presentation one-gsm
TRANSCRIPT
Presented by :
Abu Sadat Mohammed Yasin
Debotosh Dey
Cryptography and Information Security
Topic: GSM Security Overview
Content
Introduction
Architecture
Security Concern
Security Features
Security model
Security Algorithms
A3, The MS Authentication Algorithm
A8, The Voice-Privacy Key Generation Algorithm
A5/1 Stream Cipher
A5/1 (Key Generation)
Conclusion
GSM: Introduction
GSM - Group Special Mobile or General System for
Mobile Communications.
GSM is the Pan-European standard for digital cellular
communications.
GSM was established in 1982 within the European
Conference of Post and Telecommunication
Administrations (CEPT).
In 1991 the first GSM based networks commenced
operations.
GSM: Architecture
GSM: Architecture
A GSM network is made up of three subsystems:
The Mobile Station (MS)
Mobile Equipment (ME) Physical mobile device
Identifiers
IMEI – International Mobile Equipment Identity
Subscriber Identity Module (SIM) Smart Card containing keys, identifiers and algorithms
Identifiers
Ki – Subscriber Authentication Key
IMSI – International Mobile Subscriber Identity
TMSI – Temporary Mobile Subscriber Identity
MSISDN – Mobile Station International Service Digital Network
PIN – Personal Identity Number protecting a SIM
LAI – location area identity
GSM: Architecture
The Base Station Sub-system (BSS)
Comprising a Base Station Controller (BSC) and
Several Base Transceiver Stations (BTS)s
The Network and Switching Sub-system (NSS)
comprising an Mobile services Switching Center (MSC) and
associated registers Home Location Register (HLR),
Authentication Center (AuC), Visitor Location Register (VLR)
The interfaces defined between each of these sub
systems include:
'A' interface between NSS and BSS
'Abis' interface between BSC and BTS (within the BSS)
'Um' air interface between the BSS and the MS
GSM: Security Concerns
Operators
Bills right people
Avoid fraud
Protect Services
Customers
Privacy
Anonymity
GSM: Security Features
Key management is independent of equipment Subscribers can change handsets without compromising
security
Subscriber identity protection not easy to identify the user of the system intercepting a
user data
Detection of compromised equipment Detection mechanism whether a mobile device was
compromised or not
Subscriber authentication The operator knows for billing purposes who is using the
system
Signaling and user data protection Signaling and data channels are protected over the radio
path
GSM: Security Features
The security mechanisms of GSM are implemented
in three different system elements:
The Subscriber Identity Module (SIM) - The SIM
contains the International Mobile Subscriber IdentityIMSI, the individual subscriber authentication key (Ki), the
ciphering key generating algorithm (A8), the
authentication algorithm (A3), as well as a Personal
Identification Number(PIN).
The GSM handset - The GSM handset contains the
ciphering algorithm (A5).
The GSM network - The encryption algorithms (A3, A5,
A8) are present in the GSM network
GSM: Security Model
Mobile station authentication
GSM: Security Algorithms.
A3, The MS Authentication Algorithm
A8, The Voice-Privacy Key Generation Algorithm
A5/1, The Strong Over-the-Air Voice-Privacy
Algorithm
GSM: A3, The MS Authentication Algorithm
Inputs are
the RAND from the MSC
the secret key Ki from the SIM
generates a 32-bit output, which is the SRES
response.
A3
RAND (128 bit)
Ki (128 bit)
SRES (32 bit)
GSM: A8, The Voice-Privacy Key Generation Algorithm
Inputs are
the RAND from the MSC
the secret key Ki from the SIM
generates a 64-bit output, which is Session Key
Kc.
A8
RAND (128 bit)
Ki (128 bit)
KC (64 bit)
GSM: A5/1 Stream Cipher
Combination of 3 linear feedback shift registers
(LFSRs)
Each register has an associated clocking bit.
The registers are clocked in a stop/go fashion
using a majority rule.
GSM: A5/1 Stream Cipher
At each cycle, the clocking bit of all three registers is examined
and the majority bit is determined.
A register is clocked if the clocking bit agrees with the majority
bit.
At each step at least
two or three registers
are clocked.
GSM: A5/1 Stream Cipher(Example)
Majority of clock bit (1,0,1) = 1
First and third LFSRs will be clocked but not thesecond.
1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 0 1
1 1 1 0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1 0 0 0 1
1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1
GSM: A5/1 Stream Cipher(Example)
1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 0 1
0 1 1 1 0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1 0 0 0
0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0
Keystream bit will be 0 1 0 = 1
GSM: A5/1 Stream Cipher (Initialization)
64-bit Session Key loaded in to the LFSR(bit by bit)
The majority clocking rule is disabled
22-bit frame number is also loaded into the register
The majority clocking rule applies from now on.
The registers are clocked one hundred times.
Generated keystream bits are discarder.
In order to mix the frame number and keying material
together.
GSM: A5/1 (Key Generation)
228 bits of keystream output are generated.
The first 114 bits are used to encrypt the frame from
MS(Mobile Station) to BTS(base transceiver station).
The next 114 bits are used to encrypt the frame from BTS
to MS.
The same Session Key is used throughout the call,
but the 22-bit frame number changes during the
call, that is why, A5 algorithm is initialized again
with the same session key and the number of the
next frame.
Conclusion
GSM is the most widely used cellular network
standard.
Security mechanism specified in the GSM make it a
secure cellular telecommunication available.
The use of authentication, encryptions ensures the
privacy and anonymity of the system’s users.
_________
_____
__