Naveen Kumar

GSM is the most widely used cellular standard

Over 600 million users, mostly in Europe and Asia
Provides authentication and encryption capabilities
Todays networks are 2G & 3G
Future (4G LTE)

VLR
Switching
and
routing

HLR/AuC

Home
network

Other Networks
(GSM, fixed,
Internet, etc.)

SIM

Visited network

Authentication

network operator can verify the identity of the subscriber making

it infeasible to clone someone elses mobile phone

Confidentiality
protects voice, data and sensitive signalling information
(e.g. dialled digits) against eavesdropping on the radio
path
Anonymity
protects against someone tracking the location of the user or
identifying calls made to or from the user by eavesdropping on
the radio path

Three algorithms have been specified to

provide security services in GSM.

A3 is used for authentication,

A5 for encryption, and

A8 for the generation of a cipher key

For authentication, the VLR sends the random

value RAND to the SIM.

The MS sends back the SRES generated by the

SIM; the VLR can now compare both values. If
they are the same, the VLR accepts the
subscriber, otherwise the subscriber is rejected.

To ensure privacy .
All user-related data is encrypted. After
authentication, BTS (base transceiver station) and
MS apply encryption to voice, data, and signaling
by applying the cipher key Kc .

Kc is generated using the individual key Ki and a

random value by applying the algorithm A8.
This confidentiality exists only between MS and
BTS, but it does not exist end-to-end or within the
whole GSM network.

Note that the SIM in the MS and the network both

calculate the same Kc based on the random value RAND.
The key Kc itself is not transmitted over the air interface.
MS and BTS can now encrypt and decrypt data using the
algorithm A5 and the cipher key Kc.
Kc should be a 64 bit key which is not very strong, but is at least a
good protection against simple eavesdropping.
However, the publication of A3 and A8 on the internet showed that in
certain implementations 10 bits out of 64 bits are always set to 0, so
that the real length of the key is thus only 54 consequently, the
encryption is much weaker.

To provide user anonymity, all data is

encrypted before transmission, and user
identifiers (which would reveal an identity) are
not used over the air.

Instead, GSM transmits a temporary identifier

(TMSI), which is newly assigned by the VLR
after each location update.

Additionally, the VLR can change the TMSI at

any time.

User identity confidentiality on the radio access link

temporary identities (TMSIs) are allocated and used instead of
permanent identities (IMSIs)

Helps protect against:

tracking a users location
obtaining information about a users calling pattern

IMSI: International Mobile Subscriber Identity

TMSI: Temporary Mobile Subscriber Identity

The GSM cipher A5/2

A5/2 is now so weak that the cipher key can be
discovered in near real time using a very small
amount of known plaintext

No requirement of
decrypting skills
Need a instrument that
captures microwave
Gains control of
communication
between MS and
intended receiver

 Design only provides access security - communications and

signalling in the fixed network portion arent protected
Design does not address active attacks, whereby network elements
may be impersonated
Design goal was only ever to be as secure as the fixed networks to
which GSM systems connect
Short key size of Kc (64 bits) makes it more vulnerable to various
attacks

Mutual Authentication
provides enhanced protection against false base
station attacks by allowing the mobile to
authenticate the network

Data Integrity
provides enhanced protection against false base
station attacks by allowing the mobile to check
the authenticity of certain signalling messages

Network to Network Security

Secure communication between serving networks.
MAPSEC (Mobile Application Part Securit) or IPsec
can be used

Wider Security Scope

Security is based within the RNC rather than the
base station

Flexibility
Security features can be extended and enhanced
as required by new threats and services

Longer Key Length

Key length is 128 as against 64 bits in GSM

(1) Distribution of
authentication vectors
(2) Authentication
(3) CK,IK

(3) CK, IK

MSC
MSC

(4) Protection of the

access link (ME-RNC)

USIM
USIM

ME
ME

User
Equipment

BTS

H
HLR
HLR

AuC
AuC

MSC circuit switched

services

RNC

Access Network
(UTRAN)

SGSN
SGSN

SGSN packet switched

services

Visited
Network

Home
Network

Mutual Authentication between user and the

network

Establishes a cipher key and integrity key

Assures user that cipher/integrity keys were

not used before, thereby providing
protection against replay attacks

Protection of some radio interface signalling

protects against unauthorised modification, insertion and replay

of messages
applies to security mode establishment and other critical
signalling procedures

Helps extend the influence of authentication when

encryption is not applied
Uses the 128-bit integrity key (IK) derived during
authentication
Integrity applied at the Radio Resource Control (RRC)
layer of the UMTS radio protocol stack
signalling traffic only

Data on the radio path is encrypted between the Mobile

Equipment (ME) and the Radio Network Controller (RNC)
protects user traffic and sensitive signalling data against
eavesdropping
extends the influence of authentication to the entire duration of the
call

Uses the 128-bit encryption key (CK) derived during

authentication

No security for
communication
between network
elements in GSM
Easy to gain
access to
sensitive
information such
as Kc
Network Domain
Security in UMTS
foils these attacks

UMTS builds upon security mechanisms of GSM, and in

addition provides following enhancements:
Encryption terminates at the radio network controller
Mutual authentication and integrity protection of critical
signalling procedures to give greater protection against false
base station attacks
Longer key lengths (128-bit)
Network Domain Security using MAPSEC or IPSec

GSM-Security: a Survey and Evaluation of the Current Situation,

Paul Yousef, Masters thesis, Linkoping Institute of Technology,
March 2004
UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics
& Communication Engineering Journal, Oct 2002, Volume: 14,
Issue:5, pp. 191- 204
"Evaluation of UMTS security architecture and services, A. Bais,
W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International
Conference on Industrial Informatics, p. 6, Singapore, 2006
UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John
Wiley and Sons, 2003
GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528,
pp. 224-240, Springer-Verlag 1998

chd.naveen@gmail.com
/chd.naveen
@saini_naveen87
/NaveenKumar11
www.elixir-india.com