1 / 14

GSM Security and Encryption

GSM Security and Encryption. Written by : David Margrave George Mason University Presented by : Halah Hassan Auckland University. “The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available…”.

ernestsaunders
Download Presentation

GSM Security and Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GSM Security and Encryption Written by: David Margrave George Mason University Presented by: Halah Hassan Auckland University

  2. “The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available…”

  3. Presentation Layout • Introduction: • GSM system vs analogue-based system. • Cryptography: • Symmetric algorithms. • One-way hash function. • GSM Security Features: • Authentication • Signaling and data confidentiality. • Subscribers identity confidentiality. • GSM Cloning • Update- new informationabout GSM system from new articles that have been released. • Conclusion

  4. Introduction • GSM – Group Special Mobile • The enhanced features of GSM over older analogue-based systems are : • Mobility • High capacity • Security • Service

  5. Cryptography • Symmetric algorithm • Encryption and decryption use the same key. • C = Ex (P) P = Dx (C) P = Dx (Ex (P)) Where: C=cipher text P=plaintext E=encryption D=decryption x=key • GSM doesn’t use public key algorithm.

  6. Cryptography • One-Way Hash Functions • A number is generated from a string of text. • Number is smaller than text. • Encrypts both the hash and message. • Decrypts the message and hash, and computes the hash of the original message again. • If both the send and computed hash values are the same then the receiver can be sure that the message was not tampered with.

  7. GSM Security Features • Security features in the GSM network • SIM & AUC : A8, A3, Ki – individual authentication key, IMSI - international mobile subscriber identity SIM : Subscriber identity module. AUC: Authentication centre. A5, TSMI/IMSI/kc A3, A8, IMSI, Ki AUC A5 SIM RAND, SERS, kc HLR MSC MS RAND, SERS, kc A3, A8, IMSI, Ki, TMSI/LAI, kc BS VLR

  8. GSM Security Features • Authentication: • A3 : take in 2 inputs of 128-bits and produces the SRES ( 32-bits). • Ki is never transmitted over the radio channel. • SRES is calculated over both sides, if they both give the same results, then authentication is successful. 128-bits RAND SRES = A3ki[RAND] SRES = A3ki[RAND] 32-bits MS BS 128-bits = ? No Authentication successful

  9. GSM Security Features • Signaling and Data Confidentiality • Subscriber Identity Confidentiality. • After authentication and encryption is done, a TMSI is sent to the mobile. RAND kc = A8ki[RAND] kc = A8ki[RAND] MS BS A5 algorithm A5 algorithm Data Data

  10. GSM Cloning • Query the SIM on a special-chosen challenges. • SIM applies the COMP128 to its secret key& chosen challenge. • COMP128 is a combination of both A3 and A8 algorithm. • Takes in RAND and Ki and gives a 128-bit output, SRES = 32-bits and Kc = 54-bits. • Analyse the response, to figure out the secret key.

  11. Details of the attack • Will need • Physical access to the target SIM card. • Smart card reader. • Computer to direct the operation. • Need to query the smart card 150,000 times. • Smart card can issue 6.25 queries/sec. • Whole attack takes around 8 hours.

  12. Currently • Its been proven possible to achieve an over-air-attack. • COMP128 algorithm has leaked to the public and it is possible for any one to have access to the algorithm.

  13. Conclusion • GSM has better security features than the old analogue-based system. • It is still true that GSM is the most secure mobile communication standard currently available. • BUT it is possible to attack the system in different ways – • Proof : GSM cloning has been achieved. • There are other methods not mentioned in the article.

  14. Questions • Will cloning effect the subscribers: • Confidentiality ? • Integrity ? • Availability ? • Why do you think it is important to generate a new RAND number every time a connection is being established ?

More Related