Security of GSM System

Written by Priyanka Agarwal

Continued from page 1

Security breaches

Time to time, people have tried to decode GSM algorithms. For instance, according to Issac press release (1998) in April 1998,repparttar SDA (Smartcard Developer Association) along with two U.C Berkeley researchers alleged that they have crackedrepparttar 107946 COMP128 algorithm, which is stored onrepparttar 107947 SIM. They claimed that within several hours they were able to deducerepparttar 107948 Ki by sending immense numbers of challenges torepparttar 107949 authorization module. They also said that out of 64 bits, Kc uses only 54 bits with zeros padding outrepparttar 107950 other 10, which makesrepparttar 107951 cipher key purposefully weaker. They felt government interference might berepparttar 107952 reason behind this, as this would allow them to monitor conversations. However, they were unable to confirm their assertion since it is illegal to use equipment to carry out such an attack inrepparttar 107953 US. In reply to this assertion,repparttar 107954 GSM alliance stated that sincerepparttar 107955 GSM network allows only one call from any phone number at any one time it is of no relevant use even if a SIM could be cloned. GSM hasrepparttar 107956 ability to detect and shut down duplicate SIM codes found on multiple phones (Business press release, 1998).

According to Srinivas (2001), one ofrepparttar 107957 other claims was made byrepparttar 107958 ISAAC security research group. They asserted that a fake base station could be built for around $10,000, which would allow a “man-in-the-middle” attack. As a result of this,repparttar 107959 real base station can get deluged which would compel a mobile station to connect torepparttar 107960 fake station. Consequently,repparttar 107961 base station could eavesdrop onrepparttar 107962 conversation by informingrepparttar 107963 phone to use A5/0, which is without encryption.

One ofrepparttar 107964 other possible scenarios is of insider attack. Inrepparttar 107965 GSM system, communication is encrypted only betweenrepparttar 107966 Mobile station andrepparttar 107967 Base Transceiver station but withinrepparttar 107968 provider’s network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).

Measures taken to tackle these flaws According to Quirke (2004), sincerepparttar 107969 emergence of these, attacks, GSM have been revising its standard to add newer technologies to patch uprepparttar 107970 possible security holes, e.g. GSM1800, HSCSD, GPRS and EDGE. Inrepparttar 107971 last year, two significant patches have been implemented. Firstly, patches for COMP 128-2 and COMP128-3 hash function have been developed to addressrepparttar 107972 security hole with COMP 128 function. COMP128-3 fixesrepparttar 107973 issue whererepparttar 107974 remaining 10 bits ofrepparttar 107975 Session Key (Kc) were replaced by zeroes. Secondly, it has been decided that a new A5/3 algorithm, which is created as part ofrepparttar 107976 3rd Generation Partnership Project (3GPP) will replacerepparttar 107977 old and weak A5/2. But this replacement would result in releasing new versions ofrepparttar 107978 software and hardware in order to implement this new algorithm and it requiresrepparttar 107979 co-operation ofrepparttar 107980 hardware and software manufacturers. GSM is coming out of their “security by obscurity” ideology, which is actually a flaw by making their 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).

Conclusion To provide security for mobile phone traffic is onerepparttar 107981 goals described in GSM 02.09 specification, GSM has failed in achieving it in past (Quirke, 2004). Until a certain point GSM did provide strong subscriber authentication and over-the-air transmission encryption but different parts of an operator’s network became vulnerable to attacks (Li, Chen, Ma). The reason behind this wasrepparttar 107982 secrecy of designing algorithms and use of weakened algorithms like A5/2 and COMP 128. One of other vulnerability is that of inside attack. In order to achieve its stated goals, GSM is revising its standards and it is bringing in new technologies so as to counteract these security holes. While no human-made technology is perfect, GSM isrepparttar 107983 most secure, globally accepted, wireless, public standard to date and it can be made more secure by taking appropriate security measures in certain areas. Bibliography

Business Wire Press release (1998). GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning. Retrieved October 26th, 2004 Web site:

Brookson (1994). Gsmdoc Retrieved October 24th, 2004 from gsm Web site:

Chengyuan Peng (2000). GSM and GPRS security. Retrieved October 24th, 2004 from Telecommunications Software and Multimedia Laboratory Helsinki University of Technology Web site: Epoker Retrieved October 27th, 2004 from Department of Mathematics Boise State University, Mathematics 124,Fall 2004 Web site: Huynh & Nguyen (2003). Overview of GSM and GSM security. Retrieved October 25th, 2004 from Oregon State university, project Web site:

Li, Chen & Ma (n.d). Security in gsm. Retrieved October 24th, 2004 from gsm-security Web site:

Quirke (2004). Security inrepparttar 107984 GSM system. Retrieved October 25th, 2004 from Security Website: inrepparttar 107985 GSM system 01052004.pdf

Margrave (n.d). GSM system and Encryption. Retrieved October 25th, 2004 from gsm-secur Web site: Press release (1998). Smartcard Developer Association Clones Digital GSM 1998). Retrieved October 26th, 2004 from is sac Web site:

Srinivas (2001). The GSM Standard (An overview of its security) Retrieved October 25th, 2004 from papers Web site:

Stallings (2003). Cryptography and Network Security: Principles and practices. USA: Prentice Hall.

A novice trying to create her niche on network of networks

Is VoIP Good For The Home?

Written by Aaron Siegel

Continued from page 1

Secondly you will need what is called a gateway. The gateway is connected between your computer and Ethernet modem. The VoIP gateway is where your phone line will be plugged into. Gateways enable freedom from possible computer problems that can shut down calling capabilities or deteriorate voice quality. Computer crashes, slow memory, and many other computer problems that plague us in everyday life, you do not want to plague your ability to make phone calls.

Gateways are specifically designed for VoIP phones but adapters are available for current phones should you not want to buy a brand new phone. VoIP providers usually haverepparttar adapters available for sale so you don’t have to shop around for one yourself. Before you write off buying a new phone however, video phones arerepparttar 107945 newest product line and it won’t be long before this trend explodes. You may want to get your video phone so you aren’t left out of exciting face to face conversations with friends and relatives when they get theirs. Packet8 VoIP has a good video phone sold separately with their services.

The services included with VoIP usually include allrepparttar 107946 convenient bells and whistles your current phone service provides including your own local VoIP telephone number, call waiting, voice messaging, 3 way calling, and more.

There are some important things to remember with VoIP before you go diving in to this feature rich voice technology. You should check with your VoIP provider for local 911 emergency coverage. Some VoIP providers charge extra on a monthly basis for both 911 and 411 access so make sure you know how much it is going to cost you before committing to a calling contract.

One last important thing to remember is that your gateway is reliant on electricity to function. This means power outages will put your phone line out of service, but then isn’t your phone already only functional with electricity these days?

This article was written by Aaron Siegel of www.TopSavings.Net which provides consultive services for communications at the residential level all the way up to government.

Services available at the website include VoIP (Including Packet8), Internet Access (Including SpeakEasy), Long Distance, Local Phone Services, Cellular services, and more.

    <Back to Page 1 © 2005
Terms of Use