GSM

Unit-6

Privacy and security

in GSM
 Introduction
• In analog cellular systems, fraud and hacking
into the user channels was extensive, due to
the lack of encryption of identities.

• Hence in GSM, to eliminate the cloning fraud,

the system’s privacy and security is achieved
using the following 4 primary mechanisms –
i) Each subscriber is authenticated using a
cryptographic algorithm.
ii) The subscriber’s identities are stored in a
secure computing platform, called SIM card.

iii) The cryptographic algorithms and the

subscriber keys are secretly maintained.

iv) The keys meant for authenticating the

subscriber and for providing voice privacy, are
not shared with other GSM entities.
 Wireless security requirements

These are required at three levels namely –

during communication, during authentication
and during the system’s lifetime.

1. Privacy of communications: As the system is

prone to hacking at all the GSM entities,
privacy is needed in the following areas –

a) Call setup information: Calling number,

calling card no., type of service requested.
 Privacy of communications contd…

b) User ID and user location: User ID must be

encrypted in such a way that the listener will not be
able to determine the user’s location.

c) Speech and Data: All spoken communication as

well as the Data must be encrypted.

d) Calling patterns: The handset should not transmit

any information that allows the listener to perform
the traffic analysis. Some examples are –
frequency of use, caller ID, financial transactions.
2. Authentication requirements: As the handset
can be stolen and misused, measures must
be provided for its prevention, as follows –

a) Unique handset ID: Each handset should

be identified with a unique global ID (IMEI).
b) Clone resistant design: To prevent cloning,
the handset unique information should not
be freely available in any of the GSM
interfaces or entities, except at EIR.
 c) Unique user ID: To prevent multiple people
using the same handset, there must be a
provision to have a unique user ID to a
particular handset.
d) During repair: It should not be possible to
alter the handset ID when the handset is
being repaired.
3. System lifetime requirements: It is desirable
that the algorithms must work foolproof atleast
for the next 20 years. Hence, it must be
possible to upgrade the algorithms as well.
SIM CARDS

CONTACTS 15mm

25mm
• SIM card is a secure microprocessor based
environment, implemented as a plug-in card,
into the handset.

• Certain data on the SIM card can be changed

by the user, by entering a PIN. Certain other
data can be changed only by the manufacturer.

• Any fraudulent attempt to reverse engineer the

smart card, will destroy the data on the card.
 File structure of SIM card
MF

EF0 EF1 EF2 EF3

DF1 DF2

EF1 EF2 EF1 EF2

• The root level directory is called “Master File” (MF).

• Under the MF, there are “Elementary Files” (EF),

which can contain either data or executable files.

• The MF can also contain the directories called as

“Dedicated Files” (DF).

• Each file/directory has access conditions, such as

read and write.

• The EF0 contains the PIN for the data and executable
files present in that particular directory.
 Storage capability of SIM
1. Mode of operation of the SIM
2. SIM card ID and IMSI
3. SIM service table – list of optional services
4. Location information – TMSI, LAI
5. Encryption keys – Ki, Kc
6. BCCH information – ARFCN used
7. Access control class
8. Forbidden PLMN
9. Language preferences
 Optional storage capability

1. Abbreviated dialing numbers

2. Fixed dialing numbers
3. MSISDN numbers
4. Call register – with call meter
5. Short messages
 Security algorithms

• GSM uses 3 algorithms namely – A3, A8 & A5.

• A3 is the “authentication” algorithm.

• A8 is the “privacy key generation” algorithm.

• A5 is the “encryption” algorithm.

 1. Authentication algorithm (A3)
• This is used by the handset to compute a 32-bit
“signed response” (SRES).

• SRES is generated in response to the 128-bit

“random number” (RAND) that is transmitted by
the BS, during the process of registration.

• For generating the SRES, the algorithm also

uses the 128-bit “individual key” (Ki).
2. Privacy key generation algorithm (A8)

• This algorithm also uses Ki and RAND, for

generating the ciphering key (Kc).

• But the RAND received by A8 is different

from that received by A3.

• The 64-bit “cipher key” generated by A8 is

utilized by A5 for the encryption purpose.
 3. Encryption algorithm (A5)

• This algorithm is used to encrypt the data

that is transmitted on DCCH and TCH.

• It uses the 22-bit TDMA frame counter and

the 64-bit ciphering key.

• The encryption mask repeats after every

hyperframe.
 Authentication, Key generation & Encryption
SIM AuC
TMSI – old (32 bits)
MS VLR → HLR
Ki
RAND – old (128 bits) Ki

SRES (32 bits)

A3 ? A3
TMSI – new (32 bits)
MS
BS
RAND – new (128 bits)

A8 A8
Kc Encrypted data Kc
Data Data
A5 A5
 Data encryption procedure

TDMA frame counter TDMA frame counter

Kc Kc
A5 A5

Radio channel
Tx XOR XOR Rx
 TOKEN-BASED AUTHENTICATION

• To prevent hacking at the GSM entities, and to

reduce the number of identification procedures,
the “token based authentication” is adopted.

• The pseudorandom number (RAND), its

corresponding response (SRES), and the
encrypting key (Kc) – These three are
collectively called as “Triplet information”.
 Token-based authentication contd…
• Whenever an MS makes an attempt to register
itself, the visited system requests these triplets
from the home system (old VLR).

• The new VLR obtains the triplets from the MS

as well, and then compares them with the ones
received from old VLR.

• If the response matches, then the MS is

registered with the network.
 Token-based authentication contd…
• After registration, the just-used triplet gets
discarded. The VLR will contain 3 to 5 sets of
triplets, received from the home system.

• For the next registration of the MS, a new set of

triplets has to be employed. If all the triplets are
used, then VLR has to query the HLR, for a new
set of triplets.

• The HLR as well as MS can store many sets of

triplets, which can be repeatedly used.
 Token-based registration
MS new VLR HLR old VLR
Register
Query
Response
Unique challenge
Challenge response Assign
TMSI
Location update
Acknowledge
Registration
New TMSI cancellation
Acknowledge
 Call flows for token-based registration
1. MS sends a registration message to the new
system, with the old TMSI and old LAI.
2. The new system queries the old VLR.
3. The old VLR returns the unused triplets and the
location of HLR.
4. The new system issues a challenge to MS (for the
triplet information).
5. The MS responds to the challenge.
6. The new system assigns a new TMSI.
 Call flows contd…
7. The new system sends a message to HLR for the
location update of the MS.
8. The HLR updates its location database.
9. The HLR then acknowledges back.
10. The HLR sends a registration cancellation message
to the old VLR.
11. The new system sends an encrypted message to
the MS, with the new TMSI.
12. The MS acknowledges the message.
 Token-based challenge

• Whenever the new VLR receives the triplets,

it stores it in the form of a “token”.

• Once a token is used for authentication, the

VLR marks it as used.

• Whenever another token is required, the VLR

has to use the unused set.
 Token-based challenge contd…
• If all sets are used, the VLR may reuse a set that was
marked as used.

• All the existing tokens are discarded when the VLR

requests for the tokens from HLR or old VLR.

• When HLR has no more tokens, it will query the AuC

for additional tokens.

• The no. of tokens and the no. of their reuse – are

defined by the operator.
 Token-based unique challenge
MS MSC new VLR
Unique challenge

Calculate the
SRES
Auth. request
Challenge response
Test SRES for
validity

Auth. response
Success or Failure
Call proceeds
or terminates
END

of

UNIT-6