IN GSM Introduction • GSM system privacy and security is achieved using four primary mechanisms:
i. Each subscriber is identified using a cryptographic security
mechanism. ii. The subscriber’s security information is stored on a smart card or SIM card. iii. The GSM operator maintains the secrecy of algorithms and keys for authenticating the subscriber and providing voice privacy. iv. The cryptographic keys are not shared with other GSM administrators. Wireless Security Requirements • Security in a wireless system is of concern to the system operator and to the user. • The system operator wants to ensure that the user requesting the service is a valid user whose actual identity is the same as claimed identity, the operator must authenticate the user. • Users want to have access to services without compromising the privacy. They get disturbed when their locations, calling patterns and details of their conversations are monitored. Privacy of Communications: • Figure shows a high level diagram of a PCS system showing areas where criminals or hackers can compromise the system. • At each interface compromise is possible, so designers must pay attention to each of these areas. A PCS personal terminal needs privacy in these areas. Call setup information Speech Data User location User ID Calling patterns Authentication requirements: • Clone resistant design Over the air From the network From network interconnect From fraudulent systems From security algorithms From users cloning their own handsets • A cryptographic system to reduce installation and repair fraud • Unique user ID • Unique handset ID