By Priyanka Agarwal http://M6.net
Introduction Every day millions of people use cellular phones over radio links. With increasing features, mobile phone is gradually becoming a handheld computer. In early 1980’s, when most of mobile telephone system was analog, inefficiency in managing growing demands in a cost-effective manner led to opening of door for digital technology (Huynh & Nguyen, 2003). According to Margrave (n.d), “With older analog-based cellular telephone systems such as Advanced Mobile Phone System (AMPS) and Total Access Communication System (TACS)”, cellular fraud is extensive. It’s very simple for a radio hobbyist to tune in and hear cellular telephone conversations since without encryption, voice and user data of subscriber is sent to network (Peng, 2000). Margrave (n.d) states that apart from this, cellular fraud can be committed by using complex equipment to receive Electronic Serial Number so as to clone another mobile phone and place calls with that. To counteract aforementioned cellular fraud and to make mobile phone traffic secure to a certain extent, GSM (Global System for Mobile communication or Group Special Mobile) is one of many solutions now out there. According to GSM-tutorials, formed in 1982, GSM is a worldwide accepted standard for digital cellular communication. GSM operates in 900MHz, 1800MHz, or 1900Mhz frequency bands by “digitizing and compressing data and then sending it down a channel with two other streams of user data, each in its own time slot.” GSM provides a secure and confidential method of communication Security provided by GSM The limitation of security in cellular communication is a result of fact that all cellular communication is sent over air, which then gives rise to threats from eavesdroppers with suitable receivers. Keeping this in account, security controls were integrated into GSM to make system as secure as public switched telephone networks. The security functions are:
1. Anonymity: It implies that it is not simple and easy to track user of system. According to Srinivas (2001), when a new GSM subscriber switches on his/her phone for first time, its International Mobile Subscriber Identity (IMSI), i.e. real identity is used and a Temporary Mobile Subscriber Identity (TMSI) is issued to subscriber, which from that time forward is always used. Use of this TMSI, prevents recognition of a GSM user by potential eavesdropper.
2. Authentication: It checks identity of holder of smart card and then decides whether mobile station is allowed on a particular network. The authentication by network is done by a response and challenge method. A random 128-bit number (RAND) is generated by network and sent to mobile. The mobile uses this RAND as an input and through A3 algorithm using a secret key Ki (128 bits) assigned to that mobile, encrypts RAND and sends signed response (SRES-32 bits) back. Network performs same SRES process and compares its value with response it has received from mobile so as to check whether mobile really has secret key (Margrave, n.d). Authentication becomes successful when two values of SRES matches which enables subscriber to join network. Since every time a new random number is generated, eavesdroppers don’t get any relevant information by listening to channel. (Srinivas, 2001)
3. User Data and Signalling Protection: Srinivas (2001) states that to protect both user data and signalling, GSM uses a cipher key. After authentication of user, A8 ciphering key generating algorithm (stored in SIM card) is used. Taking RAND and Ki as inputs, it results in ciphering key Kc which is sent through. To encipher or decipher data, this Kc (54 bits) is used with A5 ciphering algorithm. This algorithm is contained within hardware of mobile phone so as to encrypt and decrypt data while roaming. Algorithms used to make mobile traffic secure
Authentication Algorithm A3: One way function, A3 is an operator-dependent stream cipher. To compute output SRES by using A3 is easy but it is very difficult to discover input (RAND and Ki) from output. To cover issue of international roaming, it was mandatory that each operator may choose to use A3 independently. The basis of GSM’s security is to keep Ki secret (Srinivas, 2001)
Ciphering Algorithm A5: In recent times, many series of A5 exists but most common ones are A5/0(unencrypted), A5/1 and A5/2. Because of export regulations of encryption technologies there is existence of a series of A5 algorithms (Brookson, 1994).
A8 (Ciphering Key Generating Algorithm): Like A3, it is also operator-dependent. Most providers combine A3 and A8 algorithms into a single hash function known as COMP128. The COMP128 creates KC and SRES, in a single instance (Huynh & Nguyen, 2003).
GSM security flaws
·Security by obscurity. According to (Li, Chen & Ma) some people asserts that since GSM algorithms are not publicized so it is not a secure system. “Most security analysts believe any system that is not subject to scrutiny of world’s best minds can’t be as secure.” For instance, A5 was never made public, only its description is divulged as part of GSM specification.
·Another limitation of GSM is that although all communication between Mobile station and Base transceiver station are encrypted, in fixed network all communication and signalling is not protected as it is transmitted in plain text most of time (Li, Chen & Ma).
·One more problem is that it is hard to upgrade cryptographic mechanisms timely.
·Flaws are present within GSM algorithms. According to Quirke (2004) “ A5/2 is a deliberately weakened version of A5/1, since A5/2 can be cracked on order of about 216”.