GSM Security Issues

Iowa State University Department of Computer Engineering Wei Zhang Nov. 15, 2000

References
1. New authentication protocol for GSM networks Al-Tawil, Khalid (King Fahd Univ of Petroleum and Minerals) Akrami, Ali | Youssef, Habib Source: Conference on Local Computer Networks Oct 11-14 1998 1998 Sponsored by: IEEE IEEE p 21-30 0742-1303

2. New authentication protocol for roaming users in GSM networks Al-Tawil, Khalid (King Fahd Univ of Petroleum and Minerals) Akrami, Ali Source: IEEE Symposium on Computers and Communications - Proceedings Jul 6-Jul 8 1999 1999 Sponsored by: IEEE Communications Society; IEEE Computer Society IEEE p 93-99 3. Secure communication mechanisms for GSM networks Lo, Chi-Chun (Natl Chiao-Tung Univ) Chen, Yu-Jen Source: IEEE Transactions on Consumer Electronics 45 4 1999 IEEE p 1074-1080 0098-3063
4. Secure communication architecture for GSM networks Lo, Chi-Chun (Natl Chiao-Tung Univ) Chen, Yu-Jen Source: IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing Proceedings Aug 22-Aug 24 1999 1999 IEEE p 221-224

5. A brief overview of GSM John Scourias http://kbs.cs.tu-berlin.de/~jutta/gsm/js-intro.html, 1994 6. Mobility and security management in the GSM system and some proposed future improvements A. Mehrotra, L. S. Golding Proceedings of the IEEE, vol. 86, Issue 7, July 1998 7. GSM security: a description of the reasons for security and the techniques Charles Brookson IEE, 1994 8. GSM protocol architecture: radio subsystem signaling M. Mouly, M. B. Pautet Proceedings of the IEEE, vol. 86, Issue 7, July 1998 9. Overview of the GSM system and protocol architecture Moe Rahnema IEEE Communication magazine, pp 92-100, April 1993 10. Integration of intelligent network services into future GSM networks Mikko Laitinen, Jari Rantala IEEE communication magazine, pp 76- 86, June 1995

Contents
Introduction GSM Architecture Security Issues
Security attacks Security services provided by GSM Security architectures and comparison

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

Introduction
What is GSM Criteria that GSM has to meet
good subjective speech quality support for international roaming

Services provided by GSM

bearer service, teleserivces, supplementary service
15, Nov. , 2000 Iowa State University Cpre537x Wei Zhang 2

GSM Architecture
Mobile stations Base station subsystem Network management Subscriber and terminal equipment databases A-bits BTS Exchange system
B

OMC

VLR
D

BSC BTS

MSC
C

IWF

HLR

PSTN

AUC

ISDN PSPDN CSPDN SC BTS

F

EIR

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

GSM Security
Security Attacks
Replay attack Guessing attack Interleaving attack Man-in-middle attack

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

GSM Security(Cont.)
Security service provided by GSM
Anonymity:so that it is not easy to identify the user of the system Authentication:so the operator knows who is using the system for billing purpose User Data and signaling protection: so that user data passing over the radio path is protected
Iowa State University Cpre537x Wei Zhang

15, Nov. , 2000

Security Architecture I
Mobile Device Air Interface Challenge R Km
A3

Base Station Random R

Km A3

Response Signed RESponse(SRES)

SRES
A8 A8

SRES

Ki
A5

Ki

Encrypted Data
A5

mi .

mi . Plaintext Ciphertext

Plaintext

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

Security Architecture II
Mobile User Air Interface Mutual Authentication and Key Exchange Base Station

C3 M

C3 M

mi .

C8

C8
Ki

mi.

Data Encrytion/Decryption
C5 mi. C5 mi.

Plaintext

Ciphertext

Plaintext

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

Architecture--Authentication Protocol(C3)
Connection phase
Mobile User Air Interface
SVC_REQ_PARMS, R1, Cert(m) Cert(s),Ekpub,m(Ss(SVC_REQ_PARMS, R1, M, R2)) C3 Ekpub,s(Sm(SVC_REQ_PARMS, R2), Sm(M))

Base Station

C3

M M
m: mob ile uesr s: base station R1: a rando m nu mber generated by mobile user m R2: a rando m nu mber generated by base station s M: a random b it string generated by base station s SVC_ REQ_PA RMS: ( Identity m, Identitity s , service_id_key, key_length)

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

Architecture--Authentication Protocol(C3)(Cont.)
Release phase
Mobile User Air Interface Base Station

Random R3 REL_REQ, Idetitys, Identitym,Ekpub,s(R2, R3) C3 Identitym, Identitys BILL_INFO, R3

C3

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

Architecture--Key Generation(C8)
C8 algorithm processes input data on a byte-by-byte basis. Some simulation results show that the keystream generated by C8 algorithm maintain a maximal periods, regardless of input patterns. This indicates that C8 algorithm is able to produce key strings with infinite period.
15, Nov. , 2000 Iowa State University Cpre537x Wei Zhang 10

Architecuture--Message Encryption/Decryption(C5)
The C5 algorithm uses stream cipher for encryption/decryption. The simplest stream cipher is using only the XOR operation.

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

11

Comparison on two architecture

Complexity Architecture I . Authentication is fast . Key exchange is fast . M essage encryption is fast . Authentication is not secure enough . Only the mobile user is authenticated . A3, A8, and A5 are proprietary . The SIM stores users personal information and the A3 algorithm Architecture II . Authentication is slow . Key exchange depends on the key length . M essage encryption is fast . Authentication is very secure . Both the mobile user and the base station are authenticated(mutual authentication) . Period can be infinite . C1, C8, and C5 are publicly available . The SIM only stores users personal information

Security

Flexibility

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

12

Conclusion
The GSM system is a first approach at a true personal communication system GSM provides a basic range of security features to ensure adequate protection for both the operator and customer

15, Nov. , 2000

Iowa State University Cpre537x Wei Zhang

13