This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Confidentiality in GSM system generally encounters for secure transmission of voice and text services offered by system. For this the system greatly relies on encryption and decryption algorithm designed for the system. A5 algorithm is responsible for encryption and decryption of voice and text services. A5 is a block cipher which has undergone through revolutionary changes periodically with time i.e. A51, A52, and A53. More specifically the mostly used algorithm for secure transmission of voice and text is A51 . However eavesdropping is still the existing threat. Eavesdropping include listening of voice and text over the air interface in order to perform active and passive attack. Eavesdropping to confidentiality algorithm is generally accomplished by collecting the cipher text stream along with associated plaintext stream through air interface. In order to do this attacker first need to make a call with victim MS. The next step attacker follows is to record the RAND (one of entity that is used for challenge response protocol for authentication algorithm) which is used to install cipher key Kc. Again the attacker also records the parameter i.e. cipher text stream exchanged between MS and BTS and the corresponding frame number on uplink and downlink . Recording is generally accomplished by performing traffic analysis. Again the legitimate call is made by attacker to victim MS it is easier for attacker to record unencrypted plaintext. After collecting the cipher text attacker now recover the pseudorandom bit from corresponding frame and finally recover the entire BLOCK stream with associated RAND .
Where CFN is a cipher text block created in uplink and MFN is message associated with corresponding frame number.
After collecting unencrypted plain text, cipher text exchange between MS and BTS and the corresponding frame number it is easy for an eavesdropper to retrieve a BLOCK associated with RAND as describe above. It is genuine that whenever the user sends SMS it is encrypted with corresponding cipher key KC. However in this case an eavesdropper is able to decrypt the message sent over air interface with the help of parameter that he had collected . Now by then an attacker can modify message. Again the system does not offer any provision for MAC value or hash function for user in order to be sure that the message is not tempered in the middle by any intruder. Hence alteration or modification of message is still the existing threat for system.
With a general idea of a captured BLOCK value an eavesdropper can modify any SMS arriving from any address and then send it to any MS. The MS then decrypt the message and trust that it had arrived from legitimate source .
This type of threat generally occurs when an intruder jam the network traffic and prevent user or network to access any data . The malicious user may request for channel and the system accept the channel request of malicious user which is not yet authenticated which is generally found in case of preliminary part of mobile call origination, the malicious user may repeats the step over and over there by jamming the channel for legitimate user since the number of channel available is limited for the system. This is generally the case associated with DOS attack.
This is generally done by overloading the service whereby attacker prevent user to access the services offered by system . Overloading is generally done by excessive use of resources for example excessive channel request, excessive use of services like SMS voice etc. Moreover Attacker can send the void information in same frequency as that of BTS which as a result can cause resource blocking to the user. Again an attacker may send a fake IMSI detach request to network . The net result is that user does not get any access to network paging request .
Authentication perform in GSM system is unilateral. The network presents a challenge response protocol in order to authenticate the user; however there is no provision for user to authenticate the network . This gives attacker chance to impersonate as a network there by eavesdropping the data sent by victim MS over the air interface. More precisely the possibilities of false BTS help an eavesdropper to intercept the secret key Ki which is responsible for authentication algorithm. This is generally done by providing a challenge to the victim MS and then recording the response and finally applying crypto analytical attack . Now after decrypting the secret key Ki eavesdropper is able to get physical access to SIM there by impersonating to network as a legitimate user.
Again due to lack of mutual authentication there is chance for an attacker to impersonate as a legitimate network to user. Moreover after capturing the victim secret key Ki used for authentication attacker can impersonate as a legitimate user to network. Thus two cases of impersonation are generally found in the system.
Impersonating as a legitimate network to user
This kind of threat exists in the system due to flaw present in design of authentication algorithm i.e. one way authentication. The first step done by attacker is to captures the victim MS. In next steps an attacker forces user to use fake BTS BCCH by providing the higher power level than that of original BTS. Finally attacker replay and relay the signaling information so that the victim trust that the signaling information had arrived from genuine network .
Consequences of impersonating as a network to user
1 Hijacking of incoming and outgoing call
With sufficient base station functionality and after capturing the victim MS it is easier for an attacker to hijack both incoming and outgoing call. Again hijacking of incoming and outgoing call can be done with either enabled encryption or by disabling the encryption. In the former case attacker makes an attempt to suppress the encryption . Suppression of encryption is done generally at a instant of call set up where attacker with false BTS reconstruct the ciphering mode of MS and hence making an incompatible encryption standard between genuine network and MS . In later case for incoming call first attacker call the target user and in next step sits passively i.e. attacker simply act as relay between genuine network and victim MS  so that the serving network authenticate the target user and hence allow to set up the call. Here in this case encryption is not enabled. Finally attacker seizes the connection and uses it to answer all the incoming call . For outgoing call attacker just appear between genuine network and victim MS and modifies the entire signaling element in such a way where network believe that victim MS wants to make a call setup. Again the encryption is not enabled by network . Finally attacker disconnects the connection between victim MS and network and uses this connection to make call.
2 Leakage of information
With sufficient base station functionality attacker may listen, intercept, spoof, replay and relay any signaling information between the target user and genuine network. With this features attacker may be able to leak out any confidential information or conversation either by simply listening the traffic pattern or by seizing the confidential text messages or simply hijacking the incoming and outgoing call.
Impersonating as genuine user to true network
This is accomplished by attacker after he is able to decrypt secret key Ki used for authentication. With a complete knowledge of secret key Ki attacker have physical access to SIM whereby he may impersonate as a legitimate user to network. Here in this case network cannot identify that the fake user is impersonating and hence deliver all the services offered by the system. One of the consequences brought by this threat is repudiation.
After having a physical access to SIM attacker may make any call as network provides this service. Moreover all the call made by an attacker is stored on network database which also include all the billing information regarding the call. The true user in this case refuses to pay the bill for the call which he had not made but attacker has made through his SIM. This is one of the threats which can create a conflict between user and GSM service provider and hence called repudiation.
Traffic analysis involves observing of traffic pattern sent through air interface. It also include analysis of signaling parameter like rate at which the information is sent, time length of particular information and source and destination address of receiver and sender. Such analysis helps an eavesdropper to replay, spoof, intercept and relay any signaling element between user and network.
Threats to anonymity
Anonymity generally refers to hiding the identity of user to intruder. However two of the threats found in GSM system for anonymity is active identity caching and passive identity caching.
1 Active identity caching
This is the case where attacker with sufficient base station functionality may forces the user to camp on his BTS and then ask for victim MS to send his IMSI and TMSI value in clear text. This is generally done by attacker by saying there is conflict in victim MS TMSI due to database failure or by forcing victim for new registration . IMSI and TMSI is used for call originating and location updating and with complete knowledge of these parameters attacker is able to trace the location of victims and hence also can cache identity of victim MS.
2 Passive identity caching
This is the case where attacker waits for data base failure of network whereby network demands for IMSI and TMSI value in clear text. Here in this case attacker can cache the IMSI and TMSI value of victim MS as it is in clear text without any difficulty and hence can cache the identity of victim MS .