Wednesday, 4 January 2012

GSM Security Feature, Threats and Solution



Figure 1: GSM Architecture

1.1 GSM SECURITY


Figure 2: GSM Security Model

GSM security is needed to provide the client of a network with anonymity and privacy (confidentiality of user data) when making a call, to ensure the network operator bills the bills the correct client. In addition, it ensures that operators do not interfere with each other either accidentally or intentionally.


Therefore, the three key points is the security is: Authentication, Signal and Data Confidentiality and Identity Confidentiality.

1.1.1      Authentication
Figure 3: GSM Authentication

The GSM Security Model is based on a shared secret between the subscriber's home network's HLR and the subscriber's SIM. The shared secret, called Ki, is a 128-bit key. When the MS first comes to the area of a particular MSC, the MSC sends the Challenge of the first triple to the MS. The MS calculates a SRES with the A3 algorithm using the given Challenge and the Ki residing in the SIM. The MS then sends the SRES to the MSC, which can confirm that the SRES really corresponds to the Challenge sent by comparing the SRES from the MS and the SRES in the triple from the HLR. Thus, the MS has authenticated itself to the MSC.

1.1.2 Signal and Data Confidentiality
The SIM contains the ciphering key generating algorithm (A8) which is used to produce the 64-bit ciphering key (Kc). The ciphering key is computed by appling the same random number (RAND) used in the authentication process to the ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki). The ciphering key (Kc) is used to encrypt and decrypt the data between the MS and the BS.

1.1.3 Identity Confidentiality
To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI) is used. The TMSI is sent to the mobile station after the authentication and encryption procedures have taken place. The MS then responds by confirming reception of the TMSI

In simple words: A3 (Authentication algorithm)
                         A8 (Key generation algorithm)
                         A5 (Encryption algorithm)



1.2 GSM THREATS

1.2.1 Denial of Service

-          However, due to the lack of authentication in the preliminary part of a mobile originated call, the GSM technology is vulnerable to denial of service (DoS) attacks (which takes place before authentication). In the DoS attacks, it may take on several forms of which the most common are causing the network not to transmit messages it should be sending in order to provide a service to legitimate clients or causing the network to send messages it should not; resulting in the failure of the network to distinguish legitimate traffic from the fake one.


1.2.2 Unilateral authentication and vulnerability to the man-in-the-middle attack
-    This is the network that authenticates users while the user does not authenticate network. Therefore, the attacker can use a false BTS with the same mobile network code as the subscriber’s legitimate network to impersonate himself and perform a man-in-the-middle attack.

1.2.2 Flaws in implementation of A3/A8 algorithm
-     Most of the operator uses COMP128 and through reverse engineering and some revealed documentations, many security flaws were subsequently discovered. In addition, COMP128 makes revealing Ki possible especially when specific challenges are introduced. It deliberately sets ten rightmost bits of Session Key equal to zero that makes the deployed cryptographic algorithms 1024 times weaker and more vulnerable due to the decreased key space.

1.3 GSM SOLUTIONS
Using secure algorithms for A3/A8 implementations:
-    This can thwart the dangerous SIM card cloning attack. This solution is profitable since the network operators can perform such improvement themselves without any need to the software and hardware manufacturers or the GSM consortium. However, this solution requires providing and distributing new SIM cards and modifying the software of the HLR.




References:
www.gsm-secure.co.uk/www.gsmworld.com/using/algorithms/
www.blackhat.com/presentations/bh-asia-01/gadiax.ppt
www.brookson.com/gsm/contents.htm
http://www.slideshare.net/Garry54/gsm-and-gprs-security
www.cs.huji.ac.il/~sans/students_lectures/GSM%20Security.ppt

1 comment:

  1. Hi nice blog link =) hahaha very nice images and easy to understand =) could you explain more on the solutions =)

    ReplyDelete