PRIVACY AND SECURITY

IN GSM
 Introduction
• GSM system privacy and security is achieved using four
primary mechanisms:

i. Each subscriber is identified using a cryptographic security

mechanism.
ii. The subscriber’s security information is stored on a smart
card or SIM card.
iii. The GSM operator maintains the secrecy of algorithms
and keys for authenticating the subscriber and providing
voice privacy.
iv. The cryptographic keys are not shared with other GSM
administrators.
 Wireless Security Requirements
• Security in a wireless system is of concern to the
system operator and to the user.
• The system operator wants to ensure that the
user requesting the service is a valid user whose
actual identity is the same as claimed identity,
the operator must authenticate the user.
• Users want to have access to services without
compromising the privacy. They get disturbed
when their locations, calling patterns and details
of their conversations are monitored.
 Privacy of Communications:
• Figure shows a high level diagram of a PCS
system showing areas where criminals or
hackers can compromise the system.
• At each interface compromise is possible, so
designers must pay attention to each of these
areas. A PCS personal terminal needs privacy
in these areas.
Call setup information
Speech
Data
User location
User ID
Calling patterns
 Authentication requirements:
• Clone resistant design
 Over the air
 From the network
 From network interconnect
 From fraudulent systems
 From security algorithms
 From users cloning their own handsets
• A cryptographic system to reduce installation and
repair fraud
• Unique user ID
• Unique handset ID