Overview of GSM and GSM Security Tuan Huynh and Hoang Nguyen ECE 478/578 Department of Electrical Engineering

and Computer Science Oregon State University June 06, 2003 Abstract In the past decade mobile communications has become one of the driving forces of the digital revolution. Everyday, millions of people are making phone calls by pressing a few buttons. Little is known about how one persons voice reaches the other persons phone that is thousands of miles away. Even less is known about the security measures and protection behind the system. The complexity of the cell phone is increasing as people begin sending text messages and digital pictures to their friends and family. The cell phone is slowly turning into a handheld computer. All the features and advancements in cell phone technology requires a backbone to support it. The system has to provide security and the capability for growth to

accommodate future enhancements. General System for Mobile Communications, GSM, is one of the many solutions out there. GSM has been dubbed the Wireless Revolution and it doesnt take much to realize why. GSM provides a secure and confidential method of communication. GSM General System for Mobile Communications, GSM, is an advanced mobile phone system used around the world. GSM has many benefits over its predecessors in terms of security, capacity, clarity, and area coverage [8]. GSM aims to provide a secure connection

for communication. Since its advent in the early 1980s it has grown into a family of services to provide everything from mobile voice to mobile data communication [10]. The best way to appreciate security is by looking at how chaotic and dangerous a mobile communications system would be without security. At any given moment, any body could eavesdrop into your conversation. Your bank account information, daily schedule, and any other information you may disclose on the phone would be at risk. Besides listening in, at any given moment, a hacker could impersonate your user information to make calls that would later amount to thousands of dollars in service charges. The list goes on and on. GSM was designed to address security problems like those listed above. HISTORY GSM was originally developed in Europe as a replacement for their existing panEuropean Cellular phone system. A committee was formed in 1982 to develop a roaming network that provides capacity and privacy [5]. By 1987, eighteen nations made

commitments to implement cellular networks based on GSM. Four years later, commercial networks were in place. GSM is now made up of over 745.5 million subscribers in 184 countries [4]. The GSM family is now composed of EDGE, 3GSM, and GPSR [9]. BENEFITS GSM was designed to grow and meet the needs of new technologies. GSM is currently composed of EDGE, 3GSM, and GPSR. Each member of the family is designed to solve a particular need. EDGE is an upper level component used for advanced mobile services such as downloading music clips, video clips, and multimedia messages. GPSR is

designed for always-on systems that are needed for web-browsing. 3GSM is the GSM running on third generation standards for multimedia services [9]. In addition to growing, GSM was designed with security in mind. Older cellular systems were analog based and therefore very susceptible to security attacks. It was common for attackers to eavesdrop and intercept peoples conversations and data. Even worse yet, attackers were capable of stealing customer IDs to make fraudulent calls. Eavesdropping allowed attackers to listen in on a private conversation. One specific case involved the British Royal family and Princess Di, where an attacker was able to intercept a line of communication and release the conversation to the media [4]. GSM also beats out its competition by providing authentication, secure data transfer, and subscriber data transfer. COMPONENTS The GSM infrastructure is composed of a mobile station, a base transceiver station, and a mobile switching center. Each piece is vital to the whole data exchange process.

Figure 1 Components of GSM [4]

Mobile Station In the broadest sense, the mobile station is any device capable of containing a subscriber identity module (SIM). The device is usually a cell phone. The cell phone consists of a SIM and an International Mobile Equipment Identity (IMEI). The SIM device stores sensitive information such as personal contacts, the International Mobile Subscriber Identity (IMSI), a personal identification number (PIN), and a secret key, Ki, for authentication [4]. The PIN allows the user to make changes on the SIM device. Base Transceiver Station The base station is responsible for providing the link between the mobile device and the switching center. When a call is initially made, it travels to the switching station via the hundreds of base stations. The stations are responsible for carrying and converting the voice signals [4]. Mobile Switching Center The switching center connects phones to phones. The base transceiver stations communicate with the switching station to link mobile devices together. The switching station is the hub of the whole network. The mobile center is responsible for

authentication, data switching, location updating, and routing [4]. SECURITY The two security goals of GSM are to provide an infrastructure which protects access to the mobile services and to prevent any information from being disclosed. In other words, GSM aims to prevent fraudulent phone use and to provide privacy for both parties. The following security measures are done to provide security [4]:

Authentication for regitered users Secure Data Transfer Subscriber Identity protection Mobile phones are inoperable without SIM chip Duplicate SIMS on network are not permitted Keys are securely stored

If all the measures listed above are met, GSM will be able to provide anonymity, authentication, confidentiality, and integrity [1]. GSM divides security on three different levels. Each level provides the mechanism for anonymity, authentication, confidentiality, or integrity. On the lowest level of security, GSM provides authentication and anonymity for the user through the SIM card. The SIM chip serves as the identification of the user. Billing and authentication are verified through the SIM chip. The second layer of security identifies the location of the user and reveals the incoming callers name to the receiver so the receiver can choose whether or not to accept the call. The third layer encrypts any data traveling between the two users. With the data encrypted and connection secure, integrity and confidentiality is provided [2]. ENCRYPTION IMPLEMENTATION A cell phone call placed on a GSM network goes through two steps. Any mobile device must first be authenticated before any data transmission can begin. Following successful authentication, a private key, Kc, is generated for data exchange. Authentication is done through a challenge and response mechanism. The base station initially sends out a random 128-bit number, r, to the mobile device [1]. Using A3 encryption, with inputs Ki from the SIM and the random number r, a 32-bit encrypted number SRES is generated [1]. The mobile device then sends the SRES generated number back to the network for validation. The network itself knows the mobile devices Ki and

can thus compare the value it generated to the value the mobile device generated. Authentication is successful if both numbers are identical [7].
USER
Ki From SIM r 128-Bit from Network

NETWORK
Ki Known r 128-Bit from Network

A3
SRES 32-Bit

A3
SRES 32-Bit

Figure 2 Initial Authentication Between User & Network

If authentication is successful, a connection is made and a new key, Kc, is generated to be shared by the user and network. The key is generated by applying an A8 algorithm on values Ki and the random value r. By doing this, a private key Kc will be generated for later use when transferring information [1].
User and Network
Ki From SIM r From network

A8
Kc Private Key for both user and network

Figure 3 A8 Key generation

With a private key Kc generated, information can be exchanged between two parties. GSM voice ciphers by using the A5 algorithm with inputs Kc, which is known by both parties, and the incoming data [1]. At that point data encryption and decryption is completed.

User and Network Communication

Kc Kc

DATA

A5

CIPHERED DATA

A5

Figure 4 Data encyprtion and decryption

SECURITY ISSUES GSM provides many layers of security. A lot of the protection goes on behind the scenes with the user knowing very little about what is safe and what isnt safe. Despite the security advancements with GSM, there still exist many security pitfalls. As the GSM family grows more complex, more security issues arise. Security Isssues Solved SIM chip and PIN One means of security that GSM provides is achieved through the use of a PIN. The PIN prevents unauthorized users from modifying data on another account. The PIN also prevents fraudulent use of a phone if it is stolen. GSM specifically prevents more than one SIM chip from being on the network at the same time. By doing this, a user who is able to impersonate and clone a SIM chip will still have troubles getting on to the system because the original owner of the SIM may still be on the network [5]. Security Issue Problems

COMP 128
At the current time, a lot of GSM phones apply a COMP 128 algorithm inside of the A3 and A8 encryption schemes. The COMP 128 algorithm has a weakness which 7

allows an attacker to retrieve the secret key Ki from the mobile devices SIM chip [6]. This is achieved by sending known data to the mobile device and analyzing the results that are returned from the device. With this knowledge, the attacker can clone the SIM chip for fraudulent use. It is estimated that a hobbyist could purchase the necessary equipment to clone SIM chips for less tan $40,000 [6]. The COMP 128 algorithm became a public concern after IBM researchers demonstrated that they had discovered away to clone a SIM chip with in a few seconds [6]. Efforts have been made to develop new algorithms to correct this problem.

A5 Implementation and Eavesdropping

The A5 algorithm used to encrypt streaming cipher data is not a universal standard. There are currently three implementations, A0 /0, A5/1, and A5/2. All of them are used throughout the world, varying from region to region. A5/1 is the strongest encryption because it has a time complexity of 2^54. A5/2 has a time complexity of only 2^16 [4]. The weaker A5 implementations are susceptible to eavesdropping.

Lack of Testing
The algorithms used for GSM are all hidden from the public [4]. At first glance this may seem reasonable but being hidden from the public eye prevents it from being tested by the world. As more and more people begin finding weaknesses about the network and the algorithms, more people will begin hacking the networks. When this does happen it will be difficult to fix the problem when the problem has already spread to million and millions of phones. If the algorithms were open source, then more testing could be done before the phones were all distributed to the public.

Lack of Internal Encryption

GSM solved most of the security issues involved with transmission of data through the radio channel. Currently data is only encrypted between the mobile device and the base stations. All other communication and signaling on the fixed telecommunications network is done in plain text [4].

Short Message Service

Short message service (SMS) is a service provided through GSM that allows users to send text messages to other mobile users. Users often overlook the fact that SMS provides no real security [4]. All messages sent via SMS are sent in a predictable, clear text format. The originating address of a SMS message can be forged. This weakness allows anybody the ability to send messages to phones with harmful instructions [6]. People could be instructed to send sensitive information back to the sender. The sender would then be in place to record the information.

Physical Theft
GSM packs all the information needed to use in a phone inside a single SIM chip. By doing that, the value of the phone itself has increased. A new phone can be used by replacing the SIM chip. No real measures can be taken against physical phone theft. Solutions to Current Security Issues A corrected version of the COMP 128 has been developed, however, the cost to replace all SIM chips and include the new algorithm is too costly to cellular phone companies. The new release of 3GSM will include a stronger version of the COMP 128 algorithm and a new A5 algorithm implementation. The A5/3 is expected to solve current

confidentiality and integrity problems [4]. Fixed network transmission could be fixed by simply applying some type of encryption to any data transferred on the fixed network. Conclusion GSM has many benefits over current cellular systems. The main problem now involves the COMP 128 algorithm problem. technology gets phased in. This problem will be solved as newer

The lack of extra encryption on the telecommunications

network doesnt pose as a major problem because any data transfer on there will have the same security as the current public switched telephone networks. Despite the current problems more and more cellular companies will switch to GSM based standards. An estimated one billion subscribers are expected by the end of 2003. As GSM slowly moves towards 3GSM, more problems and security issues will be resolved.

10

BIBLIOGRAPHY [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] Brookson, Charles. GSM (and PCN) Security and Encryption. August 2001. Dua, Kunal and Jain, Anuj. GSM Technology. February 07, 2003. GSM Cloning. www.isaac.cs.berkeley.edu/isaac/gsm.html Li, Yong, Chen, Yin, and Ma, Tie-Jun. Security in GSM. February 2002. Lord, Steve. Modern GSM Insecurities. www.itsecurity.com. February 02, 2003. Lord, Steve. "Bugwatch: GSM security flaws exposed." www.vnunet.com. May 16, 2003. Make Machines Talk. www.tdc.co.uk/competition/modules.htm. Margrave, David. GSM Security and Encryption. www.hackcanada.com. June 03, 2003. Todays GSM Platform. http://www.gsmworld.com/technology June 03, 2003. Zhang, Wei. GSM Security Issues. November 15, 2000.

11