Practical Solutions To The Gsm Security Flaws Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This paper presents a summary research on the security of GSM network. At the beginning, it overviewed the current GSM security system, followed by a review of the flaws or weaknesses of GSM security. Focusing on these problems, there are several practical solutions in this area for further implementations, including encryption/decryption and algorithms. At the end, the conclusion presented briefly the future of the GSM network security.

1 Introduction


GSM (Global System for Mobile communication) is a digital mobile telephony system that first introduced to Europe in 1991 and migrated to other continents at the end of 1997, including more than 100 countries [1]. The numbers of mobile users, at the beginning of 2007, reached to 2.83 billion in the whole world. It was even more miraculous that 2.28 billion people (i.e. 80.5%) were using the Global Service for Mobile communications (GSM) [2]. In recent years, with the greatest worldwide number of users, the GSM network is facing majority of security problems such as lack of user visibility, difficult to upgrade the cryptographic mechanisms, untrusted terminal identity.

1.2 Overview of current GSM security

At the first, M. Seify and S. Bijanni suggested that operators should understand the overview of current GSM threat and analysis standards on GSM security. It has been reported in their paper "A Methodology for Mobile Network Security Risk Management" [3]. Analyzing the risk of GSM flaws and weaknesses is the important way to control risks and after that take effective actions to protect GSM security. The key research in the field gives a good overview of the problem, describes the main methods and how they can be performed as the defense techniques at the time.

2 Flaws of GSM security

The important threat of GSM network is that the wireless communications are opened to everybody. Both individuals and businesses would be hacked completely because the GSM flaws are massive. Today the threat is available for anyone by cracking standard GSM encryption (known as A5/1), listening user's talk and obtaining personal data [19]. GSM engineers made great effort to prevent attacks by using amount of techniques such as A3/A8 algorithms or A5 algorithms [14]. But each of methods has flaws in implementation. Some practical methods have weaknesses to be used by hackers.

A lot of research has been performed to state these flaws in systems like the above. One of the best papers on this was written by M. Toorani. He has presented some current problems of GSM security in his paper "Solutions to the GSM Security Weaknesses"[5],which including the man-in-the-middle attack, flaws in implementation of A3/A8 algorithms, SIM card cloning, over-the air cracking, flaws in cryptographic algorithms and short range of protection, leaking the user anonymity. Other main papers on this view are provided by B. P. Drahansky [6] and S. M. Siddique, M. Amir[7] , including the weakness of GSM Security such as A3 and A8 Algorithms, Algorithm A5, Attacks on the A5/2, Attacks on the A5/1 [20] and Authentication[13].

3 Solutions to the GSM security weaknesses

Recently, M. Toorani [5], B. Kasimand and L. Ertaul [10] discussed that there are several protocols can solve these problems such as using secure algorithms for A3/A8 implementations to resist the dangerous SIM card cloning attack, using secure ciphering algorithms to improve the safety of GSM consortium and modify the authentication protocols, securing the backbone traffic to prevent eavesdrop from the hacker or modify the transmitted information, and end-to-end security that provided in the cellular systems.

In addition, end-to-end encryption (E2EE) [11] is given by P. Bouska and M. Drahansky, which E2EE encrypts sensitive data securely that travels over the vulnerable channels to its application server where it can be decrypted. The sensitive data may include user ID, pin number, debit card information, etc. They entered via the public network (e.g. browser) and be processed or stored in the database when reached the application server [6]. The benefits of the E2EE module can cover the shortage of GSM security. Only a small sensitive data need to be encrypted during transmission which can faster response and CPU processing. In addition, users download will be fast because the file size is very small. Furthermore, there is no need to buy SSL certificates [20].

Authentication [21] and radio link [22] are two methods of GSM security algorithms. A3, A5 and A8 are the three different algorithms used by GSM security. In fact, operators often use A3 and A8 together in SIM (Subscriber Identity Module) card [9] and Authentication Centers implementation. A3/A8 algorithm is considered a main voice and data traffic encryption for user's operations [18].A5 algorithm is used in between the handset and the base station subsystem [23] to scramble voice and data traffic [4]. All of these technologies are used in the implementation of GSM security to protect the threat from hacking.

GSM Encryption Algorithms [16] have been described by M.D. Owing to A5 Algorism was leaked to the network, GSM Encryption algorithms [12] have been developed to analyzing the available information [8].

4 Conclusions

This literature search reviews the recent research about GSM security and overviews the flaws and also presents some practical solutions to improve the security of currently GSM network. GSM provides many measures of security features to protect both users and operators. With the threat of GSM network and technology change, the solutions should be updated to ensure GSM security. The paper suggests that security issue is a crucial part of the GSM network. Then technologies are used in algorithms and help the operators increasing a confidentiality, integrity, availability, accountability, authenticity and reliability of GSM system.