Continued from page 1
Time to time, people have tried to decode GSM algorithms. For instance, according to Issac press release (1998) in April 1998, SDA (Smartcard Developer Association) along with two U.C Berkeley researchers alleged that they have cracked COMP128 algorithm, which is stored on SIM. They claimed that within several hours they were able to deduce Ki by sending immense numbers of challenges to authorization module. They also said that out of 64 bits, Kc uses only 54 bits with zeros padding out other 10, which makes cipher key purposefully weaker. They felt government interference might be reason behind this, as this would allow them to monitor conversations. However, they were unable to confirm their assertion since it is illegal to use equipment to carry out such an attack in US. In reply to this assertion, GSM alliance stated that since GSM network allows only one call from any phone number at any one time it is of no relevant use even if a SIM could be cloned. GSM has ability to detect and shut down duplicate SIM codes found on multiple phones (Business press release, 1998).
According to Srinivas (2001), one of other claims was made by ISAAC security research group. They asserted that a fake base station could be built for around $10,000, which would allow a “man-in-the-middle” attack. As a result of this, real base station can get deluged which would compel a mobile station to connect to fake station. Consequently, base station could eavesdrop on conversation by informing phone to use A5/0, which is without encryption.
One of other possible scenarios is of insider attack. In GSM system, communication is encrypted only between Mobile station and Base Transceiver station but within provider’s network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).
Measures taken to tackle these flaws According to Quirke (2004), since emergence of these, attacks, GSM have been revising its standard to add newer technologies to patch up possible security holes, e.g. GSM1800, HSCSD, GPRS and EDGE. In last year, two significant patches have been implemented. Firstly, patches for COMP 128-2 and COMP128-3 hash function have been developed to address security hole with COMP 128 function. COMP128-3 fixes issue where remaining 10 bits of Session Key (Kc) were replaced by zeroes. Secondly, it has been decided that a new A5/3 algorithm, which is created as part of 3rd Generation Partnership Project (3GPP) will replace old and weak A5/2. But this replacement would result in releasing new versions of software and hardware in order to implement this new algorithm and it requires co-operation of hardware and software manufacturers. GSM is coming out of their “security by obscurity” ideology, which is actually a flaw by making their 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).
Conclusion To provide security for mobile phone traffic is one goals described in GSM 02.09 specification, GSM has failed in achieving it in past (Quirke, 2004). Until a certain point GSM did provide strong subscriber authentication and over-the-air transmission encryption but different parts of an operator’s network became vulnerable to attacks (Li, Chen, Ma). The reason behind this was secrecy of designing algorithms and use of weakened algorithms like A5/2 and COMP 128. One of other vulnerability is that of inside attack. In order to achieve its stated goals, GSM is revising its standards and it is bringing in new technologies so as to counteract these security holes. While no human-made technology is perfect, GSM is most secure, globally accepted, wireless, public standard to date and it can be made more secure by taking appropriate security measures in certain areas. Bibliography
Business Wire Press release (1998). GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning. Retrieved October 26th, 2004 Web site: http://jya.com/gsm042098.txt
Brookson (1994). Gsmdoc Retrieved October 24th, 2004 from gsm Web site: http://www.brookson.com/gsm/gsmdoc.pdf
Chengyuan Peng (2000). GSM and GPRS security. Retrieved October 24th, 2004 from Telecommunications Software and Multimedia Laboratory Helsinki University of Technology Web site: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf Epoker Retrieved October 27th, 2004 from Department of Mathematics Boise State University, Mathematics 124,Fall 2004 Web site:http://math.boisestate.edu/~marion/teaching/m124f04/epoker.htm Huynh & Nguyen (2003). Overview of GSM and GSM security. Retrieved October 25th, 2004 from Oregon State university, project Web site: http://islab.oregonstate.edu/koc/ece478/project/2003RP/huynh_nguyen_gsm.doc
Li, Chen & Ma (n.d). Security in gsm. Retrieved October 24th, 2004 from gsm-security Web site: http://www.gsm-security.net/papers/securityingsm.pdf
Quirke (2004). Security in GSM system. Retrieved October 25th, 2004 from Security Website:http://www.ausmobile.com/downloads/technical/Security in GSM system 01052004.pdf
Margrave (n.d). GSM system and Encryption. Retrieved October 25th, 2004 from gsm-secur Web site: http://www.hackcanada.com/blackcrawl/cell/gsm/gsm-secur/gsm-secur.html Press release (1998). Smartcard Developer Association Clones Digital GSM 1998). Retrieved October 26th, 2004 from is sac Web site: http://www.isaac.cs.berkeley.edu/isaac/gsm.html
Srinivas (2001). The GSM Standard (An overview of its security) Retrieved October 25th, 2004 from papers Web site:http://www.sans.org/rr/papers/index.php?id=317
Stallings (2003). Cryptography and Network Security: Principles and practices. USA: Prentice Hall.
A novice trying to create her niche on network of networks