This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
By the advent of wireless communication, communication becomes much easier and feasible. The mobile subscribers increasing day by day. The emerged new technologies has a lot of common characteristics with the traditional wired networks such as PSTN. This pave the way to entry many security problems in wireless communication. In other words risk in wireless technology is equal or more to the sum of security issues in wired links. This includes the the limitation of mobile and communication ambience. Architecture weakness, client requirements, weakness of provided services emerging of hacking techniques and hackers. The GSM ,world's largest mobile telephony system does not provide end to end security. This includes lack of traffic confidentiality to its subscribers .this system fails to ensure the security to users conversation and data transmission. .The weakest part of the system is the radio channel where it was easily intercepted.
What are the securities available in a GSM architecture? The GSM offers some security such as authentication, anonymity, signalling protection and user data protection. Authentication offers ,who is using the system for correct billing purpose ,while the Anonymity offers difficult to identify the users of the system, that means anonymity of user identity Signalling protection offers protection of sensitive information in radio channel such as telephone numbers. user data protection offers data which is passed over a radio channel. The objective of security of the gsm systems are to make the system as secure as the wired networks like PSTN. But In GSM networks, encryption is done only between the radio link between the mobile terminal and the base station whereas the rest of the network transmits the data in clear-text. Radio link confidentiality in GSM is not sufficient to maintain end-to-end security .As a result many security issues are in GSM. This paper converges all the security issues briefly and completily, and also discuss the solutions too
Security Provided in GSM?
Authentication - It can be done with the rub shoulder working of SIM card and ME(Mobile equipment). A SIM card is a subscriber identity module which is a smart card includes the GSM application .this is a criptogrophiocal smart card so it contains inherent security function in its operating system and hardware.it contains all the details of the subscribers .IMSI (International Mobile Subscriber Identity)and Ki (Individual subscriber authentication key) which is 128b bit random number is the root cryptography key used for generating session key is stored in every SIM
Ki is highly protected and its also known to authenticaytion center in the network operator.the phone itself cannot extract the Ki and moreover the A3 and A8 algorithems are used for the authentication . these algorithms can varies with the network operators.the IMSI and the Ki generates a 128 bits random number called RAND .this operation is happens in both the SIM and AuC .the random number generates by the above action is again combines with the A3 and forms SRES both SRES generated in AuC and SIM are in equal then only the GSM call authenticated.
After the successful completion of the authentication the SIM and AuC tries to generate the cipher key with A8 algorithm and generate Kc . After the Kc generates it is stored in the SIM and it is readable by the phone. Further encryption will take place by the A5 family algorithm. First the mobile station sends its security capable to the network with that the network decide which algorithm it select like A5/0 A5/1 A5/2 A5/3.
Anonymity/Confidentiality .it means the subscriber identity confidentiality. It can be achieved by TMSI (temperory mobile subscriber identity).to restrict the mobile traffic intercepter we use TMSI insted of IMSI.The MS uses its IMSI for the first time of registration. The IMSI is then authenticated by PLMN.after that VLR generates the TMSI with respect to IMSI.after hand over to the next VLR and re authenticated to the same VLR.the PSTN always send the new TMSI.
SIM as a Security Module
The main security task of SIM is Key distribution, authentication and cipher key generation. SIM is a smartcard. Technically the SIM only required at the start of a call , The ME passes the RAND received from the VLR to the SIM. Then SIM passes its Ki value and the received RAND through algorithm(s) A3/8. The resulting SRES produced by the SIM is passed back to the ME and then to the VLR, that verify if the SIM claimed identity can be authenticated. If the SIM is authenticated, the VLR passes Kc to serving BS. Then SIM passes Kc to the ME and as a result the BS and the ME can begin ciphering communication using Kc and the A5 algorithm
Security risk of Unautherised access
However The GSM provides these all securities for their clients,the system is subjected to unautherised access .as we think about this,we can clearly say that, there is Client side and Network side
A)Security risk in client side
Attacks on SIM
Now a days stealing a mobile and SIM is very common or lost mobile or lost SIM also affect the privacy and security. It is possible to steal the SIM and use it with other mobiles and tracks the data and the numbers which is stored in the SIM. SIM contains the private numbers some-times the bank details, passwords ,credit card numbers and so on.so an unautherised person can use these all data.to avoid these GSM provides security , SIM itself can be protected by the PIN (personal Identification Number) and PUK(Pin UnlocK). This feature is optional.each user is requested to enter the PIN till the feature is deactivated by the user. After three invalid attempts the SIM locks out the PIN, and the PUK (PIN UnlocK) is then requested. If the PUK is also incorrectly entered for a ten times the SIM refuses local accesses to its privileged information and authentication functions, and makes itself useless.. The PIN and PUK helps to protect from the unautherised usage of SIM .
The another attack on SIM card are known as optical fault induction revealed by Andresn  The research reavels that the operation of the smart card processor can be interrupted by exposed to an electric camera flash bulb, with a camera flashgun and a microscope. A target transistor is conducted by illuminating it, there by inducing a transient fault. Now by scratching the protective coating of the SIM micro processor circuit and focusing the flash light through a micro scope , one can access memory address map and extract the secret data of IMSI and ki. But In GSM a call must close if the SIM is removed from the ME during a call to avoid parallel calls using a unique SIM (i.e., a stolen SIM).
Attacks on Mobile
Now a days mobiles are the attractive devices to steal.the stolen one can be used by the autherizer valid SIM,because the subscription and authentication is only possible with SIM.To avoid this the gsm offers a IMEI(International Mobile Equipment Identifier).The IMEI is differ with different Mobile equipment. Each network operators have a register to keep the IMEI that register is called EIR (Equipment Identity Register).This register have black list that contain the stolen or non approved mobile type and a white list contain valid mobile and also the gray list contain the mobile needs tracking.the procedure is that the black list mobile IMEI can be shared to all other operaters.all operators are able to give the black list to the CEIR(central equipment identity register).the CEIR realse that to the mobile manufactures.the manufactures inform the CEIR when the listed mobile release the market.thus we can barred the stolen and invalid mobiles
B) Security risk in Network side
Attacks on A5 algorithms
It was based on the solution of linear equations Goldberg et al.  presented attack that requires only two known-plaintext data frames which are about 6 seconds apart. They showed that difference of the output bits of these two frames can be expressed as a linear function of the internal state of the first frame. To recover the initial state of the first frame, the attacker has to solve a linear system of equations for every possible state of register until solution is found. By reversing the algorithm, secret key Kc can be recovered from the initial internal state. The cipher-text-only attack requires only a few milliseconds of encrypted voice traffic (4 frames) to be passively intercepted by the attacker in order to allow the recovery of the corresponding encryption key Kc within less than a second. The attack works because encryption is applied after error correction. This leads to known linear relationships between the plain-text bits to be encrypted.
Attacks by false base station
The GSM systems provide only one way authentication that means only the ME and BS and BS not authenticated not ME.this helps the attackers to attack by a false base station.we know that ciphering of a call is not started automatically it will happens only by getting the instruction from the BS. This instruction from BS to ME can be manipulate as' not start ciphering' command by the intruder.Now the false BS act as an ME and set up a call to the orginal BS with encrypted call so the PLMN cannot identified this attack.the intruder can heared the data from the orginal ME because it is not encrypted. It can find out later by checking the itemized bill.
Attacks on A3/A8 Algorithms
Many of the network operators use the comp128,a new version of A3/A8 algorithms,which have a drawback. We can easily access the Ki from the RAND and the SRES. Wagnner and Gold berg claimed this in 1998 that they had cracked comp128 algorithm.The simple way is SIM card i s connected to the pc emulator they provide 160000 RAND to the SIM and receive the SRES.but the SIM card has a very slow clock rate so it will nearly take 10 hrs to complete this process.thus the attacker can find the Ki and decrypt the message or data.