Global System for Mobile Communications, also known as “GSM”, is a international standard set developed by the European Telecommunications Standard Institute (ETSI) to describe the technology for 2G. In the security aspect, there is this 2nd Generation (2G) and the 3rd Generation (3G).
For 2G GSM Security, the private key will encrypts message to server. The server will generate random number for session key. The process for the security consists of A3 Key Negotiation, A8 Key Generation and A5 Encryption. A3 means the algorithm used by a GSM network to authenticate a GSM mobile phone. While A8 means the algorithm used to exchange a session key so that it can be used to encrypt voice and data calls. And A5 means the algorithm used for encryption in GSM mobile phones.
The security features can come from many components such as:
• User
• Subscriber
• Terminal equipment
• Network operator
• Service provider
And when we talk about User Security Features, we need to consider these:
• “Location, Identity, and Traffic” Confidentiality
• Access control
• Traffic integrity
In addition, for Subscriber Security Features, there is a need for integrity of charging data, charging limitation, privacy of charging data, user action authorization when required and the subscriber access to service profile. This is to ensure that the subscriber of the landline is charge correctly for his/her usages. For terminal equipment like the mobile phone, the location should be confidential.
Also, network operator security can have blacklisting of users, tracing of users/terminal equipment in case of emergency etc.
Some of the threats are the software developed to decrypt GSM faster than before. This is a video on the breaking of GSM phone privacy.
This is a long duration video, so if you have the time. Go and watch it!
Some other threats include eavesdropping, where important information like credit card, banking information is eavesdropped. The hacker can record the calls and decode them later for sourcing out important information. They can also eavesdropped SMS and web authentication. Other threats like man-in-the-middle and impersonation of a user/network
A solution to GSM phone privacy is to have stronger cryptography, by using stronger encryption and the security of the secret keys used to unlock the encryption. Having a strong end-to-end encryption will be harder for hackers to eavesdrop your calls. However, more research is needed on the security aspect of GSM. The recent A5 version 3 encryption prove that it can still be cracked although it is a stronger version of A5 encryption presented by 3rd Generation Partnership Project (3GPP). Anyway, the bad thing is it had not been used yet, largely due to the massive overhead, computations and other requirements.
Reference
http://en.wikipedia.org/wiki/GSM
http://srg.cs.uiuc.edu/MobilSec/posted_docs/Motorola_Slides.ppt
http://www.cellcrypt.com/gsm-cracking#BlackHat2010
http://www.talkandroid.com/wp-content/uploads/2010/12/gsm.jpeg?3995d3
http://www.dreamstime.com/encryption-key-thumb7785717.jpg
hello hello..the threats and solutions on GPRS you have there is informative. I enjoyed reading your posts. One point to take note is that your image is quite small. It will be better if you would to expand the image. Maybe you could give some examples of the threats happening such as a hacker denied the service by jamming the GPRS service etc. What are some of the seven GPRS encryption algorithms as stated? I like the video as it is straight-forward, briefly describing on the different Generations of Mobile Network and its speed. A diagram on signalling plane will help definitely help us understand better. Informative Post of GPRS! Good!
ReplyDeletenadhirah mok
1006230E
HELLLLLLLOOOOOOOOOO! :D
ReplyDeleteYour post is great as i'm able to understand what you are trying to explain on GSM. Not only that, you have even post in videos and pictures which would be much easier for other readers to understand. Also, your post is not too wordy where the readers would not be bored after reading the first paragraph and would consider continuing it. Overall, i find that your post is great and beneficial to the readers. :)
Done by XueYi.
Hello ah hock,
ReplyDeleteThe post on GSM is clear and made me fully understand what you were trying to bring across to the viewers. The information were very detailed yet not too hard for me to understand as it was explained.
The places where you could improve are to create sub headers which would identify when does the paragraph start talking about a particular item. I feel that you made good use of the font color to bring out the points that you want the viewer to know.
Loh Jia Jun, 1002904I
Hi,
ReplyDeleteYou have clearly described and kept focused on encryption and decryption in GSM. But I suggest you to elaborate more on threats and other possible solutions as well. For your video, even though it took about a manner of time to watch, it's quite interesting.