “Long Code,” a 42-bit PN (Pseudo-Random Noise of length
242-1) sequence, which is used to scramble voice and data transmissions. This paper discusses how CDMA 2000
1xRTT implements three major features of mobile security: authentication, data protection, and anonymity
A random binary number called RANDSSD, which is generated in the HLR/AC, also plays a role in the authentication
procedures. The A-Key is programmed into the mobile and is stored in the Authentication Center (AC) of the network.
In addition to authentication, the A-Key is used to generate the sub-keys for voice privacy and message encryption.
CDMA uses the standardized CAVE (Cellular Authentication and Voice Encryption) algorithm to generate a 128-bit
sub-key called the “Shared Secret Data” (SSD). The A-Key, the ESN and the network-supplied RANDSSD are the
inputs to the CAVE that generates SSD. The SSD has two parts: SSD_A (64 bit), for creating authentication signatures
and SSD_B (64 bit), for generating keys to encrypt voice and signaling messages. The SSD can be shared with roaming
service providers to allow local authentication. A fresh SSD can be generated when a mobile returns to the home
network or roams to a different system.
In CDMA networks, the mobile uses the SSD_A and the broadcast RAND* as inputs to the CAVE algorithm to
generate an 18-bit authentication signature (AUTH_SIGNATURE), and sends it to the base station. This signature is
then used by the base station to verify that the subscriber is legitimate. Both Global Challenge (where all mobiles are
challenged with same random number) and Unique Challenge (where a specific RAND is used for each requesting
mobile) procedures are available to the operators for authentication. The Global Challenge method allows very rapid
authentication. Also, both the mobile and the network track the Call History Count (a 6-bit counter). This provides a
way to detect cloning, as the operator gets alerted if there is a mismatch.The A-Key is re-programmable, but both the
mobile and the network Authentication Center
2.3.4.2. ESN-MIN-MDN:
ESN (electronic serial number)
The ESN is the 32 bit electronic serial number of the mobile phone. The ESN is pre-programmed by the phone
manufacturer during factory setting. The ESN is unique to each mobile on the network and is used in conjunction with
the mobile number to identity the mobile on the network . MIN (mobile identification number)
The MIN is the 10 digit number which is assigned by the service providers to a mobile phone in the network . the MIN
is unique each mobile on the network and is used in conjunction with the ESN to identify the mobile on the network.
MDN (mobile directory number) The MDN is the 10 digit dilatable number assigned by the service provider to a
mobile phone on its network . the MDN may be the same as the MIN (it depend on how the service provider provisions
this pair on its network)
GSM Encryption
3.1.1 Introduction [1]
Encryption, Decryption and cryptography
Encryption is the conversion of message from the original form to an unrecognizable form (encrypted message)
while decryption is the re-conversion of the encrypted message into its original form. The word cryptography comes
from the Greek words kryptos which means hidden and graphein which means writing. Cryptography is the science
of encryption and decryption. The art or study of cryptography was a known practice in the ancient world. The first
recorded use of cryptography was by the Spartan’s in 400 B.C. and one of the more famous ancient
cryptography was known as “Caesar Cipher” named after Julius Caesar which was used by the Roman armies to
transfer messages during war. The modern day cryptographic techniques make use of much faster processing
techniques which are embedded on advanced electronics chips and computers systems. In a general cryptographic
system a message is encrypted with the help of keys which are nothing but variables which are applied to the original
message. The formula for combining the original message and the key to produce an encrypted message is known as a
cryptographic algorithm. For example an original text written as HOWAREYOU could be encrypted into
KRZDUHBRX. In this example the cryptographic algorithm would read “shift key places forward” and the key
could be 2 which means shift 2 places forward.As can be seen in the above example both sides must have the same
cryptographic algorithm and must know the key or variable to perform the cryptographic algorithm on the original
message. Most Cryptographic systems use either the Secret Key (Symmetric) cryptography or Public Key
(Asymmetric) cryptography and sometimes even a mix of both. This White Paper will not discuss these two models
as used in various applications but would stay focused on the Authentication and Encryption as used in GSM systems
• Each bit of K (lsb to msb) is XOR'ed in parallel into the lsb's of the registers
• 22 cycles (without the stop/go clock) :
• Each bit of Fn (lsb to msb) is XOR'ed in parallel into the lsb's of the registers
• 100 cycles with the stop/go clock control, discarding the output
• 228 cycles with the stop/go clock control which produce the output bit sequence.
About A5 :
• A5/0 : no encryption.
• A5/1 : original A5 algorithm
• A5/2 : weaker algorithm created for export
• A5/3 : strong encryption created by 3GPP
• A5 is a stream cipher.
• Uses three linear feed-back shift registers (LFSR) of different length (19/21/22) and Variable clock. The xor of the
three registers Is the bit stream that is then xored with the
Plain text.
• The key is the initial content of the Registers, in total 64 bits derived from Kc
And the frame number.
3.1.5 A5/2 Algorithm [15]
3.1.5.1 Description of A5/2
• 4 LFSR R1,R2,R3,R4.
• R4 controls the clocking of R1,R2,R3.
• LFSRs are initialized using KC and frame # f.
• After key is loaded, one bit of each register is forced to be set.
• Output (228 bit key stream) is quadratic function of R1,R2,R3.
• 114 bits of key stream are used to encrypt uplink and rest 114 are used for downlink.
• Electromagnetic emanations
• Cloning of SIM is possible
3.1.8.3 Cryptanalytic Attack
• Weakness in the encryption algorithm
• Session key KC is compromised
• Over the air attack (physical access not required)
3.1.9 Observations [15]
• Attack takes lesser time than authentication timeout.
• No authentication for base station.
• Replay attack is possible as nonce or time stamp are not used.
• A5/2 is already broken and A5/1 is weak. Even changing to A5/3 won’t help.
• GSM interceptor/scanners are easily available.
• Security problems in mobile communications are keeping the applications like m-commerce
from deployment.
• Attack takes lesser time than authentication timeout.
• No authentication for base station.
• Replay attack is possible as nonce or time stamp are not used.
• A5/2 is already broken and A5/1 is weak. Even changing to A5/3 won’t help.
• GSM interceptor/scanners are easily available.
• Security problems in mobile communications are keeping the applications like m-commerce
from deployment.
• GSM security design process was conducted in secrecy.
• The A5 encryption algorithm was never published.
• The key calculated does not depend on which of the A5 algorithms it is destined to be used with.
• Real time cryptanalysis of A5/2.
• The encryption is done after coding for error correction.
GPRS Encryption
3.2.1 Authentication and key agreement of GPRS [4]
3.2.1.1 Keys and triplets:
When a connection is established with a Mobile Station (MS), the Serving GPRS Support Node (SGSN) is informed
and takes over control of the Authentication procedure. The SGSN request the International Mobile Subscriber Identity
(IMSI) and uses it to identify the station's HLR. The SGSN conveys the IMSI and its own identity to the HLR so that
this can inform the Network of the Mobile Station's subscriber IMSI; it addresses the Authentication centre and
requests for the ciphering key Ki. The key is retrieved by the Authentication centre and used with a Random number as
parameter in an algorithm, A3 to calculate a signature or signed response. The AuC similarly uses Ki and the random
number as a parameter in an other algorithm A8 to calculate the ciphering key Kc for traffic channel coding. The
random number, the signed response and Kc make up a triplet for a mobile station which can be used for further
ciphering.
A cryptosystem defines a pair of data transformations. The first transformation, the encryption is applied to an ordinary
data item known as plaintext and generates a corresponding (unintelligible) data item called cipher text. The second
transformation or decryption is applied to the cipher text and results it in the regeneration of the original plaintext. An
encryption transformation is defined by an algorithm and uses as input both the plaintext data and an independent value
known as an encryption key Similarly, a decryption transformation is defined by an algorithm and uses a decryption
key as well as the cipher text so as to cover the plaintext.
If the authentication of the subscriber is successful then the encoding step is targeted. Data and signaling are merged on
a traffic channel between the mobile station and the SGSN using:
• The GPRS system uses a new A5 implementation as well referred to as the GEA version 1
(GPRS Encryption Algorithm). The GEA is responsible for securing the interface from Mobile Station
to SGSN. The Kc is not transmitted to the BTSs and the transmission channel between the BTS and the
SGSN is encrypted making impossible to monitor the backbone between the BTS and the SGSN
• The Key Kc as a parameter
Once the encryption key id derived, communication between the NS and the GPRS/EDGE network is encrypted using
an algorithm called GPRSA5, a modified version of the A5 algorithm used in GSM network for voice communication.
GPRSA5 is optimized for packet-data communications.
The algorithms is used for authentication processes and algorithms A8 it used for produce cipher key (kc). The
algorithms A3 and A8 in GPRS takes same procedures which they occurs in GSM system.
CDMA ENCRYPTION
3.3.1 Authentication and Encryption in CDMA system [13]
Executive summary
Mobile usage has virtually penetrated every aspect of our daily lives from the traditional voice communication to short
message services (SMS), multimedia messaging services (MMS), ring tones, camera phones, games and a vast array of
applications. In fact with the advent of 3G technologies most Service Providers are promising even more attractive
features and applications. Most mobile phone manufacturers are making the mobile even more and more feature rich.
One of the key areas which has been addressed by both the Service Provider and the Mobile manufacturers is in th area
of Authentication and Encryption in Mobile technology. This White Paper is an attempt to address the concept of
Authentication and Encryption in CDMA systems and the usage of this feature in today’s mobile telephony
environment.
At the heart of the Authentication model in CDMA is the Authentication key or A-key which is
like a master key to the system. The A-key is a 64 bit number stored in the permanent section
of the memory and is usually pre-programmed at factory settings. The A-key as we shall see in
further sections is used to generate intermediate keys and session keys within the system. The
model represented below represents the complete Authentication and Encryption systems in
CDMA networks and will be the focus of our study from now.
initiate a SSD update to generate a new pair of SSD_A and SSD_B and also in some cases
initiate a Unique Challenge to the mobile. Here it sends out a Unique Random number
RANDU (24 bits) to a particular mobile and receives a unique Authentication Signature
(AUTHU) (18 bits) from that
mobile. The Authentication Procedure is invoked during Registration, Origination, Page
Response or Data Burst Message.
AUTH_SIGNATURE-CAVE
AUTHR (18)
When a Mobile attempts to Originate a call by sending an Origination message on the Access Channel
RAND (32) ESN (32) IMSI_S1 (24) SSD_A (64)
AUTH_SIGNATURE-CAVE
AUTHR (18)
AUTH_SIGNATURE-CAVE
AUTHR (18)
When a Mobile attempts to send a Data Burst message on the Access Channel
AUTH_SIGNATURE-CAVE
AUTHR (18)
A technique in which the transmission bandwidth W and message bandwidth R are related as
W >> R
Counter intuitive
Achieves several desirable objectives for e.g. enhanced capacity
Frequency Hopping
3.3.3.1Frequency Hopping
IS-95 CDMA
1 Direct Sequence Spread Spectrum Signaling on Reverse and Forward Links
2 Each channel occupies 1.25 MHz
Reverse CH Forward CH
3.3.6.2 Cellular Message Encryption Algorithm (CMEA) key (64 bit) [12]
The CMEA key is used with the (ECMEA) algorithm for protection of digital data exchanged between the mobile
station and the base station. Note that CMEA is not used to protect voice communications. Instead, it is intended to
protect sensitive control data, such as the digits dialed by the cell phone user. A successful break of dialed (all KTMF
tones) by the remote endpoint and alphanumeric personal pages received by the cell phone user. Finally, compromise
of the control channel contents could lead to any congenital data the user types on the keypad: calling card PIN
numbers may be an especially widespread concern, and credit card numbers, bank account numbers, and voicemail PIN
numbers are also at risk.
A description of CMEA
We describe the CMEA speci_cation fully here for reference. CMEA is a byte oriented variable-width block cipher
with a 64 bit key. Block sizes may be any number of bytes; with the block size potentially varying without any key
changes. CMEA is quite simple, and appears to be optimized for 7-bit microprocessors with severe resource
limitations. CMEA consists of three layers. Performs one non-linear, un keyed operation if tended to make changes
propagate in the opposite direction. One can think of the second step as (roughly speaking) XORing the right half of the
block from left to right; in fact, it is the inverse of the first layer.
3.3.6.4 The data key (32 bit) and the ORYX algorithm [12]
A separate data key, and an encryption algorithm called ORYX, is used by the mobile and the network to encrypt data
traffic on the CDMA channels.
ORYX is a simple stream cipher based on binary linear feedback shift registers (LFSRs) that has been proposed for use
in North American digital cellular systems to protect cellular data transmissions. The cipher ORYX is used as a key
stream generator. The output of the generator is a random-looking sequence of bytes. Encryption is performed by
XORing the key steam bytes with the data bytes to form cipher text. Decryption is performed by XORing the key steam
bytes with the cipher text to recover the plaintext. Hence known plaintext-cipher text pairs can be used to recover
segments of the key steam. In this paper, the security of ORYX is examined with respect to a known plaintext attack
conducted under the assume piton that the cryptanalyst knows the complete LFSRs. For this attack, we assume that the
compete structure of the cipher, including the LFSR feedback functions, is known to the cryptanalyst. The key is only
the initial states of the three 32 bit LFSRs: a total key size of 96 bits. there is a complicated key schedule which
decreases the total key space to something easily searchable using brute-force techniques; this reduces the key size to
32 bits for export. However, ORYX is apparently intended to be strong
Algorithm when used with a better key schedule that provides a full 96 bits of entropy. The attack proposed in this
paper makes no use of the key schedule and is
Applicable to ORYX whichever key schedule is use. Show the fig
networks, mainly due to the nature of the radio frequency signaling, while it is possible to listen in on a GPRS
transmission using TDMA receivers, such is not possible with CDMA. A CDMA receiver has to be coded with the
correct 64 bit code to be receive a channel of CDMA traffic and without This code , or with the wrong code ,the
received signal is noise ,A brute force attack to find correct code is not feasible . The code is exchanged between the
sender and receiver at the handshake , which happens over an encrypted channel. IN spite of the difficulty in 'tuning '
into CDMA transmission , the data (or voice ) transmission is further encrypted . This double layer of ciphering makes
CDMA security possibly quit strong . All cellular networks however vulnerable to location finding by triangulation or
directional antennas .that is , an attacker can find the location of mobile station with the use of the radio monitoring
equipment , This dose not compromise the privacy of the data , but the privacy of the operators location , In our
simulation we faced some difficulties in 3rd G security because it is new system and it is not applied more and
encryption and functions content still secrecy . We also found the algorithms in GSM as not complex as algorithms in
CDMA . in the end our advice to who wants to extend in this filed to concentrate in the algorithms and function and
their functionalities in the new system like CDMA .
3.3.9 Recommendations
In the project we are working hard to research in the Security and encryption in GSM, GPRS & CDMA system. But we
denote a recommendation to the researchers in this project to make this project complete.
A recommendation are :
1- they should be research in the new algorithm which are updated by the companies. Such as A5 algorithm , we are
researching about A5/1 and A5/2 algorithms but now there is new algorithm called A5/3 in the 3G system.
2- the project miss to making simulation in the security and Encryption in the CDMA system to gives a realty to the
project .
3- they should be research in the structure of the algorithm and architecture of the devices and chips which has
Encryption system.
4- they should be research about a way to generate a codes in CDMA system .such as PN code and Walsh code.
Chapter 4
Simulation for Security and Encryption
4.1. Introduction:
This project talks about the security and Encryption in cellular system so we should need to make simulate for a
security and Encryption for this system. And we will provide simple simulate in this project about the security and
Encryption in GSM system and specifically an Encryption via algorithms A5 , A8and A3.And we will provide a
program via language of the programming language the visual basic a program to simulate the Encryption and
Security . this program is not simulate an Encryption in all sides but its simulate the important side Message Encryption
and user Authentication .this program also simulate the security by make the domain for the user (specific rang) so any
user out of this domain can not allowed to access this system and each user in this domain can access a system by given
each user the special code. This program generates the random code for all users in the domain. A program is contain
two primary part, first the transmission part .second one the receiving part, and we well describe every part of them.
4.2. Purpose:
The purpose of the program is to illustrating more the ideas in the project for the readers and making simulation to be
closer to the realty.
4.3. Program operations:
the receiving message will be like codes in the receiving part, but the program will convert these codes to the origin by
converting a code to the number and subtract 128 bit from the number to be ASCII code ,and convert the ASCII to the
letter , the converting of ASCII depending on the table of letter
4.4.Program code :
4.4.2 Code of program
S = Len(Text1.Text)
Next U
For J = 1 To S
If CodeMyString(J) < 128 Then
OurCodeMyString(J) = CodeMyString(J) + 128
Else
OurCodeMyString(J) = CodeMyString(J) - 128
End If
Next J
Next J
Text7.Text = NewMobileNo
Text8.Text = NewMobileNo + (Val(Text6.Text) - Val(Text5.Text))
End Sub
1G
4.5. Conclusion First Generation (Mobile Communications)
2G Second Generation (Mobile Communications)
this program 3G
simulates the Authentication and message Encryption by the simple way .
Third Generation (Mobile Communications)
3GPP any researchers
we are recommending Third Generation Partnership
in the security Projectto(of
and Encryption ETSI) a program which simulate the
providing
8PSK
security and Encryption Eight system
in the CDMA phase Shift Keying
and any application of the algorithms in this system
A A interface
AAL ATM Adaptive Layer
AAL2 ATM Adaptation Layer Type 2
AAL5 ATM Adaptation Layer Type 5
Abis Abis interface
AC Authentication Center
AES Advanced Encryption Standard
AKA Authentication and Key Agreement
ALCAP Access Link Control Application Part
ALCAP Advanced Mobile Phone Service
AMPS Adaptive Multi-Rate (speech codec)
AMR Standards Committee T1 Telecommunication of the
ANSI T1 American National Standards Institute
ARIB/TTC Association of Radio Industries and
Business/Telecommunication Technology Committee
ASN.1 Abstract Syntax Notation One
ATM Asynchronous Transfer Mode
AuC Authentication Center
BEC Backward Error Correction
BMC Broadcast/Multicast Control
BSC Base Station Controller
BSS Base Station Subsystem
BTS Base Transceiver Station
CAMEL Customized Application for Mobile Enhanced Logic
CAP CAMEL Application Part
CATT China Academy of Telecommunication Technology
CAVE Cellular Authentication and Voice Encryption
CBR Constant Bit Rate (data stream)
CC Call Control
CCITT Comité Consultative International Téléphonique et
Abbreviations
Telecommunication
CCS7 Common Control Signaling System No 7
CDMA Code Division Multiple Access
CDMA2000 3rd Generation Code Division Multiple Access
Security and Encryption in GSM, GPRS, CDMA System 70
CMEA Cellular Message Encryption Algorithm
CN Core Network
CRNC Controlling RNC (Radio Network Controller)
Security and Encryption in GSM, GPRS, CDMA System
CS Circuit Switched
CS-CN Circuit Switched Core Network
CSE CAMEL Service Environment
CT Conformance Test
D-AMPS Digital AMPS
DCH Dedicated Channel
DECT Digital Enhanced Cordless Telephone
DL Downlink
DPC Destination Point Code
DRNC Drift Radio Network Controller
DRNS Drift Radio Network Subsystem
DTE Data Terminal Equipment
EDGE Enhanced Data Rates for GSM Evolution
EFR Enhanced Full Rate (speech codec)
EIR Equipment Identity Register
ESE Emulation Scenario Editor
ESN Electronic Serial Number
ETSI European Telecommunication Standards Institute
FDD Frequency Division Duplex
FDMA Frequency Division Multiple Access
FEC Forward Error Correction
FER Frame Error Rate
GGSN Gateway GPRS Support Node
GMM GPRS Mobility Management (protocols)
GMSC Gateway MSC
GMSK Gaussian Minimum Shift Keying
GPRS General Packet Radio Service
GSM Global System for Mobile Communication
GSM-R GSM Railway
GSMSCF GSM Service Control Function
GSMSSF GSM Service Switching Function
GTP GPRS Tunneling Protocol
GTP-C GTP Control
GTP-U GTP User
HLR Home Location Register
HO/HoV Handover
HSCSD High Speed Circuit Switched Data
ICO Intermediate Circular Orbits
Security and Encryption in GSM, GPRS, CDMA System 71
IDC International Data Corporation
IETF Internet Engineering Task Force
Security and Encryption in GSM, GPRS, CDMA System
References
Security and Encryption in GSM, GPRS, CDMA System 76
Security and Encryption in GSM, GPRS, CDMA System