This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In our research we basically concentrate on the three aspect of security namely authentication, confidentiality and anonymity. Since GSM is the most widely used mobile standard, it has its own security mechanism. Our research starts with brief description of GSM architecture followed by security mechanism in terms of authentication, confidentiality and anonymity. These mechanisms are crucial in the system because GSM requires providing security over subscriber authentication, privacy over user information and identity. The later part of the research is focused on the attacks and threats in the system based on mentioned three aspect of security.
The GSM stands for the Global system for mobile communication which is most widely used cellular technology in the world. The GSM subscriber is at propensity day by day. The approximately user of GSM are around 4 billion predominantly facilitated by voice and SMS services , . Likewise other system it also has a security mechanism. Though different security mechanism and polices has been inbuilt in the system, it is still vulnerable to different types of threats and attacks.
The GSM security mechanisms mainly focus on authentication, confidentiality and anonymity. Beside these security mechanisms also involves SIM protection, secure application layer, transparency and trust issue . Authentication in security mechanism deals with the protection against unauthorized access using secure algorithm. In GSM system it is challenge-response type of authentication . An authentication process uses algorithms and secret keys that are incorporated in SIM and Authentication centre (AuC). Attacks on authentication mechanism are possible due to weakness in algorithms.
Confidentiality means prevention from intruder and mainly relies on encryption and decryption algorithm involved. In the system, confidentiality mainly accounts for avoiding an intruder for identifying a subscriber on radio path by controlling the signaling exchanges and so called user identification confidentiality. Confidentiality generally suffers from eavesdropping, masquerading, traffic analysis, browsing leakage and inference .
Anonymity mechanism is applied to discourage availability of real identification of the user to the attackers. The real identity of the subscriber is IMSI which is stored in the SIM. In GSM network TMSI is used as an abstraction of real identity. But of some optional cases real identity is transferred in the air interface which may be advantage for the attackers.
In the past, the algorithm and encryption used in GSM technology is said to be secure. However nowadays with development in the technology, it is possible to make many attacks. The weakness found mostly in the algorithm used in authentication and the encryption used to communicate data, challenging security mechanism of GSM.
During the work on this research we will present the existing attacks and threats that sustain in three major aspect of GSM security namely authentication, confidentiality and anonymity.
1.2. Research Question
What are the threats and attacks that exist in GSM technology with respect to the three aspect of GSM security mechanism namely authentication, confidentiality and anonymity?
The purpose of the report is to include the overview of GSM architecture and detail about the GSM security mechanism. It also focuses on the attacks and threats that can mount in the system based on the three aspects of security mechanism authentication, confidentiality, anonymity. The brief descriptions on them are
Description of GSM architecture and working principle. It will describe the component of GSM and how they are interrelated and work.
Description of GSM security mechanism. All the aspects of the GSM mechanism specially focused on the three aspect of the mechanism namely authentication, confidentiality and anonymity. It also shades light on algorithm, encryption and key management techniques.
Description of existing attacks, vulnerability and threats in the system.
Telecommunication managers and personnel responsible for the design, planning, deployment, and management of GSM networks. 
The main intention of our report is to describe the security mechanism applied in the system and present the attacks and threats that exist in the system. Since GSM technology is complex system with inter related numerous entities, thus it can be intricate to provide the conclusion through the laboratory experiments.
The methodology we apply is qualitative analysis based on purely literature review and the summarization of all the research, article and paper related to the GSM architecture. The conclusion will be drawn based on the analysis and evaluation of the study.
The stepwise description of our methodology is shown below.
Literature search: In this section we are going to search the material related to the subject matter. The books, articles, papers and previous research of GSM technology and security mechanism will be collected and prepared for the next section.
Work and study: In this section we will go through the detail study of the technology, security mechanism and tools used attacks and threats that exist in the system. Further we will make notes on each topic and utilize for the interpretation part.
Interpretation: Here we will interpret the security mechanism, attacks and threats based on authentication, confidentiality and anonymity.
Report: Finally we will assemble all the matter in one report.
The complexity of the GSM technology and limited resources for practical work restricts our research towards literature study followed by analysis based on study rather than on practical experiments.
2 GSM Architecture
"When the acronym GSM was used for the first time in 1982, it stood for Groupe Spéciale Mobile, a committee under the umbrella of Conférence Européenne des Postes et Télécommunication (CEPT), the European standardization organization" [1, p12]. The acronym of GSM changed to Global system for mobile communication in 1991  when the substantial changes were brought into the system and started a public operation.
At present, GSM is the most popular standard in mobile phones and has an estimated 4 billion subscriber around the world . It utilizes the cellular network and is based on frequency reuse concept.
2.2 GSM Network Components
A GSM network consist various functional entities such as Mobile station (MS), subscriber mobile identity, Base transceiver station, base station controller, transcoding and rate adaptation unit, mobile switching controller, home location register, visitor location register and equipment identification register.
FIG: GSM Architecture (Source: http://www.tutorialspoint.com/images/gsm-elements.gif)
Mobile station is handheld portable equipment available in different range of power class and varieties . GSM network can have as many mobile stations as possible. There are many manufactures which manufacture GSM mobile set namely Sony Ericsson, Nokia, Motorola, Samsung etc. Mobile station is facilitated with provision of inserting SIM card.
Subscriber Identity Module (SIM)
SIM card is the identity of the subscriber. It contains the information and algorithm for connecting mobile station to the network. It must be inserted in mobile equipment to function. It provides a unique caller number to subscriber and communicates indirectly with HLR through VLR.
Base Transceiver Station (BTS)
BTS is the medium between BSC and MS which cover all the radio related tasks . It carries voice and data from MS to BSC and vice versa in the Air interface. BSC may contain large no of BTS depending upon the requirement.
Base Station Controller (BSC)
BSC is the controller of all the BTS which is connected via Abis interface. All the central function and control of the BTS is done in BSC. The frequency planning and Location area identification are set in BSC. On the other side it is connected to MSC via A interface. BSC, BTS and TRAU comprise the Base Station Subsystem (BSS).
Transcoding and Rate Adaptation Unit (TRAU)
The effectiveness of GSM is depended upon TRAU . It works as transcoding unit for the compression and decompression of data. Rate adaption unit converse the data rate between BSC and MSC. It is the part of BSS.
Mobile Switching Controller (MSC)
It is the digital exchange which provides the switching of the outgoing and incoming calls. It assigns a user a channel in A interface. A MSC is connected to BSCs which means it is indirectly connected to large number of BTS.
Home Location Register (HLR)
It is a database of the entire subscriber. The GSM network at least should contain one HLR. It also comprises the authentication unit (AuC). HLR stores the information of the subscriber from where the AuC authentication the validity of the user.
Visitor Location Unit (VLR)
VLR is the temporary storage of the information of the user roaming in the particular VLR area. It reduces the load over HLR. As soon as subscriber enters the particular VLR area, HLR stores the temporary information of the subscriber in the VLR register and information is used for future process. The VLR data of the subscriber is remover by HLR as soon as subscriber leaves the particular VLR area.
Equipment Identification registers (EIR)
EIR is brought in existence to control the theft of mobile equipment. Every mobile equipment has unique international mobile equipment identification (IMEI) number which is register in network EIR. With the use of IMEI and EIR, now the mobile equipment can be indentified without considering the IMSI number in the SIM.
3. Security Mechanism
Wireless networks provide free mobility, transmission of signals in open air with low power consuming equipments at user end. As a result, threat, vulnerability and attacks are possible in the network. The GSM network has security mechanism and model to protect against all kind of possible vulnerabilities. The Security parameters are generally based on subscriber identity confidentiality, authentication algorithms and subscriber data integrity and anonymity. Before we deal with security mechanism we need to know the requirement for security in GSM networks.
3.1 Security Requirement in GSM Networks
GSM network comprises of various entities functionally interlinked with each other for the operation. Security requirement is needed to protect the valuable asset of the network which may represent in terms of functionality or physically. Here in this section we are going to present the areas that require protection for which the security mechanism has been implemented in the network. Among various sections, areas of confidentiality, authentication and anonymity are discussed following.
Security Requirement in Authentication
All mobile equipment or SIM module requires authenticating itself to the network. During this process, a there is transfer of message between both. The exchange of keys and responses from both end needs to be protected from attackers to avoid the fraud or infringement. Thus, the GSM network requires a specific security mechanism for authentication.
Security Requirement for Confidentiality
The information related to the user such as IMEI, IMSI, mobile terminating and originating number during the connection requires being protected . There is constant transfer of the information regarding the location of the user and its physical connection. Also the protection is required not only in the radio interface but also in the core network. So it requires specific security mechanism such as ciphering method, key setting and synchronization to gain the confidentiality .
Security Requirement for Anonymity
Anonymity provides Temporary Mobile Subscriber Identity (TMSI) for the user. For every location update it provides new TMSI. This value is required to protect because attacker can trace the TMSI to find the real IMSI of user since TMSI is derived from IMSI. A special security mechanism required to protect anonymity.
3.2 Security Mechanism Implementation
3.2.1 Authentication mechanism
GSM uses challenge response type of authentication . This process involves the initiation by mobile station. A SIM card has algorithm and secret keys which enable a mobile station to connect with the network. The secret key namely Ki is stored in the SIM card and the authentication centre (AuC). The Ki is unique 128 bit key . This secret key is never transmitted and kept secret. The whole process of authentication in GSM is depended upon this secret key. 
The mobile station sends the IMSI as request to the network for authentication. The IMSI broadcasted by MSC is forwarded to the HLR. The AuC associated with HLR stores all the authentication parameter. A new parameter called RAND; a random generated number is created using IMSI and stored secret key Ki. The RAND is 128 bit key. The algorithm namely A3 and A8 is incorporated in both AuC and SIM. A Expected Response key (XRES) 32 bit and a cipher Key (Kc) 64 bit is generated with the help of above algorithms. The XRES verifies whether the SIM can generate the same response and Kc is used for encrypting calls between mobile and base station. 
RAND 128 bit output
128-bit XRES 32 bit and Kc 64 bit
Secret Key Ki
FIG: Algorithm and key used in Authentication
The triplet which consists of RAND, XRES and Kc is generated by AuC and stored in VLR for each subscriber. The MSC sends RAND as a challenge to the mobile station for which it generates RES from RAND and Ki key. This is the response from the mobile station. The response RES and XRES is compared in AuC and for match case the authentication is verified as a success. 
3.2.2 Confidentiality mechanism
Confidentiality mechanism is applied using encryption by means of using A5 and A8 algorithm . This mechanism provides confidentiality over user data, signaling over physical connectionless as well as in connection . In A8 algorithm produces a key stream using cipher key Kc. This key stream is exclusive-or'd bits over radio path. This key is generated using RAND and secret key Ki stored in the SIM using these algorithms A3 and A8. The Kc is the temporary session key issued each time the mobile station is authenticated with the network.
FIG: Encryption used in GSM (Source: www.brookson.com/gsm/gsmdoc.pdf)
The synchronization between mobile station and base station is crucial for the algorithm. In GSM the time division multiplexing is used to allocate user in the radio interface. At a time at most eight users can share the time slot in every frame. For a single frame number 228 bits of user information is transferred between base station and mobile which requires to be encrypted. The algorithm generated session key Kc, 64 bit long key is used by A5 algorithm along with the frame number to produce 228 bit of key stream. This stream is used to encrypt the uplink and downlink frames.
3.2.3 Anonymity mechanism
Anonymity is provided by using TMSI . TMSI is temporary mobile subscriber identity that provided the substitute identity to the user providing privacy over the radio interface. When the mobile subscriber first turns its mobile on, it sends real identity IMSI to the network. The network after authenticating issues TMSI in VLR for each subscriber. The TMSI is send to mobile station enciphered under a session key Kc. This issues TMSI is used in future operation until subscriber proceed for another location update.
TMSI is applicable in location area. Each time the subscriber enters the different location area, it need to update its location area identity. Again at this case VLR issues new TMSI for the subscriber. As a result anonymity to the subscriber changes frequently. But a major drawback is that if VLR is unable to decode the TMSI it asks for IMSI from the subscriber and also at mobile authentication process subscriber first sends IMSI to the network. This may be advantage to the attackers.
4. Attacks on GSM network
Threats when comes to an action or existence becomes attacks. GSM being widely used technology suffers from various attacks. Generally attacks are performed in air interface in GSM networks. Some of the attacks based on authentication, confidentiality and anonymity are described below.
4.1 Attacks on Authentication
The authentication procedure is a verification mechanism of the subscriber by the system through challenge response protocol. The authentication mechanism is based on the secret key and random numbers generated in SIM and core network so attacks such as physical access attacks on SIM and cloning attacks in air interface are possible which are described below.
Physical access to SIM card
The authentication procedure in GSM network is solely based on secrecy of Secret key Ki. This key is located in the SIM and AuC but is never transmitted in the air interface. The algorithm A3 is used to produce expected response (XRES) of 32 bit and algorithm A8 is used to produce cipher key Kc. Both algorithms take input as 128 bit RAND and 128 bit secret key Ki. If we implement both algorithm since it takes same input a new algorithm is developed called COMP128. This algorithm was not released in public but was revealed by reverse engineering in 1997. Since then there has been possibility of attacking the authentication mechanism of GSM network. COMP128 algorithm is based on butterfly structure compression function . There are all together five round of compression and in each round different bit of values are substituted. Each level contain 2 9-I (8-1) bit values.
Most of the attacks on GSM SIM cards are done by crypto analytical attack on COMP128 algorithm. As mentioned GSM has challenge response type authentication. The attack is done by forming a number of specifically chosen challenges to the SIM module and analyzing the return responses . The return responses help the attacker to identify the secret key Ki. This is possible due to weakness in diffusion of second level in the compression function of algorithm. The hash function in the output is dependent in the hash function used in the input. With selection of stronger hash function this attack can be opposed .
Cloning in Air
This is another kind of attack to system where an attacker gains control on some part of the system. Here in our case an attacker may impersonate as network to MS or MS to network thereby gaining control between MS and network. After gaining the control an attacker may intercept, replay, spoof and temper the data between two parties communicating on the same network. Again the possibilities of modification on BTS and MS can lead to severe attacks. BTS transmits dummy burst through broad casting channel (BCCH) so that MS can find its serving cell. This BCCH contains important information like identity of network, cell identity, and channel in use and protocols in details . After capturing the victim MS and with the help of fake BTS an attacker may force the victim MS to use fake BTS BCCH by providing higher power levels than that of legitimate BTS and hence gain control over the system information provided to MS and even the destination address of message outgoing from this MS . Thus the attacker can contaminate the communication between two parties and hence can also prevent the user to use service provided by system.
4.2 Attacks on Confidentiality
The confidentiality mechanism uses A5 algorithm with cipher key Kc for the encryption of data. The cipher key is produced from COMP 128 algorithm (A3 and A8). Since the cipher key being 64 bit only, which is short in length, is vulnerable to crypto analytical attacks.
Attack on encryption algorithm (A5)
Attack to A5 algorithm was first conducted by Alex Biryukov and Shamir but later enhanced by Wagner . The conversation between users on GSM system is protected by A5 stream cipher. Two version of A5 algorithm called A5\1 and A5\2 are generally designed for the system. A5\1 is a stronger version used by 150 million people over the Europe . Attacks performed on such algorithm are generally crypto analytical which are generally of two types.
Brute force attack
Cipher key Kc is responsible for confidentiality features in GSM. An attacker must have complete knowledge of Kc in order to perform attack. The cipher key Kc is 64 bit but the last ten bit set to zero which reduces the key space from 264 to 254. If we have Pentium III chip with 20 million transistor and a clock speed of 600MHZ the corresponding cipher key can be generated in 250 hours. The only thing we need is to generate 100+114+114 out bits for each clock cycle so that we can try 2M keys per second per A5\1 implementation. However use of multiple chips saves the time efficiently. 
Recognizable plaintext attack
This technique relatively eases the processing speed for attacker as the key size reduces from 254 to245. Here an attacker first tries to determine LFSR initial state from key stream sequence that is known. Now with a little knowledge of cipher text of corresponding plain text attacker can retrieve 64 successive key stream bits. Since GSM frame contains lots of constant information for example frame header an attacker may use this constant information as known plaintext in order to perform attack. Generally out of 64 bits 32 to48 bits are known. More precisely divide and conquer attack holds its implementation by guessing the content of two shorter LFSR and then performing attack on third LFSR from known key stream. Here the clocking of two register is also the important facto to be noticed by an attacker because if the clocking of two register are dependent than key size reduces to 2^40. But if they are not dependent then guessing it is an alternative means which correspondingly increases the key size from 240 to245. 
4.3 Attacks on anonymity:
Anonymity features in GSM provides the privacy of the user identity. The attacks on this mechanism are done to seize the user real identity which may be the location or the user information.
Attacks on location privacy
Passive attack to location privacy
The location updating request is send by a mobile subscriber by sending its international mobile subscriber identity stored in SIM. This IMSI value is sent in clear by mobile subscriber through radio link. Also the IMSI value is not registered in network. Traffic analysis can help attacker to identify this IMSI value and hence also can register that user to current area. Though the system seems to be computationally secure with the implementation of temporary mobile subscriber identity (TMSI) but still a backdoor appears to be open for attacker. When the failure of database exists the IMSI request is send by MS where attacker can perform his task. Though such type of attacks seems to be impractical and inefficient but possibilities of such attack cannot be ignored .
Active attack on location privacy
In order to perform such attack an attacker need to communicate with victim mobile subscriber. Also the attacker should be empowered with base station functionality. Consider an identification procedure where attacker can ignite his attacking procedure. Here network transmit identity request to mobile subscriber so that MS can transmit identification parameter in order to start identification procedure.
Identification parameter may be assigned with identity type information element which consists of IMEI, IMSI, and TMSI where the network may request to select one element . Now with sufficient base station functionality attacker is able to communicate with victims MS and hence can retrieve victims IMSI with the use of identification procedure. The next challenge for attacker is to get victims TMSI so that an attacker is able to determine victim's movement. Since TMSI is transferred with encryption enabled the next step for attacker is to either decrypt it or to suppress the encryption. With base station functionality the most preferable idea is to suppress encryption by creating a situation such that the communicating parties believe that the encryption standards between them are incompatible . Now after capturing the required IMSI and TMSI an attacker is able to perform desired attack.
4.4 Denial of service attack
By name itself denial of service attack refers to an attack done by an attacker so that a legitimate user is unable to use the resources offered by system or the system being unable to communicate with its legitimate clients. In order to perform such attack an attacker may reside in network side or client side or in between network and client. GSM system offers communication facilities before authentication whereby network provides valuable resources to unauthenticated client. This feature offers an attacker to attack the system. Let`s illustrate the case with example for this consider a case where preliminary part of mobile call is being originated.
Following steps are performed :
Control channel request is send by MS through air interface to BSC.
Channel request message is first decoded by BTS and then compute timing advance and thereby transmits complete information to BSC by a channel required message.
In response to this BSC communicate to BTS by providing channel active message where channel number and channel type are included.
In response to this BTS delivers channel active acknowledge message to BSC.
In response to this the BSC send the immediate assignment message to BTS from where BSC informs MS about allocated channel.
From here BSC allocates the signaling channel to MS which is not authenticated yet. The MS now is responsible to comply with remaining protocol. Which shows flaws on design as the design relies on assumption that MS will faithfully follow the remaining step of protocol. An attacker may repeat the above step and may request for signaling channels. Again the number of signaling channels are limited so when such operation are performed by attacker the legitimate MS request for channel may be denied due to lack of channel available. Moreover if the network demands for authentication of MS by asking IMEI number or power level of its neighboring cell the security scheme in this case still seems to be futile. This is because an attacker can perform attack by sending false value of power level and creating IMEI number from a precompiled list since attacker MS has control over this parameter. However detection of such attack is still irrelevant because isolation of attacker request is difficult as complete and accurate space localization of individual MS is not possible. 
5. Threats to GSM network
5.1 Threats to Authentication
Authentication perform in GSM system is unilateral. The network presents a challenge response protocol in order to authenticate the user; however there is no provision for user to authenticate the network . This gives attacker chance to impersonate as a network there by eavesdropping the data sent by victim MS over the air interface. More precisely the possibilities of false BTS help an eavesdropper to intercept the secret key Ki which is responsible for authentication algorithm. This is generally done by providing a challenge to the victim MS and then recording the response and finally applying crypto analytical attack . Now after decrypting the secret key Ki eavesdropper is able to get physical access to SIM there by impersonating to network as a legitimate user.
Again due to lack of mutual authentication there is chance for an attacker to impersonate as a legitimate network to user. Moreover after capturing the victim secret key Ki used for authentication attacker can impersonate as a legitimate user to network. Thus two cases of impersonation are generally found in the system.
Impersonating as a legitimate network to user
This kind of threat exists in the system due to flaw present in design of authentication algorithm i.e. one way authentication. The first step done by attacker is to captures the victim MS. In next steps an attacker forces user to use fake BTS BCCH by providing the higher power level than that of original BTS . Finally attacker replay and relay the signaling information so that the victim trust that the signaling information had arrived from genuine network .
Consequences of impersonating as a network to user
Hijacking of incoming and outgoing call
With sufficient base station functionality and after capturing the victim MS it is easier for an attacker to hijack both incoming and outgoing call. Again hijacking of incoming and outgoing call can be done with either enabled encryption or by disabling the encryption. In the former case attacker makes an attempt to suppress the encryption . Suppression of encryption is done generally at a instant of call set up where attacker with false BTS reconstruct the ciphering mode of MS and hence making an incompatible encryption standard between genuine network and MS . In later case for incoming call first attacker call the target user and in next step sits passively i.e. attacker simply act as relay between genuine network and victim MS  so that the serving network authenticate the target user and hence allow to set up the call. Here in this case encryption is not enabled. Finally attacker seizes the connection and uses it to answer all the incoming call . For outgoing call attacker just appear between genuine network and victim MS and modifies the entire signaling element in such a way where network believe that victim MS wants to make a call setup. Again the encryption is not enabled by network . Finally attacker disconnects the connection between victim MS and network and uses this connection to make call.
Leakage of information
With sufficient base station functionality attacker may listen, intercept, spoof, replay and relay any signaling information between the target user and genuine network. With this features attacker may be able to leak out any confidential information or conversation either by simply listening the traffic pattern or by seizing the confidential text messages or simply hijacking the incoming and outgoing call.
Impersonating as genuine user to true network
This is accomplished by attacker after he is able to decrypt secret key Ki used for authentication. With a complete knowledge of secret key Ki attacker have physical access to SIM whereby he may impersonate as a legitimate user to network. Here in this case network cannot identify that the fake user is impersonating and hence deliver all the services offered by the system. One of the consequences brought by this threat is repudiation.
After having a physical access to SIM attacker may make any call as network provides this service. Moreover all the call made by an attacker is stored on network database which also include all the billing information regarding the call. The true user in this case refuses to pay the bill for the call which he had not made but attacker has made through his SIM. This is one of the threats which can create a conflict between user and GSM service provider and hence called repudiation.
Traffic analysis involves observing of traffic pattern sent through air interface. It also include analysis of signaling parameter like rate at which the information is sent, time length of particular information and source and destination address of receiver and sender. Such analysis helps an eavesdropper to replay, spoof, intercept and relay any signaling element between user and network.
5.2 Threats to Confidentiality
Confidentiality in GSM system generally encounters for secure transmission of voice and text services offered by system. For this the system greatly relies on encryption and decryption algorithm designed for the system. A5 algorithm is responsible for encryption and decryption of voice and text services. A5 is a stream cipher which has undergone through revolutionary changes periodically with time i.e. A5/1, A5/2, and A5/3. More specifically the mostly used algorithm for secure transmission of voice and text is A5/1 . However eavesdropping is still the existing threat. Eavesdropping include listening of voice and text over the air interface in order to perform active and passive attack. Eavesdropping to confidentiality algorithm is generally accomplished by collecting the cipher text stream along with associated plaintext stream through air interface. In order to do this attacker first need to make a call with victim MS. The next step attacker follows is to record the RAND (one of entity that is used for challenge response protocol for authentication algorithm) which is used to install cipher key Kc. Again the attacker also records the parameter i.e. cipher text stream exchanged between MS and BTS and the corresponding frame number on uplink and downlink . Recording is generally accomplished by performing traffic analysis. Again the legitimate call is made by attacker to victim MS it is easier for attacker to record unencrypted plaintext. After collecting the cipher text attacker now recover the pseudorandom bit from corresponding frame and finally recover the entire stream with associated RAND .
Challenge offer by Network
RANDVICTIM MS GSM network ATTACKER MS
Call set up by attacker MS
Record cipher text plaintext and RAND
Authenticated set up Kc from RAND Message Encrypted with Kc
BLOCK=MFN XORED CFN
Fig: eavesdropping to algorithm A5 without breaking encryption (Source: Sarvar Patel, Eavesdropping without breaking the GSM encryption algorithm, Lucent Technologies Inc., Beijing, China, May 2004)
Where CFN is a cipher text block created in uplink and MFN is message associated with corresponding frame number.
Consequences of eavesdropping
Modification of text message sent over radio link
After collecting unencrypted plain text, cipher text exchange between MS and BTS and the corresponding frame number it is easy for an eavesdropper to retrieve a BLOCK associated with RAND as describe above. It is genuine that whenever the user sends SMS it is encrypted with corresponding cipher key KC. However in this case an eavesdropper is able to decrypt the message sent over air interface with the help of parameter that he had collected . Now by then an attacker can modify message. Again the system does not offer any provision for MAC value or hash function for user in order to be sure that the message is not tempered in the middle by any intruder. Hence alteration or modification of message is still the existing threat for system.
Spoofing of message
With a general idea of a captured BLOCK value an eavesdropper can modify any SMS arriving from any address and then send it to any MS. The MS then decrypt the message and trust that it had arrived from legitimate source .
This type of threat generally occurs when an intruder jam the network traffic and prevent user or network to access any data . The malicious user may request for channel and the system accept the channel request of malicious user which is not yet authenticated which is generally found in case of preliminary part of mobile call origination, the malicious user may repeats the step over and over there by jamming the channel for legitimate user since the number of channel available is limited for the system. This is generally the case associated with DOS attack.
This is generally done by overloading the service whereby attacker prevent user to access the services offered by system . Overloading is generally done by excessive use of resources for example excessive channel request, excessive use of services like SMS voice etc. Moreover Attacker can send the void information in same frequency as that of BTS which as a result can cause resource blocking to the user. Again an attacker may send a fake IMSI detach request to network . The net result is that user does not get any access to network paging request .
Levity in profession:
5.3 Threats to Anonymity
Anonymity generally refers to hiding the identity of user to intruder. However two of the threats found in GSM system for anonymity is active identity catching and passive identity catching.
Active identity catching
This is the case where attacker with sufficient base station functionality may forces the user to camp on his BTS and then ask for victim MS to send his IMSI and TMSI value in clear text. This is generally done by attacker by saying there is conflict in victim MS TMSI due to database failure or by forcing victim for new registration . IMSI and TMSI is used for call originating and location updating and with complete knowledge of these parameters attacker is able to trace the location of victims and hence also can catch identity of victim MS.
Passive identity catching
This is the case where attacker waits for data base failure of network whereby network demands for IMSI and TMSI value in clear text. Here in this case attacker can catch the IMSI and TMSI value of victim MS as it is in clear text without any difficulty and hence can catch the identity of victim MS .
6. Conclusion, Discussion and Future Work
The security mechanism of the GSM is based on the algorithm and secret keys. Many of the attacks are done due to weakness in the algorithm. Many proposition for breaking these algorithm are published. In authentication mechanism use of algorithm like A3, A8 and COMP128 are successfully been cracked. Another target is done over voice conversation. For this algorithm A5 is used for securing confidentiality. The new version of A5 algorithm like A5/1 and A5/2 are also been successfully cracked. In case of anonymity, real identity IMSI is concealed by using TMSI. But in some cases such as network request mobile station to transmit IMSI at the first step in authentication process and also in case of error transmission of TMSI, IMSI is transmitted. This could be advantage to the attacker. Most of the security mechanisms are limited to radio interface and in the core network operator is able to reveal the confidential information of the user easily. There is also need of security expert in the network itself.
However measures have been taken to counter the attacks. The GSM has recently implemented A5/3 algorithm for confidentiality and for authentication process new version of A3 and A8 algorithm has come to a use. The authentication process in the GSM in one way and is done by the subscriber only. The security mechanism will be stronger if the mutual authentication is implemented. DOS attack can be avoided by applying more sophisticated authentication procedure in preliminary part of mobile originated call. Implementation of trusted third party can avoid the problem in anonymity mechanism.
Finally, with change of time and technology the threats and attacks periodically changes, so the system also requires changing its mechanism periodically.
This research provides the general overview of GSM security focusing on the three main aspects namely authentication, confidentiality and anonymity. We have begin our report with a short background of GSM architecture and followed by security mechanism, attacks and threats. Security mechanism applied in GSM for authentication operates using algorithm A3 and A8 which requires secret key stored and random number generated in the SIM and network. The confidentially mechanism does the encryption of the information and data that flow between user and the network which also uses A5 algorithm using secret key. Finally for anonymity, GSM system has applied a temporary mobile subscriber identity to abstract the real identity of the user.
Throughout the study, we found that attack and threats are done after analyzing the weakness found in the mechanism especially in the algorithms and encryption techniques. Attack and threat in the authentication mechanism is performed by crypto analytical process over the algorithm and also due to unilateral authentication in the network. False BTS, impersonation and eavesdropping are possible due to the later part. In confidential section, again the attack and threats are done over encryption algorithm. The encryption is done using secret keys and random values which once known to attacker can perform various activities. However addition of Hash value or MAC protection mechanism could have changed the situation. In anonymity, concept of TMSI is remarkable but the application is not uniform in every procedure and section of the network. TMSI is used in between BTS and MS, and for emergency case and initial the real identity IMSI is used.
Overall study has shown that GSM network is not completely secured technology however with the GSM developers are introducing new features and other sophisticated mechanism in their further developments.
6.3 Future Work
The more work can be done in practical scenario. The further research can be conducted in one of the GSM operator and taking interviews with the security operators of the system. From this we would be aware of the exact implementation of the security mechanism and the actual occurred problem in the security system. Moreover we can relate the theoretical aspect of attacks and threats in the real practical scenario.
More research can be conducted on the implementation of new security mechanism developed by GSM developers in third and fourth generation technology and compare whether these attacks and threat still exist.