GSM Security

GSM Security Papers

Security in the GSM System
Author: Jeremy Quirke
Date: 1 May 2004

Mobile phones are used on a daily basis by hundreds of millions of users, over radio links. Due to the fact that unlike a fixed phone, which offers some level of physical security (i.e. physical access is needed to the phone line for listening in), with a radio link, anyone with a receiver is able to passively monitor the airwaves. Therefore it is highly important that reasonable technological security measures are taken to ensure the privacy of user’s phone calls and text messages (and data), as well to prevent unauthorized use of the service.

Attacks and Counter Measures in 2.5G and 3G Cellular IP Networks
Author: Ollie Whitehouse and Graham Murphy
Date: March 2004

2.5G and 3.0G cellular technologies are here to stay. This whitepaper assesses the issues still facing the industry since the GPRS Wireless Security: Not Ready for Primetime paper was published in June 2002. GTP (GPRS Tunneling Protocol) is now widely deployed in a majority of 2.5G and 3.0G cellular networks, and this paper reviews some of the potential attacks against the GTP protocol and the possible effects this will have on cellular providers. It also reviews some of the architectural alternatives that providers can consider. This paper also presents the results of the @stake assessment of the Check Point FireWall-1 GX solution.

Specification of the GSM-MILENAGE Algorithms: An example algorithm set for the GSM Authentication and Key Generation functions A3 and A8
Author: 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects
Date: December 2002

The present document contains an example set of algorithms which may be used as the GSM authentication and key generation functions A3 and A8. (It is not mandatory that the particular algorithms specified in this document are used – the A3 and A8 functions are operator-specifiable rather than being fully standardized). Section 3 (normative) introduces the algorithms and describes their input and output parameters. Section 4 (normative) defines the algorithms. Section 5 (informative) describes an alternative algorithm that some operators may prefer. Section 6 (informative) provides test data.

Security Protocols over open networks and distributed systems: Formal methods for their Analysis, Design, and Verification
Author: Stefanos Gritzalis of the University of the Aegean
Date: 1997

Formal methods, theory, and supporting tools can aid the design, analysis, and verification of the security- related and cryptographic protocols used over open networks and distributed systems. The most commonly followed techniques for the application of formal methods for the ex-post analysis and verification of cryptographic protocols, as the analysis approach, are reviewed, followed by the examination of robustness principles and application limitations. Modern high-level specification languages and tools can be used for automatically analysing cryptographic protocols. Recent research work focuses on the ex-ante use of formal methods in the design stage of new security protocols, as the synthesis approach. Finally, an outline is presented on current trends for the utilisation of formal methods for the analysis and verification of modern complicated protocols and protocol suites for the real commercial world.

Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication
Author: Elad Barkan, Eli Biam, and Nathan Keller of Technion
Date: 2003

A very practical ciphertext-only cryptanalysis of GSM encrypted communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “unbreakable” ciphers. We describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer. We then extend this attack to a (more complex) cipher-text only attack on A5/1. We describe new attacks on the protocols of networks that use A5/1, A5/2, or even GPRS. These attacks are based on security flaws of the GSM protocols, and work whenever the mobile phone supports A5/2. We emphasize that these attacks are on the protocols, and are ths applicable whenever the cellular phone supports a weaker cipher, for instance they are also applicable using the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known plaintext periods, our attacks are very practical and do not require any knowledge of the context of the conversation. These attacks allow attackers to tap conversations and decrypt them either in real-time, or at any later time. We also show active attacks, such as call hijacking, altering of data messages and call theft.

GSM Security
Author: Mikko Suominen of the Helsinki University of Technology
Date: April 15, 2003

PowerPoint introduction to GSM security.

Intro to GSM
Author: Yuri Sherman

PowerPoint introduction to GSM architecture.

GSM Security
Author: Max Stepanov

PowerPoint introduction to GSM security.

GSM Attacks
Author: Gregory Greenman

PowerPoint introduction to GSM attacks.

Overview of GSM and GSM Security
Author: Tuan Huynh and Hoang Nguyen of Oregon State University
Date: June 6, 2003

In the past decade mobile communications has become one of the driving forces of the digital revolution. Everyday, millions of people are making phone calls by pressing a few buttons. Little is known about how one person’s voice reaches the other person’s phone that is thousands of miles away. Even less is known about the security measures and protection behind the system. The complexity of the cell phone is increasing as people begin sending text messages and digital pictures to their friends and family. The cell phone is slowly turning into a handheld computer. All the features and advancements in cell phone technology require a backbone to support it. The system has to provide security and the capability for growth to accommodate future enhancements. General System for Mobile Communications, GSM, is one of the many solutions out there. GSM has been dubbed the “Wireless Revolution” and it doesn’t take much to realize why. GSM provides a secure and confidential method of communication.

Secure voice over GSM and other low bit rate systems
Author: N. Katugampala, S. Villette, A. M. Kondoz

The GSM speech service is secure up to the point where speech enters the core network but over the core network it has no security. In order to have an end-to-end security, speech must be encrypted before it enters the GSM network. The reason for not using encryption at the input of the GSM handset is that the encrypted speech signal would be randomised and would not exhibit the speech like characteristics on which the GSM speech transcoding principles are based. Hence the encoded signal would be significantly distorted by the GSM transcoding process, making the resultant signal unsuitable for the decryption process. Here we present a method that allows encryption at the input to the GSM terminal by modulating the encrypted data onto speech-like waveforms, so that it goes through the GSM system with sufficient accuracy to be decoded and decrypted at the receiving end. Throughputs of 3 and 4 kb/s have been achieved with the modulation introducing 0.5% and 4% bit error rates (BER) respectively. With the addition of error correcting codes near zero BER has been achieved at 1.8 kb/s, allowing the robust transmission of the bitstream from a modern low-bit rate speech coder.
Document requires free registration.

End-to-end encryption in GSM, DECT and satellite phone networks using NSK 200 Secure Telephone System
Author: Lars Moldal (Kongsberg Defence Communications, Norway) and Torgrim Jorgensen (NERA Satcom, Norway)
Date: July 3, 2003

Description of the NSK 2000 Secure Telephone System, which uses secure encrypted handsets over an existing GSM network.
Document requires free registration.

Forensic extraction of electronic evidence from GSM mobile telephones
Author: Amanda Goode (The Forensic Science Service, UK)
Date: 2001

18 slide PowerPoint on extracting forensics data from GSM mobile telephones for use in criminal investigations.
Document requires free registration.

Interoperability and international operation of end-to-end security over mobile networks
Author: Michael Street (NATO C3 Agency, The Netherlands)

NATO presentation on end-to-end mobile security over a GSM network.
Document requires free registration.

Extending 2G end-to-end security solutions to 3G networks
Author: Terrel Sandberg and Paul Kennedy (General Dynamics Decision Systems, USA)
Date: 2003

  • The 2G Application Layer security approach may no longer be optimal. The proper location for security in the network protocol stack will need to be carefully considered.
  • IP-based 3G networks will present QoS challenges for end-to-end encrypted multimedia applications.
  • 3G data channel architecture will force end-to-end encryption application designers to devise unique solutions for PSTN interworking.
  • 3G Mobile Stations identified by dynamic IP addresses rather than phone numbers will require end-to-end encryption applications designers and/or users to become accustomed to alternate methods of establishing channels.
  • 3G networks may not ubiquitously support peer-to-peer data transfer applications. 3G revenue models are likely to mean delays and priority downgrades for specialized data services such as those needed for end-to-end encryption applications.
  • End-to-End security standards must evolve with the next generation 3G services to ensure continued transparent secure communication.

Document requires free registration.

Next generation network security
Author: Judith Rosseb (Telenor, Norway) and Scott Cadzow (C3L, France)
Date: 2003

ETSI Project TIPHON has examined a number of key issues involved in provision of security in general and also for end-to-end communication over heterogeneous networks. TIPHON aims to support requirements for confidentiality, authentication and access control, QoS, and reliability in order to create an environment for Next Generation Networks (NGN) that meets or exceeds the expectation of today’s fixed telephone network. Security is also essential to ensure that business models for NGN are sound. A threat analysis was used to determine risks involved and as a result countermeasures have been recommended that when standardized minimize the risks and enable provision of security in heterogeneous networks.
Document requires free registration.

Secure Content Distribution to Mobile Users
Author: Adrian Waller, Thales Research and Technology (UK) Ltd.
Date: November 2, 2003

Digital containers offer an alternative way of securely delivering content to consumers. They can offer many advantages, particularly for content delivery over mobile phone networks:

  • Scalability
  • Microtransactions/Micropayments compatibility
  • Content channel neutrality (heterogeneous networks, unicast/multicast/broadcast etc)
  • Possibility of DRM
  • Consumer anonymity
  • Etc.

Document requires free registration.

The deployment of secure end-to-end mobile applications
Author: Jamie Bodley-Scott (Psion Teklogix, UK) and Martin Forssen (AppGate Network Security AB, Sweden)

Outside-in thinking is thinking about the mobile worker and his environment……

Outside-in thinking looks at the task to be done and designs the whole solution to meet the exact needs of the mobile worker.

The whole solution will comprise a set of business issues and a set of technical issues which need to be considered in terms of security.
Document requires free registration.

Mobile Network Security
Author: Bart Preneel of the Katholieke Universiteit of Leuven
Date: June 2003

43 slide introduction to GSM security.

GSM Interception
Author: Lauri Pesonen
Date: November 21, 1999

The GSM standard was designed to be a secure mobile phone system with strong subscriber authentication and over-the-air transmission encryption. The security model and algorithms were developed in secrecy and were never published. Eventually some of the algorithms and specifications have leaked out. The algorithms have been studied since and critical errors have been found. Thus, after a closer look at the GSM standard, one can see that the security model is not all that good. An attacker can go through the security model or even around it, and attack other parts of a GSM network, instead of the actual phone call. Although the GSM standard was supposed to prevent phone cloning and over-the-air eavesdropping, both of these are possible with little additional work compared to the analog mobile phone systems and can be implemented through various attacks. One should not send anything confidential over a GSM network without additional encryption if the data is supposed to stay confidential.

Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards
Author: Josyula R. Rao, Pankaj Rohatgi and Helmut Scherzer (IBM) with Stephane Tinguely (Swiss Federal Institute of Technology)

Security can only be as strong as the weakest link. In the world of cryptography, it is now well-established, that the weakest link lies in the implementation of cryptographic algorithms. In particular, an easy method of attacking cryptographic hardware is to exploit the plentiful sensitive information emanating from the side-channels such as power consumption and electromagnetic radiations.

Despite the incorporation of some protection mechanisms against such attacks, many proposed countermeasures are ad hoc and as a consequence, the implementation remain vulnerable in practice. Achieving security in the presence of such side-channels still remains an elusive art.

We describe a new class of side-channel attacks called “partitioning attacks” which can be used to break implementations with ad hoc side-channel protection. We illustrate a version of the attack on several implementations of COMP128, the popular GSM authentication algorithm that has been deployed by different service providers in several types of SIM cards, to retrieve the 128 bit key using as few as 7 chosen plaintexts. Such ad hoc countermeasures are systemic in implementations of cryptographic algorithms, such as COMP128, which require the use of large tables since there has been a mistaken belief that sound countermeasures require more resources than are available. To address this problem, we describe a new resource–efficient countermeasure for protecting table lookups in cryptographic implementations.

On the Security of 3GPP Networks
Author: Michael Walker
Date: 2000

34 slide presentation on the principles of 3GPP security.

GSM (and PCN) Security and Encryption
Author: Charles Brookson
Date: 1994

GSM provised a basic range of security features to ensure adequate protection for both the operator and customer. Over a lifetime of a system threat and technology change, and so the security is periodically reviewed and changes. The technical security features must be properly supported by procedures to ensure complete security. The security provided by GSM is well in advance of similar mobile radio systems, and should ensure that it remains at the front of the field for some time to come.

However, it is vitally important that these capabilities are designed in from the start, as they will have an impact on the system requirements. Business cases should show the effect of fraud and the costs of protection.

Can you clone a GSM Smart Card (SIM)?
Author: Charles Brookson
Date: July 2002

Paper on the COMP-128 algorithms and attacks against them.

GPRS Security
Author: Charles Brookson
Date: December 2001

GPRS offers a number of security enhancements over existing GSM security. The standards themselves also offer technical features, which a network operator may choose to use. As well as these features, there are additional security technical features that may be used from proprietary and other industry organizations.

Much more important than the underlying technical features, is to ensure that they are used correctly (or even used at all!), and that all the other aspects of good security are also put into place.

Naturally, since the only secure system is only that is never turned on, and since the desire is to have a working system, both the operator and the user of GPRS must decide on which security measures to use themselves against security attacks and frauds. All these will have to be based on a risk analysis of the security threats, and the operator should attempt to identify cost-effective solutions to the various security issues. This paper discusses these issues.

GSM and GPRS Security
Author: Chengyuan Peng, Helsinki University of Technology
Date: 2000

Analog cellular phones and networks were designed with minimal security which soon turned out to be insufficient. The GSM system provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. This paper gives an overview of the security features provided in a GSM PLMN and GPRS network. Also the SIM module, which plays an important role in GSM security, is discussed.

GSM Security and Encryption
Author: David Margrave, George Mason University

The motivations for security in cellular telecommunications systems are to secure conversations and signaling data from interception as well as to prevent cellular telephone fraud. With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS), it is a relatively simple matter for the radio hobbyist to intercept cellular telephone conversations with a police scanner. A well-publicized case involved a potentially embarrassing cellular telephone conversation with a member of the British royal family being recorded and released to the media. Another security consideration with cellular telecommunications systems involves identification credentials such as the Electronic Serial Number (ESN), which are transmitted “in the clear” in analog systems. With more complicated equipment, it is possible to receive the ESN and use it to commit cellular telephone fraud by “cloning” another cellular phone and placing calls with it. Estimates for cellular fraud in the U.S. in 1993 are as high as $500 million. The procedure wherein the Mobile Station (MS) registers its location with the system is also vulnerable to interception and permits the subscriber’s location to be monitored even when a call is not in progress, as evidenced by the recent highly-publicized police pursuit of a famous U.S. athlete.

The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available, particularly in comparison to the analog systems described above. Part of the enhanced security of GSM is due to the fact that it is a digital system utilizing a speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital modulation, slow frequency hopping, and Time Division Multiple Access (TDMA) time slot architecture. To intercept and reconstruct this signal would require more highly specialized and expensive equipment than a police scanner to perform the reception, synchronization, and decoding of the signal. In addition, the authentication and encryption capabilities discussed in this paper ensure the security of GSM cellular telephone conversations and subscriber identification credentials against even the determined eavesdropper.

Modern GSM Insecurities
Author: Steve Lord
Date: January 2003

This white paper is targeted at security professionals who may be faced with a requirement to assess GSM equipment and need to develop an understanding of the key concepts within this communications technology together with the security issues currently affecting GSM. It is also suitable as a primer on existing security issues within GSM at the time of writing. This white paper begins with some background details on GSM, before explaining the equipment and processes involved within a typical mobile network infrastructure. It then moves on to developments in GSM cryptography and the feasibility of interception, before looking at tracking functionality and SIM-based issues. Finally conclusions are drawn on GSM security, with some recommended reading for those who wish to examine the subject in more detail.

GSM Security Issues
Author: Wei Zhang, Iowa State University Department of Computer Engineering
Date: November 15, 2000

Introduction to GSM security issues.

The GSM Security Technical Whitepaper for 2002
Author: The Clone and RT
Date: January 10, 2002

Introduction to GSM security.

A Contemporary Foreword on GSM Security
Author: Paulo S. Pagliusi, Information Security Group, Royal Holloway, University of London

This article contains a current outline of the GSM system security, with focus on the air interface protocol. It presents the terminology and describes the GSM security operation, including its principles and features. This document also discusses the effectiveness of GSM authentication and the strength of GSM encryption. It includes therefore the most significant physical and cryptanalytic attacks on GSM security mechanisms, such as the up to date optical fault induction and partitioning attacks. GSM security features retained and enhanced for the 3G Security and further applications in network (Internet) remote access are also contemplated. This article aims primarily at contributing to a progressive research in mobile systems security and at reviewing the security solutions implemented in this area for further applications.

GSM and 3G Security
Author: Emmanuel Gadaix
Date: April 2001

Good introduction to GSM and 3G security.

Infrastructure for a Secure Interface between Wireless and Wired Networks
Author: Chen-Nee Chuah and Mark D. Spiller
Date: December 4, 1998

Presentation on secure GSM service gateway interfaces.

End-to-end security of mobile data in GSM
Author: Juha Mynttinen Helsinki University of Technology
Date: November 27, 2000

This paper is an introduction to end-to-end security of mobile data in GSM. It concentrates on WAP security, which is problematic, because in addition to the fact that GSM and IP networks are not safe, WAP architecture presents an additional vulnerable point, the WAP gateway.

Security requirements for end-to-end security are listed and explained. Different solutions are explained and analyzed whether they meet the given security requirements. The discussed solutions are WAP transport layer end-to-end security, two secure channels approach and a content provider using its own network access point. SignText function of WMLScript is also discussed.

Cryptanalysis of Alleged A5 Stream Cipher
Author: Jovan Dj. Golic

A binary stream cipher, known as A5, consisting of three short LFSRs of total length 64 that are mutually clocked in the stop.go manner is cryptanalyzed. It is allegedly used in the GSM standard for digital cellular mobile telephones. Very short keystream sequences are generated from different initial states obtained by combining a 64-bit secret session key and a known 22-bit public key. A basic divide-and-conquer attack recovering the unknown initial state from a known keystream sequence is first introduced. It exploits the specific clocking rule used and has average computational complexity around 2^40. A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream is then pointed out. To obtain the secret session key from the determined initial state, a so-called internal state reversion attack is proposed and analyzed by the theory or critical and subcritical branching process.

A Hardware-Based Attack on the A5/1 Stream Cipher
Author: J¨org Keller and Birgit Seitz
Date: 2001

We present a known-plaintext attack on the A5/1 stream cipher, the encryption algorithm used by the GSM customers in Europe during their conversations with cellular phones. The attack differs from previous approaches in two aspects: it only needs a very small amount of plaintext, and it is not solely based on software. A crucial part of the attack algorithm is implemented in a field programmable gate array (FPGA). We present performance figures which suggest that a distributed implementation on 1,000 ASICs could recover a session key in less than a minute, from which on the conversation could be deciphered by an eavesdropper in real-time. We conclude that, at least for longer conversations, A5/1 is not secure and that its replacement might be even more urgent than for the DES algorithm, where a successor already has been announced.

Cryptanalysis of the A5/2 Algorithm
Author: Slobodan Petrovic and Amparo Fuster-Sabater

An attack on the A5/2 stream cipher algorithm is described, that determines the linear relations among the output sequence bits. The vast majority of the unknown output bits can be reconstructed. The time complexity of the attack is proportional to 2^17.

Real Time Cryptanalysis of A5/1 on a PC
Author: Alex Biryukov, Adi Shamir and David Wagner
Date: April 10, 2000

A5/1 is the strong version of the encryption algorithm used by about 130 million GSM customers in Europe to protect the over-the-air privacy of their cellular voice and data communication. The best published attacks against it require between 240 and 245 steps. This level of security makes it vulnerable to hardware-based attacks by large organizations, but not to software-based attacks on multiple targets by hackers.

In this paper we describe new attacks on A5/1, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets. After a 248 parallelizable data preparation stage (which has to be carried out only once), the actual attacks can be carried out in real time on a single PC.

The first attack requires the output of the A5/1 algorithm during the first two minutes of the conversation, and computes the key in about one second. The second attack requires the output of the A5/1 algorithm during about two seconds of the conversation, and computes the key in several minutes. The two attacks are related, but use different types of time-memory tradeoff. The attacks were verified with actual implementations, except for the preprocessing stage which was extensively sampled rather than completely executed.

A5 – The GSM Encryption Algorithm
Author: Ross Anderson
Date: June 17, 1994

A cryptanalysis of A5.

3G Security Principles
Author: Gupta Myagmar

23 slide presentation on 3G security principles.

Cellphone Security
Author: David Wagner
Date: 2002

Good overview of cell phone security.

The GSM Standard (An overview of its security)
Author: Suraj Srinivas
Date: 2001

An overview of GSM security.

Paper on GSM Security
Author: Matthew Varghese
Date: December 12, 2001

Introduction to GSM security

Mobile Payment and Security
Author: XingJiang Song – Helsinki University of Technology
Date: 2001

Mobile payment presents businesses with unrivaled new opportunities, but also with new challenges. Mobile security is one of the most urgent, and complex challenges to mobile payment. It is becoming a hot issue as web-enabled devices gain acceptance. Currently, the mobile device security is minimal, despite the number of wireless devices in use globally. As the players are only keen to get mobile payment infrastructure out to the market, this will certainly slow down the deployment of mobile payment services by consumers.

The purpose of this research is to explore mobile payment and security in order to find out cons and pons of the current mobile payment services. Due to the fact that mobile payment services involves multiple parties, including operators, banks, and network( terminal ) vendors, therefore their business opportunities are also analysed.

Authentication and Security in Wireless Phones
Author: Greg Rose – Qualcomm Australia

Overview of authentication and security in wireless phones.

Security in GSM
Author: Yong Li, Yin Chen, Tie-Jin MA

Overview of GSM security.

Privacy and Security in Wireless Networks (Part I)
Author: Anthony D. Joseph
Date: October 18, 2000

Overview of privacy and security in wireless networks

Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards
Author: Bruce Schneier and Adam Shostack
Date: October 19, 1999

Smart card systems differ from conventional computer systems in that different aspects of the system are not under a single trust boundary. The processor, I/O, data, programs, and network may be controlled by different, and hostile, parties. We discuss the security ramifications of these “splits” in trust, showing that they are fundamental to a proper understanding of the security of systems that include smart cards.

GPRS Wireless Security: Not Ready For Prime Time
Author: Ollie Whitehouse
Date: June 2002

Mobile GPRS devices contain built-in support for Internet Protocol (IP) networks. Network operators installing next generation equipment often believe handsets are isolated from potentially more sensitive parts of the network operator’s infrastructure. In @stake’s experience, however, mobile equipment users are separated from critical network components by only one or two IP devices. Thus, a compromise of one of these IP devices places the operation of the entire network at risk.

Security in GPRS
Author: Geir Stian Bjåen and Erling Kaasin
Date: June 2001

GPRS offers the user an “always on” connection to Internet and Intranet. Some of the services may require high level of security. This can be financial transaction over the Internet, or exchange of confidential documents from a company’s Intranet to an employee. It is important to have strong focus on the security, so companies and persons that demand high level of security can take advantage of the services GPRS offered. What normally happens is that the services wins against the security. This is in most cases adequate security for what a normal subscriber requires.

This thesis covers which security functions that exists in GPRS, the threats it meets, how to avoid attacks, and the consequences for the attacked part. The thesis is also meant for the Ericsson AS’ employees as a supplement to their knowledge about GPRS security issues.

The GPRS has inherited most of the security threats that exists in the GSM system. In addition the GPRS encounter new and bigger challenges. This since GPRS employs IP technology and it is connected to the Internet. Threats to the GPRS are not only from the insecure public network, Internet. Attacks on the data at the air interface, or operators handling of data that are transmitted or stored in their network, can also be a threat.

Mobile terminals and GPRS equipment are the two main areas that need to be protected from the GPRS point of view. This also includes protection of subscriber information and other information that is stored in the GPRS network. Firewalls and Border Gateways are used to protect the mobile terminals and the GPRS equipment from external network and other operators network. The placements of firewalls are complicated because of the different connections it has to handle, and what routing procedure the GPRS operator uses. This thesis treats the subject of placement of firewalls.

During the work with the thesis we got the possibility to participate and execute tests on the GPRS system in order to evaluate its security. These tests were done at Ericsson AS’s test lab in Grimstad, and we choose to focus the test on how the new GPRS node in the operators network can be attacked. This thesis includes a description and the results from the test.

The results from the test gives an indication on how difficult it is to get access to the GPRS node, and what possibilities an intruder has if he gets access.

Subscriber Authentication and Security in Digital Cellular Networks and Under the Mobile Internet Protocol
Author: Howard Wolfe Curtis
Date: 2001

Mobile communications and wireless Internet access are rapidly changing how people communicate with one another, conduct business, and access information on the Internet. The promise of communications and information access anytime, anywhere, however, brings with it new security risks. This study employs subscriber, or user, authentication as a focal point to highlight broader trends and issues in the evolution of security for wireless networks. Subscriber authentication is explored in second-generation digital cellular communications networks, third-generation digital cellular networks, and the Mobile Internet Protocol for wireless Internet access. The study also explores proposals for security enhancements to the GSM (Global System for Mobile Communications) protocol in the area of security enhancements, and a spectrum of research projects conducted in the optimization of public-key cryptography for application in wireless networking environments. The evolving consideration of public-key versus private-key approaches to security and authentication in wireless networks is addressed from the standpoints of encryption algorithms, security architectures, and relative performance concerns.

GSM: Security by obscurity
Author: (In German)

Wie die Datenschleuder berichtete, hatte sich das GSM MoU (Memorandum of Understanding, ein Industriekonsortium, das den GSM-Standard entwickelt und vorantreibt) entschlossen, die für die Authentifizierung und Verschlüsselung im GSM verwendeten Algorithmen geheimzuhalten. Der für die Verschlüsselung verwendete Algorithmus A5 ist (in zwei Varianten, A5/1 mit ein bisschen Sicherheit, A5/2 mit noch weniger Sicherheit) bei allen Netzwerken und Telefonen im GSM identisch, eine fast korrekte Implementation kursiert seit Jahren im Internet.

CCC klont D2 Kundenkarte
Author: GSM cloning (in German)

Achtung! Alle hier dargestellten Verfahren, Programme, Source Codes, Hardware etc. werden ausschließlich für Zwecke der Forschung und Bildung publiziert! Der CCC e.V. übernimmt keinerlei Haftung für Schäden oder juristische Probleme jeder Art.

Das Auslesen einer GSM-Karte oder andere Handlungen, die untenstehend für Bildungszwecke dokumentiert wurden, könnten möglicherweise illegal sein. Die Benutzung eines Clones einer fremden Karte ist definitiv illegal. Der CCC e.V. lehnt solche Handlungen strikt ab und fordert in keinster Weise dazu auf.

Die Dokumentation dient ausschließlich der nachvollziehbaren Darlegung des Sicherheitsproblemes in GSM-Netzen.

Secure VPN Deployment in GPRS Mobile Networks
Author: Christos Xenakis, Evangelos Gazis and Lazaros Merakos
Date: 2002

The growth of the Internet and the success of mobile networks suggest that the next trend will be an increasing demand for mobile access to Internet applications. It is therefore increasingly important that mobile radio networks support these applications in an efficient manner. Moreover, in such a hybrid environment, where clients are connecting to ever growing networks in an ad-hoc fashion, the security requirements of such practices become even more important. An end-to-end Virtual Private Network (VPN) deployment scenario over the GPRS mobile network is presented and analyzed. The VPN deployment is based on the IPsec protocol suite. A specific protocol configuration of the IPsec is proposed, in order to make it operational on a mobile network environment. The potential incompatibility problems that may arise from the integration of different technologies are elaborated. Finally, a qualitative evaluation of the proposed VPN scheme and the outline of an alternative approach for future work are presented.

Mobile VPNs for Next Generation GPRS and UMTS Networks
Author: Alex Shneyderman with Abbas Bagasrawala and Alessio Casati
Date: 2000

The concurrent evolution of computing, microelectronics, wireless data technologies, and the Internet have given rise to a new trend in global telecommunications – data mobility. There are now about 100 million hosts connected to the Internet, and this number is almost doubling yearly. With mobile subscribers expected to surpass one billion by 2003 (about half of which will be worldwide business users), wireless data is definitely a communications technology whose time is fast approaching.

These skyrocketing subscriber numbers combined with recent technology advances are generating fast growing interest in the emerging Third Generation (3G) wireless data standards, which among other things specify the higher data rates necessary for wireless traffic. As this technology converges with the exponential growth of the Internet, network-based, Mobile Virtual Private Networks (VPNs) will become the major enabling technology for communicating business information via public networking infrastructures. Indeed businesses today already are looking to wireless carriers for Mobile VPNs (and other value-added IP services) as they attempt to cope with global on-demand communications, complex applications, productivity requirements, and shortages of IT talent. In the next few years, an enormous market opportunity clearly awaits wireless carriers who can meet demands for such advanced services.

Two wireless packet data technologies – General Packet Radio Service (GPRS), a packet data overlay to the existing GSM and TDMA networks and Universal Mobile Telecommunication System (UMTS), the next generation of GSM/GPRS technologies – are central to the ability to provide high speed Mobile VPNs. These technologies provide necessary architectural framework for private mobile communications through the public Internet. This paper will focus on Mobile VPN services, comparing and contrasting circuit and packet approaches to wireless data. It also will examine the design and implementation of Mobile VPNs within GPRS and UMTS cellular systems.

SIM Doctor 6 User’s Manual
Author: MultiNumber, Inc.
Date: 2002

Users Manual for a SIM cloning device.

An implementation of the GSM A3A8 algorithm. (Specifically, COMP128)
Author: Marc Briceno, Ian Goldberg, and David Wagner
Date: April 1998

The COMP128 algorithm in C source code.

A pedagogical implementation of A5/1
Author: Marc Briceno, Ian Goldberg, and David Wagner
Date: 1999

The A5/1 algorithm in C source code.

VN:F [1.9.22_1171]
Rating: 7.0/10 (3 votes cast)
GSM Security Papers, 7.0 out of 10 based on 3 ratings