GSM Cell Phones

Security of GSM Cell Phones
By: Priyanka Aqarwal

Every day millions of people use cell phones over radio links. With the increasing features, the cell phone is gradually becoming a handheld computer. According to Margrave (n.d), “With the older analog-based cell phones systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS)”, cellular fraud is extensive. To counteract the aforementioned cellular fraud and to make cell phone traffic secure to a certain extent, GSM (Global System for Mobile communication or Group Special Mobile) is one of the many solutions now out there. According to GSM-tutorials, formed in 1982, GSM is a worldwide-accepted standard for digital cellular communication. GSM operates in the 900MHz, 1800MHz, or 1900Mhz frequency bands by “digitizing and compressing data and then sending it down a channel with two other streams of user data, each in its own time slot.” GSM provides a secure and confidential method of communication.

The security functions are:

1. Anonymity: It implies that it is not simple and easy to track the user of the system. According to Srinivas (2001), when a new GSM subscriber switches on his/her phone for the first time, its International Mobile Subscriber Identity (IMSI), i.e. real identity is used and a Temporary Mobile Subscriber Identity (TMSI) is issued to the subscriber, which from that time forward is always used. Use of this TMSI, prevents the recognition of a GSM user by the potential eavesdropper.

2. Authentication: It checks the identity of the holder of the smart card and then decides whether the mobile station is allowed on a particular network. A random 128-bit number (RAND) is generated by the network and sent to the mobile. The mobile uses this RAND as an input and through A3 algorithm using a secret key Ki (128 bits) assigned to that mobile, encrypts the RAND and sends the signed response (SRES-32 bits) back. Network performs the same SRES process and compares its value with the response it has received from the mobile so as to check whether the mobile really has the secret key (Margrave, n.d). Authentication becomes successful when the two values of SRES matches which enables the subscriber to join the network. Since every time a new random number is generated, eavesdroppers don’t get any relevant information by listening to the channel. (Srinivas, 2001)

3. User Data and Signaling Protection: Srinivas (2001) states that to protect both user data and signaling, GSM uses a cipher key. This algorithm is contained within the hardware of the mobile phone so as to encrypt and decrypt the data while roaming.

Algorithms used to make mobile traffic secure

Authentication Algorithm A3: One way function, A3 is an operator-dependent stream cipher. The basis of GSM’s security is to keep Ki secret (Srinivas, 2001)

GSM security flaws

Security by obscurity. According to (Li, Chen & Ma) some people asserts that since the GSM algorithms are not publicized so it is not a secure system.

Another limitation of GSM is that although all communication between the Mobile station and the Base transceiver station are encrypted, in the fixed network all the communication and signaling is not protected as it is transmitted in plain text most of the time (Li, Chen & Ma).

One more problem is that it is hard to upgrade the cryptographic mechanisms timely. Flaws are present within the GSM algorithms. According to Quirke (2004) “ A5/2 is a deliberately weakened version of A5/1, since A5/2 can be cracked on the order of about 216”.

Security breaches

Time to time, people have tried to decode GSM algorithms. In reply to this assertion, the GSM alliance stated that since the GSM network allows only one call from any phone number at any one time it is of no relevant use even if a SIM could be cloned. GSM has the ability to detect and shut down duplicate SIM codes found on multiple phones (Business press release, 1998). As a result of this, the real base station can get deluged which would compel a mobile station to connect to the fake station.

In the GSM system, communication is encrypted only between the Mobile station and the Base Transceiver station but within the provider’s network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).

Measures taken to tackle these flaws

According to Quirke (2004), since the emergence of these, attacks, GSM have been revising its standard to add newer technologies to patch up the possible security holes, e.g. GSM1800, HSCSD, GPRS and EDGE. Firstly, patches for COMP 128-2 and COMP128-3 hash function have been developed to address the security hole with COMP 128 function.

GSM is coming out of their “security by obscurity” ideology, which is actually a flaw by making their 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).

Conclusion

To provide security for cell phones traffic is one the goals described in GSM 02.09 specification, GSM has failed in achieving it in past (Quirke, 2004). Until a certain point GSM did provide strong subscriber authentication and over-the-air transmission encryption but different parts of an operator’s network became vulnerable to attacks (Li, Chen, Ma).