Security & Encryption In Gsm , Gprs & Cdma

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Security & Encryption In Gsm , Gprs & Cdma as PDF for free.

More details

  • Words: 17,150
  • Pages: 77
Security and Encryption in GSM, GPRS, CDMA System

Abstract In any mobile system, it is important to send or receive or any kind of data in security situation, it is important to reach to the services in any time, it is also important to not any one to use other accounts. All these threats require good security in the mobile system. This project will discuss security issue. Security is complex subject, so the project tries to view this feature in easy way without review all details, because that the main goal is to explain what is the security in mobile systems (GSM ,GPRS and CDMA)? There are security mechanism in mobile system which will be explained in this project and these mechanism applied by vary algorithms and functions. As seen to GSM system, The GSM was designed to be a secure mobile phone system with strong subscriber authentication and over-the-air transmission encryption. The security model and algorithms were developed in secrecy and were never published. Eventually some of the algorithms and specifications have leaked out. The algorithms have been studied since and critical errors have been found. Thus, after closer look at the GSM standard, one can see that the security model is not all that good. An attacker can go through the security model or even around it, and attack other parts of a GSM network, instead of the actual phone call. The security was improved in the CDMA system to avoid the weaknesses in the GSM system, the improvement appeared clearly in authentication, confidentiality and integrity procedure. The GSM,GPRS and CDMA architectures must be explained before studying security. Chapter one explain the important 3G elements and their functional. In chapter two, the project explain the main security aspects as the security architecture, security requirement and security services authentication, confidentiality and integrity. The Authentication and Key Agreement (AKA) which means the authentication procedures, data encryption (data confidentiality) and data integrity will be explained more in chapter three. These services make by algorithms and functions varies from generation to other, due to that are complex and some of that still secrecy, it is not explained in detail. To study AKA procedures more deeply we will present in chapter four program that simulates the AKA and algorithms used in GSM.

Security and Encryption in GSM, GPRS, CDMA System

1

Security and Encryption in GSM, GPRS, CDMA System

GSM (Global System for Mobile communications) 1.1.1-Introduction [1] In the early 1980s many countries in Europe witnessed a rapid expansion of analog cellular telephone system however, each country developed its own system, and interoperability across borders became limiting factor. In 1982, the conference of European post and telecommunications (CEPT), an association of telephone and telegraph operators in Europe, established a working group to develop a new public land mobile system to span the continent. Because their working language was French, the group was called the group special mobile (GSM).

1.1.2-GSM Properties [15] •

cellular radio network



digital transmission up to 9600 bit/s



roaming (mobilität among different network providers, international)



Good transmission quality (error recognition and correction)



scalable (große Teilnehmerzahlen möglich)



worldwide 900 million subscribers



Europe : over 300 million subscribers



security mechanisms provided (authentication, authorisation, encryption)



good usage of resources (frequency- and time-multiplex)



integration with ISDN and analogue telephone network



standard (ETSI, European Telecommunications Standards Institute)

Security and Encryption in GSM, GPRS, CDMA System

2

Security and Encryption in GSM, GPRS, CDMA System

Fig 1.1 architecture of The GSM network [1]

1.1.3.1The Mobile Station

[2]

The Mobile Station (MS) is the user equipment in GSM. The MS is what the user can see of the GSM system. The station consists of two entities, the Mobile Equipment (the phone itself), and the Subscriber Identity Module (SIM), in form of a smart card contained inside the phone.

1.1.3.2 The Base Transceiver Station

[2]

The Base Transceiver Station (BTS) is the entity corresponding to one site

communicating with the

Mobile Stations. Usually, the BTS will have an antenna with several TRXs (radio transceivers) that each communicate on one radio frequency. The link-level signaling on the radio-channels is interpreted in the BTS, whereas most of the higher-level signaling is forwarded to the BSC and MSC. Speech and data-transmissions from the MS is recoded in the BTS from the special encoding used on the radio interface to the standard 64 kbit/s encoding used in telecommunication networks. Like the radio-interface, the Abis interface between the BTS and the BSC is highly standardized, allowing BTSs and BSCs from different manufacturers in one network.

Security and Encryption in GSM, GPRS, CDMA System

3

Security and Encryption in GSM, GPRS, CDMA System

1.1.3.3The Base Station Controller

[2]

Each Base Station Controller (BSC) controls the magnitude of several hundred BTSs. The BSC takes care of a number of different procedures regarding call setup, location update and handover for each MS.

1.1.3.4 The Mobile Switching Centre

[2]

The Mobile Switching Centre is a normal ISDN-switch with extended functionality to handle mobile subscribers. The basic function of the MSC is to switch speech and data connections between BSCs, other MSCs, other GSM-networks and external non-mobile-networks. The MSC also handles a number of functions associated with mobile subscribers, among others registration, location updating and handover. There will normally exist only a few BSCs per MSC, due to the large number of BTSs connected to the BSC. The MSC and BSCs are connected via the highly standardized A-interface [GSM0808]. However, due to the lack of standardization on Operation and Mangement protocols, network providers usually choose BSCs, MSCs and Location Registers from one manufacturer.

1.1.3.6 The Base Station Controller

[2]

Each Base Station Controller (BSC) controls the magnitude of several hundred BTSs. The BSC takes care of a number of different procedures regarding call setup, location update and handover for each MS.

1.1.3.7 The Equipment Identity Register

[2]

The Equipment Identity Register (EIR) is an optional register. Its purpose is to register IMEIs of mobile stations in use. By implementing the EIR the network provider can blacklist stolen or malfunctioning MS, so that their use is not allowed by the network.

1.1.4- Subsystems [15]

• BSS: GSM net several BSS, 1 BSC/BSS • BTS: radio equipments. Forms a radio cell. • BSC • Reserves

frequencies (frequency/ch. assignment)

• Handles handovers Security and Encryption in GSM, GPRS, CDMA System

4

Security and Encryption in GSM, GPRS, CDMA System •

Radio Sub System (RSS) - RSS = MS + BSS

- BSS = BTS+ BSC •

Network Sub System (NSS)

- NSS = MSC+ HLR + VLR + GMSC - Operation Sub System •

OSS = EIR + AuC

1.1.5 GSM –Frequencies [15] GSM-900: •

Uplink: 890,2 MHz – 915 MHz (25 MHz)



Downlink: 935,2 MHz – 960 MHz (25 MHz)



Uplink-Downlink distance: 45 MHz

Frequency Division Multiple Access [15] •

Channels are 200 kHz wide.



124 pairs of channels

Time Division Multiple Access •

8 connections each channel



Theoretical 124*8 = 992 channel to use.



Uplink: 1725,2 - 1780,4 MHz



Downlink: 1820,2 - 1875,4 MHz



Uplink-Downlink distance: 95 MHz



384 pairs of channels

GSM-1800:

Security and Encryption in GSM, GPRS, CDMA System

5

Security and Encryption in GSM, GPRS, CDMA System

1.1.6 GSM 900 and GSM 1800 [15]

Frequency band Border spacing Duplex spacing Carrier spacing Carriers Timeslots per carrier Multiple access Typical cell range Handset Power

GSM 900 890-915 MHz 935-960 MHz 25 MHz 45 MHz 200 kHz 124 8 TDMA/FDMA <300m – 35 km 0.8 & 8 W

GSM 1800 1710-1785 MHz 1805-1880 MHz 75 MHz 95 MHz 200 kHz 374 8 TDMA/FDMA <100m – 15 km 0.25 & 1 W

Table 1.1 GSM 900 and GSM 1800

GSM link [15] •

Full rate-Channel (Speech)

13 kBit/s •

Half rate-Channel (Speech)

6,5 kBit/s •

GSM-Data-Channel

9,6 kBit/s 1.1.7

FDMA and TDMA

Security and Encryption in GSM, GPRS, CDMA System

6

Security and Encryption in GSM, GPRS, CDMA System Fig 1.2

FDMA in GSM 900 Fig 1.3 TDMA in GSM 900

GPRS General Packet Radio Service 1.2.1 GPRS Introduction [4] The basics of GPRS are rapidly explained; its history, standards and applications are presented, but the frantic concision of the paragraphs seems to betray An impersonal approach to the material. Data communication needs:

1.2.3.1 Circuit switching [4] Is a mode in which a connection (or circuit) is established from the point of origin of a data transfer to the destination. Network resources are dedicated for the duration of the call until the user breaks the connection. Using these resources, data can be transmitted or receive either continuously or in bursts, depending on the application. Since resources remain dedicated for the entire duration of a data call, the number of subscribers that the network can support is limited. Security and Encryption in GSM, GPRS, CDMA System

7

Security and Encryption in GSM, GPRS, CDMA System

1.2.3.2 Packet switching [4] Is a mode in which resources are assigned to a user only when data needs to be sent or receives. Data is sent in packets, which are routed across the network along with other user traffic. This technique allows multiple users to share the same resources, thus increasing capacity on the network and managing resources quite effectively. However, the technique does place some limitations on data throughput. Experience has shown that most data communication application network (such as a LAN, WAN, the Internet, or a corporate Intranet), but that does not mean they are sending and receiving data at all times. Furthermore, data transfer needs generally are not symmetrical

1.2.4 Properties [15] •

Packet mode service (end-to-end)



Data rates up to 171,2 kbit/s (theoretical), effectively up to 115 Kbit/s



Effektive und flexible Verwaltung der Luftschnittstelle



Adaptive channel coding



Standardized interworking with IP- and X.25 networks



dynamic resource sharin with the „classic“ GSM voice services



advantage: billing per volume, not per connection time

1.2.5 Data services in GPRS [7] • GPRS (General Packet Radio Service) •

Packet switching

using free slots only if data packets ready to send (e.g., 115 kbit/s using 8 slots temporarily) Standardization 1998, introduced 2000 •

GPRS network elements GSN (GPRS Support Nodes)



GGSN (Gateway GSN)



Interlocking unit between GPRS and PDN (Packet Data Network)



SGSN (Serving GSN)



supports the MS (location, billing, security)



GR (GPRS Register)



User addresses

Security and Encryption in GSM, GPRS, CDMA System

8

Security and Encryption in GSM, GPRS, CDMA System

Fig 1.4 of the GPRS network

1.2.6.1 SGSN - Serving GPRS Support Node • SGSN responsible for delivery of data packets from and To mobiles • One per service area (i.e. per BSC) • Roles: – Packet routing and transfer – attach/detach and location management – Logical link management – Authentication and charging • Location register stores location information (e.g., Current cell, current VLR) and user profiles (IMSI, Address) for all GPRS users registered with this SGSN

Security and Encryption in GSM, GPRS, CDMA System

9

Security and Encryption in GSM, GPRS, CDMA System

1.2.6.2 GGSN - Gateway GPRS Support Node • Interface between GPRS backbone and external packet Data networks (IP/X.25/etc.) • Converts GPRS packets coming from SGSN into packet Data protocol format • Sends packets out on corresponding packet data Network • Incoming data packets’ addresses (e.g. IP) converted to GSM address of destination user • Re-addressed packets sent to responsible SGSN– GGSN stores current SGSN address of station in Location Register • Also some authentication and charging

1.2.7 SPEED [4] Theoretical maximum speeds of up to 171.2 kilobits per second (kbps) are achievable with GPRS using all eight timeslots at the same time. This is about three times as fast as the data transmission speeds possible over today's fixed telecommunication networks and ten times as fast as current Circuit Switched Data services on GSM networks.

1.2.8GPRS – Interoperation [8] • GGSN is interface to external packet data Networks for several SGSNs • SGSN may route its packets over several Different GGSNs to reach different packet data Networks • All GSNs are connected via IP-based GPRS Backbone network • Within backbone, GSNs encapsulate the PDN Packets and tunnel them using GPRS Tunneling Protocol (GTP)

1.2.9.1GPRS – Backbone networks [15] • Two kinds GPRS backbone: – Intra-PLMN backbone networks connect GSNs of same PLMN for private IP-based Networks of GPRS network provider – Inter-PLMN backbone networks connect GSNs of different PLMNs • Roaming agreement between two GPRS Network providers necessary from interPLMN backbone

Security and Encryption in GSM, GPRS, CDMA System

10

Security and Encryption in GSM, GPRS, CDMA System

1.2.9.2 GPRS – Intra- and Inter-PLMN Backbones • Two intra-PLMN backbone networks of different PLMNs connected with an inter-PLMN backbone. • Gateways between PLMNs and the External inter-PLMN backbone are called Border gateways. • Border gateways perform security Functions to protect private intra-PLMN Backbones against unauthorized users And attacks

1.2.10 GPRS – Interfaces [15] •

Gn/Gp: between two GSNs , allow GSNs to exchange user profiles when a mobile Station

moves from one SGSN area to another •

Gf: between SGSN and EIR , Allow SGSNs to query IMEI of a mobile station trying To

register with the network •

Gi: between PLMN and external public or private PDNs (e.g. Internet/corporate intranet)



Gr: between HLR and SGSN , HLR stores user profile, current SGSN address and The

PDP address (es) for each GPRS user in PLMN.SGSN informs HLR about current location of the Station. When station registers with new SGSN, HLR sends User profile to new SGSN •

Gc: between HLR and GGSN , used by GGSN to query user's location and profile in Order to

update its location register •

Gs: between SGSN and MSC/VLR, MSC/VLR may be extended with functions and Register

entries. allow efficient coordination between packet switched And circuit switched services E.g. combined GPRS and non GPRS location Updates , combined attachment procedures– Paging requests of circuit switched GSM calls can be Performed via SGSN •

Gd: between SGSN and SMS gateway MSC , SMS messages can be exchanged via GPRS

1.2.11 NEW APPLICATIONS, BETTER APPLICATIONS [4] GPRS facilitates several new applications that have not previously been available over GSM networks due to the limitations in speed of Circuit Switched Data (9.6 kbps) and message length of the Short Message Service (160 characters). GPRS will fully enable the Internet applications you are used to on your desktop from web browsing to Security and Encryption in GSM, GPRS, CDMA System

11

Security and Encryption in GSM, GPRS, CDMA System chat over the mobile network. Other new applications for GPRS, profied later, including file transfer and home automation-the ability to remotely access and control in-house appliances and machines. A wide range of corporate and consumer applications are enabled by no voice mobile services such as SMS and GPRS. This section will introduce those that are particularly suited to GPRS.

Applications [4] 1-Chat 2- Textual and visual information 3- Still images 4- Moving images 5- web browsing 6-Audio 7-Internet email

1.2.13 SERVICE ACCESS [15] To use GPRS, users specifically need: •

A mobile phone or terminal that supports GPRS (existing GSM phones do NOT support GPRS)



A subscription to a mobile telephone network that supports GPRS



Use of GPRS must be enabled for that user. Automatic access to the GPRS may be allowed by

some mobile network operators, others will require a specific opt-in •

Knowledge of how to send and/or receive GPRS information using their specific model of

mobile phone, including software and hardware configuration (this creates a customer service requirement) •

A destination to send or receive information through GPRS. Whereas with SMS this was often

another mobile phone, in the case of GPRS, it is likely to be an Internet address since GPRS is designed to make the Internet fully available to mobile users for the first time. From day one, GPRS users can access any web page or other Internet applications-providing an immediate critical mass of uses. •

Having looked at the key user features of GPRS, lets look at the key features from s network

operator perspective.

Security and Encryption in GSM, GPRS, CDMA System

12

Security and Encryption in GSM, GPRS, CDMA System

CDMA (Code division multiple access) 1.3.1 Background history [4] Code Division Multiple Access (CDMA) is a radically new concept in wireless communications. It has gained widespread international acceptance by cellular radio system operators as an upgrade that will dramatically increase both their system capacity and the service quality. It has likewise been chosen for deployment by the majority of the winners of the United States Personal Communications System spectrum auctions. It may seem, however, mysterious for those who aren't familiar with it. This site is provided in an effort to dispel some of the mystery and to disseminate at least a basic level of knowledge about the technology. CDMA is a form of spread-spectrum, a family of digital communication techniques that ,have been used in military applications for many vears. The core principle of spread spectrum is the use of noise-like carrier waves, and, as the name implies, bandwidths much wider than that required for simple point-to-point communication at the same data rate. Originally there were two motivations: either to resist enemy efforts to jam the communications (anti-jam, or AJ), or to hide the fact that communication was even taking place, sometimes called low probability of intercept (LPI). It has a history that goes back to the early days of World War 11. The use of CDMA for civilian mobile radio applications is novel. It was proposed theoretically in the late 1940's, but the practical application in the civilian marketplace did not take place until 40 years later. Commercial applications became possible because of two evolutionary developments. One was the availability of very low cost, high density digital integrated circuits, which reduce the size, weight, and cost of the subscriber stations to an acceptably low level. The other was the realization that optimal multiple access communication requires that all user stations regulate their transmitter powers to the lowest that will achieve adequate signal quality.

1.3.2 overview of Division Multiple Access [4] It is easier to understand CDMA if it is compared with other multiple access technologies . The following sections describe tlle fundamental differences between a frequency division Multiple Access Analog technology (TDMA), a Time Division multiple Access Digital technology (TDMA)

Security and Encryption in GSM, GPRS, CDMA System

13

Security and Encryption in GSM, GPRS, CDMA System

1.3.2.1. Frequency' Division Multiple Access Each Frequency Division Multiple Access (FDMA) subscriber is using the same medium (air) for communicating, but they are assigned a specific frequency channel. While they are using the frequency channel, no one else in that cell or neighboring cell can use the frequency channel. FDMA Cocktail Party (analogy) Two users have continuous access to the room. But, no one else can use the room

1.3.2.2 Time Division. Multiple Access Time Division Multiple Access (TDMA) subscribers share a common frequency channel, but use the channel only for a short time. They are each given a time slot and allowed to transmit during that time slot only. When all of the available time slots in a given mquency are used the next user must be assigned to a time slot on another frequency. TDMA Cocktail Par(j! (analogy) Subscribers have access to the same room, but only a pair of them can use the room for a short time. Then they must leave and another couple enters. Throughout the evening, the subscribers rotate usage of the room.

1.3.2.3 Code Division Multiple Access [4] Code Division Multiple Access subscribers share a common channel (frequency). All users are on the same frequency at the same time, they are divided however by codes. CDMA Cocktail Par v (analogy) All subscribers are in the same room together. They can be all talking at the same time. They can be grouped together or standing across the room from each other. Unlike the other two multiple access systems, they do not have to leave the room!

1.3.3 Types Of CDMA [4] Three are two types of CDMA: 1.3.3.1 Frequency-Hopping:

Security and Encryption in GSM, GPRS, CDMA System

14

Security and Encryption in GSM, GPRS, CDMA System Each user's narrowband signal hops among discrete frequency, and the receiver follows in sequence FrequencyHopping Spread Spectrum (FHSS) CDMA is not currently used in wireless system, although by the military

Frequency Hopping CDMA

FIG 1.5 Frequency-Hopping Spread Spectrum

1.3.3.2 Direct sequence : Narrowband input from a user is coded (“spread”) by user-unique broadband code .then transmitted broadband signal is receiver, receiver knows, applies user’s code ,recovers users’ data direct sequence spread spectrum (DSSS) CDMA IS the method used in IS 95 commercial systems

1.3.4 CDMA2000: Delivering on 3G [15] Security and Encryption in GSM, GPRS, CDMA System

15

Security and Encryption in GSM, GPRS, CDMA System CDMA2000 represents a family of ITU-approved. IMT-2000 (3G) standard and network capacity to meet growing demand for wireless services and high-speed data services. CDMA2000 1X was the world's first 3G technology commercially deployed (October2000). CDMA2000 represents a family of technologies that includes CDMA2000 1X and CDMA2000 1X EV.

A:- CDMA2000 1X The world's first 3G (CDMA2000 1X) commercial system CDMA2000 1X can double the voice capacity of cdmaOne networks and delivers peak packet data speeds of 307 kbps in mobile environment. There is only one 1.25-MHZ carrier

b: CDMA2000 1X EV CDMA2000 1X EV includes: CDMA2000 1X EV-DO CDMA2000 1X EV-DO delivers peak data speeds of 2.4Mbps and supports applications such as MP3 transfers and video conferencing. CDMA2000 1X EV-DV Hugh-speed packet multimedia services at speeds of up to 3.09 Mbps. 1XEV-DO and 1XEV-DV are both backward compatible with CDMA2000 1X and cdmaOne (IS-95a & IS-95B).

C: CDMA2000 3X US (CDMA2000) version: 3X chip rate and more Even faster data:2MB burstingThe Figure Blew IIIustrate that

Security and Encryption in GSM, GPRS, CDMA System

16

Security and Encryption in GSM, GPRS, CDMA System Fig 1.6 Evolution of CDMA

1.3.5 Architecture of CDMA 1X network [4] It has focused on the components that are added to the CDMA system

Fig1.7 CDMA network architecture

1.3.6. PDSN (Packet Data Service Node) [4] Security and Encryption in GSM, GPRS, CDMA System

17

Security and Encryption in GSM, GPRS, CDMA System



Establishes, maintains and terminates point-to-point protocol (999) session with the MS.



Establishes, maintains and terminates the logical link to the radio network across the radio-

packet (R-9) interface. •

Initiates authentication , authorization and accounting (AAA) for the MS to the packet data

network (internet) via the AAA server . •

Receives service parameters for the MS from the AAA.



Routes packet data between the RAN and the internet (like NAS in the internet).



Collects usage data that is related to the AAA server.



Supports both simple and mobile IP.



For mobile IP the FA (foreign agent ) should be implemented on the PDSN (also a HA (home

agent) is needed). •

One BSC can interconnect to a few PDSNs for load balancing.

1.3.7.1 Advantages of CDMA2000 [4] 1.3.7.2 Coverage: Forward and reverse link power control helps a CDMA network dynamically expand the coverage area . the coding and interleaving techniques used in CDMA provide the ability to cover a larger area for the same amount of available power used in the system . under line of sight condition CDMA has a 1.7 to 3 times more coverage than time division multiple access(TDMA)

1.3.7.3 Capacity: Third generation cellular systems are designed to provide enhanced voice capacity and the support of high data rate packet data services . these data services are typically characterized by asymmetric traffic requirement subjected to the adverse effect of the mobile channel . such condition require that use of advances techniques such as fast feedback channel information adaptive modulation and coding incremental redundancy multiuse diversity ,efficient handoff algorithm , adaptive data rate control ,etc.

1.3.7.4 CDMA universal frequency Reuse: CDMA has a frequency reuse of one .Each base transfer station (BTS) in the network uses the same frequency eliminating the need for frequency planning. Security and Encryption in GSM, GPRS, CDMA System

18

Security and Encryption in GSM, GPRS, CDMA System

1.3.7.5 Soft handoff: Capacity of a system is reduced when more power is required to communicate with a mobile . the soft handoff and power control in CDMA reduces the power requirement of a call allowing more users in the system.

1.3.7.6 Throughput higher data: Toda’s commercial CDMA support a peak data rate enables peak rates of up to 5 Mbps there are another advantages of CDMA system as frequency band flexibility increased battery life synchronization, power control, and internet protocol (IP) networks, improved service multiplexing and quality of service (QOS) management and flexible channel structure in support of multiple services with various QOS and variable transmission rate..Etc

1.3.7.7 Applications: CDMA offering a world of opportunities for multimedia services, satellite communication, military communication, wireless local loop (WLL) and so on.

1.3.8.1 Benefits Backward-compatibility with cdma one deployments: -protect operator investment in exiting cdma one networks. -provides simple and cost-effective migration to 3G service voice improvement

1.3.8.2 Voice improvement: -voice quality improvement -voice capacity improvement ( 1 X offers one and a half to times the capacity of cdma one 1X EV-DV offers even grater capacity increase ).

1.3.8.3 High speed data services support: -higher data rate (114 kbps to 2 Mbps and beyond ) -low latency data support

1.3.8.4 Multimedia services support : Security and Encryption in GSM, GPRS, CDMA System

19

Security and Encryption in GSM, GPRS, CDMA System - Simultaneous voice / data support for mult-serviece - Quality of service (QOS) support for multimedia applications

1.3.8.5 Special Applications: Hot spot coverage (spot beams) and follow- ME service (Smart Antennas ). Access reliability and extended battery life.

Security and Encryption in GSM, GPRS, CDMA System

20

Security and Encryption in GSM, GPRS, CDMA System

Security and Encryption in GSM, GPRS, CDMA System

21

Security and Encryption in GSM, GPRS, CDMA System

GSM SECURITY 2.1.1 Introduction [7] The security methods standardized for the GSM System make it the most secure cellular telecommunications standard currently available. Although the confidentiality of a call and anonymity of the GSM subscriber is only guaranteed on the radio channel, this is a major step in achieving end-to- end security. The subscriber's anonymity is ensured through the use of temporary identification numbers. The confidentiality of the communication itself on the radio link is performed by the application of encryption algorithms and frequency hopping which could only be realized using digital systems and signaling.

2.1.2 Overview of GSM Security Services [7] Smartcard-based authentication of the user •

Identification of the through worldwide unique name IMSI



Algorithm A3 for authentication is not public, Confidentiality on the radio link:



Algorithms: up to 7 A5 variants



unique, permanent subscriber key Ki and dynamically generated communication keys Kc

Anonymity: •

use of temporary identities

2.1.3GSM Security Requirements [9] 2.1.3.1Network provider‘s view •

correct Billing: authenticity of the user



no misuse of the service, correct billing of content-usage



efficiency: no more bandwidth needed for security, no long delays (user acceptance), cost-

efficient

2.1.3.2User‘s view •

confidentiality of communication (voice and data)



privacy, no profiles of the movements of the users

Security and Encryption in GSM, GPRS, CDMA System

22

Security and Encryption in GSM, GPRS, CDMA System •

connection with authentic base station



correct billing

2.1.3.3Content provider‘s view •

correct billing



2.1.4 Architecture security for GSM [9] The security aspects of GSM are detailed in GSM Recommendations "Security Aspects, "Subscriber Identity Modules, "security Related Network Functions." and "Security Related Algorithms". Security in GSM consists of the following aspects: subscriber identity authentication, subscriber identity confidentiality, signaling data confidentiality, and user data confidentiality. The subscriber is uniquely identified by the International Mobile Subscriber Identity (IMSI). This information, along with the individual subscriber authentication key (Ki), constitutes sensitive identification credentials analogous to the Electronic Serial Number (ESN) in analogue systems such as AMPS and TACS. The design of the GSM authentication and encryption schemes is such that this sensitive information is never transmitted over the radio channel. Rather, a challenge-response mechanism is used to perform authentication. The actual conversations are encrypted using a temporary. randomly generated ciphering key (KC). The MS identifies itself by means of the Temporary Mobile Subscriber Identity (TMSI). which is issued by the network a d may be changed periodically (i.e. during hand-offs) for additional security. The security mechanisms of GSM are implemented in three different system elements; the Subscriber Identity Module (SIM), the GSM handset or MS, and. the GSM network. The SIM contains the IMSI, the individual subscriber authentication key (Ki), the ciphering key generating algorithm (A8), the authentication algorithm (A3), as well as a Personal Identification Number (PIN). The GSM handset contains the ciphering algorithm (A5). The encryption algorithms (A3, A5, AS) are present in the GSM network as well. The Authentication Centre (AUC), part of the Operation and Maintenance Subsystem (OMS) of the GSM network, consists of a database of identification and authentication information for subscribers. This information consists of the IMSI, the TMSI, the Location Area Identity (LAI), and the individual subscriber authentication key (Ki) for each user. In order for the authentication and security mechanisms to function, all three elements (SIM, handset, and GSM network) are required. This distribution of security credentials and encryption algorithms provides an additional measure of security both in ensuring the privacy of cellular telephone conversations and in the prevention of cellular telephone fraud. Distribution of security information is among the three system elements, the SIM, the MS, and the GSM network. Within the GSM network, the security information is further

Security and Encryption in GSM, GPRS, CDMA System

23

Security and Encryption in GSM, GPRS, CDMA System distributed among the authentication centre (AUC), the home location register (HLR) and the visitor location register (VLR). The AUC is responsible for generating the sets of RAND, SRES, and Kc, which are stored in the HLR and VLR for subsequent use in the authentication and encryption processes. Fig(2.1) demonstrates the distribution of security information among the three system elements, the SIM, the MS, and the GSM network. Within the GSM network, the security information is further distributed among the authentication center (AUC), the home location register (HlR) and the visitor location register (VLR).

2.1.5 GSM- Security/Authentication/Access Control Features [9] The GSM system promises to provide security over the air interface that is as good as the security offered by traditional fixed networks .[l] The GSM standard specifies the following security features to be implemented in every PLMN. -Subscriber identity. (lMSI) confidentiality. This feature protects the Subscriber ID (IMSI) from being attacked by eaves-droppers. -Subscriber (IMSI) authentication This feature protects the Network Assets from Attacks by imposters. Fig connections. 2.1 Architecture for GSMthe protection of user speech data and other Use data confidentiality an physical This security feature provides user related identification information. -Connectionless user data confidentiality : This feature provides protection of the message part of the conAnectionless user data pertaining to OSI layers 4 and above. -Signaling information element confidentiality. This feature provides protection to some of the network signaling information that are considered to be sensitive. According to the standard, the implementation of these above features is mandatory over both the fixed and the access network sides. The mechanisms for implementing these features are explained in the following sections

Security and Encryption in GSM, GPRS, CDMA System

24

Security and Encryption in GSM, GPRS, CDMA System

2.1.5.1 Subscriber identity confidentiality: This feature is implemented by means of Temporary Mobile Subscriber Identities (TMSI). These TMSI are local numbers and have significance only in a given location area (LA). The TMSI must be accompanied by Location Area Identifier (LAI) to avoid ambiguities. Some of the requirements on the TMSI are : The new TMSI must be allocated at least in each location update procedure. This location updating whenever the mobile moves to a new location area (LA) Whenever a new TMSI is allocated to a MS, it is transmitted to the MS in A ciphered mode. The MS should store the TMSI in a non-volatile memory Together with the LA so that these data are not lost whenever the mobile is Switched off.

2.1.5.2GSM subscriber's authentication: Purpose: The authentication is used to identify the MS to the PLMN operator. Operation: Authentication is performed by challenge and response mechanism. Ki in the HPLMN is held in the AUC . A random challenge (RAND ) is generated by the Authentication algorithm A3 implemented within the SIM , and send a signed Response (SRES) back to the PLMN.

Security and Encryption in GSM, GPRS, CDMA System

25

Security and Encryption in GSM, GPRS, CDMA System

Fig 2.2 user authentication Fig 2.3 user authentication

2.1.6 confidentiality of connectionless data user information and signaling information on physical connections [9] . Security Requirements of Mobile communication . Authentication of MS or Subscriber . Authentication of VLR\HLR . Confidentiality of Data between MS and VLR . Confidentiality of Data between VLR and HLR . Requirements For End – user privacy . Security for call setup information . Security for speech . Privacy of Data . Privacy of user-location

2.1.7 Privacy of user –ID [7] All mobile communication system use some sort of a user-ID to identity its Subscriber. This subscriber indentication (or the user-ID ) must be protect – ted from hackers. Transmission of this information (that too. In clear) either over the air-interface , or over the network must be avoided as far as possible

2.1.8 support of roaming [7] Most mobile communications systems support roaming of users, wherein the User is provided service even if he move into a region handled by a deferent Service provider or a deferent network of the same service provider. Thus , There is requirement in the network for authenticating mobile user who roam Into its area. The main problem here is that the subscriber related information That is useful for authentication is present only in the home network of the user end and is generally not accessible by the visited (or serving) network. Security and Encryption in GSM, GPRS, CDMA System

26

Security and Encryption in GSM, GPRS, CDMA System Thus, there must be a method by which a subset of handset credentials is supplied to the serving network that is enough to authenticate the user. A complete disclosure of handset credentials may result in a security compromise.

2.1.9 GSM security weaknesses [9] Active attacks using false BTS are possible. This because the mobile dose not check the authenticity of the BTS while establishing a connection. It simply responds to the challenge posed to it. The cipher keys and the authentication data are transmitted in clear between and within Networks. Data integrity is absent in GSM. GSM was not built with a good flexibility for up gradation. The Home Network (in GSM) had no knowledge or control over how an serving Network uses the authentication parameters supplied to it for authenticating roaming subscribers.

GPRS Security 2.2.1 introduction [8] The GPRS is a new service that is offered to the mobile phone user. Netcom and Telenor, who are the two largest operators in Norway introduced GPRS on January 31 and February 1, 2001. So far it is just a small number of mobile phone on the marked that supports GPRS and it is also difficult to get hold of a mobile phone. The operators offer a limited numbers of services to the GPRS customers. One of the services that GPRS is supporting today is the Mobile Mail. Mobile Mail is possible to use with the entire mobile phone that use WAP, but with the GPRS functionality "always on" the email service Mobile Mail is more attractive It is important that the security is taken care of. This is because the users; both private persons and companies, can feel safe and use the services that the operators offer. Security and Encryption in GSM, GPRS, CDMA System

27

Security and Encryption in GSM, GPRS, CDMA System Services that demand a high level of security could be financial transactions transfer of medical information or exchange of personal e-mail messages. In the next two subchapters we have explained which part in the GPRS system we are focusing on and the test we did in the Ericsson AS'a lab environment.

2.2.2 Architure Security For GPRS [8] from the fig there are five main areas where security in the GPRS system is exposed .the five areas are : 1-security aspect relate to the mobile phone and the SIM card . 2-security mechanics between the MS and SGSN. These include also the air interface from the MS to the BSS. 3-The PLMNs backbone network security that mainly 4-security between different operation. 5-Security between GGSN and the external connected network like internet .

Fig 2.4 system architecture

2.2.3 Security functions in GPRS [8] Confidentiality, Integrity and Authentication (CIA) are three different services that computer and network security should cover. All the three services have to be protected, and attack against one or some of them are possible. It is important to have strict control for who should have Access control and dispense with Denial-of-Service for the unauthorized users

Security and Encryption in GSM, GPRS, CDMA System

28

Security and Encryption in GSM, GPRS, CDMA System Confidentiality – The property of information that has not been disclosed to unauthorized parties. Confidentiality has traditionally been seen as the most formidable threat in the communications system. To provide confidentiality encryption is used. Integrity – the property of information that has not been changed by authorized parties Integrity is normally associated with error correction and retransmission techniques to ensure that data are not corrupted. Cryptographically checksum is a technique to ensure that data is not willfully modified. Authentication – The provision of assurance of the claimed identity of an entity. Authentication is reference to the user identity verification. Challenge- Response is a common authentication mechanism that active challenge the user to claim that he is the right person, so the user has to give that right response. Access control – The prevention of unauthorized use of a resource, including the prevention of a resource in an unauthorized manner. Access control is to give access to services for authorized user and denying unauthorized user the same services. Denial-of-Service – While access control is about denying the unauthorized user access to the services, Denial-ofService can be seen as a security service to ensure that unauthorized users are denied access to the services.

2.2.5. GPRS processes [8] this section describes the flowing processes used in GPRS network :

Attach process Process by which the MS attaches (i.e. connected) To the SGSN in the GPRS

Authentication prosess Process by which the SGSN authentication the mobile subscriber.

Detach process Process by which the MS detaches (i.e. disconnected ) from the SGSN in the GPRS network .

2.2.5.1GPRS attach process when a mobile subscriber turns on their handset , the flowing actions occur: 1.a handset attach request is sent to the new SGSN . Security and Encryption in GSM, GPRS, CDMA System

29

Security and Encryption in GSM, GPRS, CDMA System 2.the new SGSN responds with the identity of the handset. The old SGSN responds with identity of the handset. 3.the new SGSN requests more informationA from MS .this information is used to authentication the MS to the new SGSN . 4-The authentication process continues to the HLR. The HLR acts like a RADIUS server using a handset-level authentication based on IMSI and similar to the CHAP authentication process in PPP. 5. A check of the equipment ID with the EIR is initiated. 6. If the equipment ID is valid, the new SGSN sends a location updated to the HLR indicating the change of location to a new SGSN. The HLR notifies the old SGSN to cancel the location process for this MS. The HLR sends an insert subscribe data request and other information associated with this mobile system and notifies the new SGSN that the update location has been performed. 7. The new SGSN initiates a location update request to the VLR. The VLR acts like a proxy RADIUS that queries the home HLR. 8. The new SGSN sends the Attach Accept message to the MS. 9. The MS sends the Attach Complete message to the new SGSN. 10. The new SGSN notifies the new VLR that the relocation process is complete.

2.2.5.2GPRS authentication process: The GPRS authentication process is very similar to the CHAP with RADIUS server the authentication process follows these steps: 1.The SGSN sends the authentication information to the HLR . the HLR sends information back to the SGSN based on the user profile that was part of the user's initial setup. 2.The SGSN sends a request for authentication and ciphering (used a random key to encrypt information ) to the MS . the MS uses an algorithm to send the user ID and password to the SGSN. Simultaneously , the SGSN uses the same algorithm and compares the result. If match occur . the SGSN authentications the user.

Security and Encryption in GSM, GPRS, CDMA System

30

Security and Encryption in GSM, GPRS, CDMA System

Fig 2.5 main GPRS procedures

2.2.5.3 detach process initiated by MS when a mobile subscriber turns off their handset . the detach process initiates . the detach process is described below . 1.the MS sends detach request to the SGSN 2-the SGSN sends a delete PDP context request message to the serving GGSN . 3-the SGSN sends a GPRS detach indication message to the MSC/VLR indication the MS request to disconnected. 4-the SGSN sends a GPRS detach indication message to the MSC/VLR 5-the SGSN sends the detach accept message to the MS . Note the GSN nodes must always respond to the detach request with a positive delete response to the MS and accept the detach requested by the client. The positive delete response is require even if the SGSN dose not have a connection pending for that client .

2.2.6 GPRS security /authentication/access control feature 2.2.6.1 Confidentiality of the user identity [8] the identity of the user is protect ed to avoid the possibility for an intruder to identify which subscriber is using a given resource on the radio path by listening to the signaling exchange or the user traffic. As a condition to accomplice this the IMSI (international mobile subscriber identity) or any other information allowing a listener to drive the IMSI easily, should not normally be transmitted in clear text in any signaling message over the radio pathe, it is from a security Security and Encryption in GSM, GPRS, CDMA System

31

Security and Encryption in GSM, GPRS, CDMA System point of view necessary that on the radio path a protected identifying method is used instead of the IMSI. The IMSI should not normally be used as addressing means. But when signaling procedures permit it it, signaling information elements that can expose information about the mobile subscriber identity must be ciphered for transmission. To identify a mobile subscriber on the radio path a Temporary Logical Link Identity (TLLI) is used. The TLLI is a local number and has only a meaning in a given Routing Area (RA), it is accompanied by the Routing Area Identity (RAI). The relation between the TLLIs and IMSIs are stored in a database at the, SGSN. So when a TLLI is received with a RAI that does not correspond to the current SGSN, the IMSI is requested from the SGSN in charge of the RA indicated in the RAI. If the address of that SGSN is unknown the IMSI is requested from the MS. When a new TLLI is allocated to a MS, it is transmitted from the SGSN to the MS in a ciphered mode produced with the GPRS-A5 algorithm. This is not completely the truth since the fixed part of the network can acquire the identification of the MS in clear. However this is a breach in the provision of the service, and should only be used when necessary to cope with malfunctioning e.g. arising from software failure

2.2.6.2confidentiality of user data The SGSN can request security related information for a MS from the HLR/AuC corresponding to the IMSI, which will include an array of pairs of corresponding RAND and SRES. This is done in the HLR/AuC by using RAND and the key Ki in the A3 algorithm The pairs are stored in the SGSN as part of the security information. The HLR/AuC responds the SGSN by sending the vectors RAND/SRES in the Authentication Vector Response which also includes the key Kc. These sets of information (RAND/SRES and Kc) are stored in the SGSN. And they should be marked as used when they have been used, but it is the operators that decide how many times a set can be used before it is marked. If there is no more unused sets left, the SGSN may use a used set. In order to get rid of sets that is used the SGSN is to delete all the records marked as used, when it successfully request security related information from the HLR. The sets may also be re-sent by the HLR depending on the rules for re-use of sets set by the operator.

2.2.6.3 confidentiality of user information and signaling between MS and SGSN The needs for a protected mode of transmission are fulfilled by a ciphering function in the LLC layer. It is the GPRSA5 algorithm that ciphers the LLC layer information. A mutual key setting is produced to allow the MS and the network to agree on the key Kc to be used in the ciphering and the deciphering algorithms GPRS-A5. The Kc is transmitted to the MS in the RAND value and it is derived from the RAND by using the A8 and the Subscriber Security and Encryption in GSM, GPRS, CDMA System

32

Security and Encryption in GSM, GPRS, CDMA System Authentication key Ki. The MS and the SGSN must coordinate when the ciphering and the deciphering processes should start. indicating if the frame is ciphered or not. The SGSN indicates if the ciphering should be used or not in the Authentication and Ciphering Request message, and the MS starts the ciphering after sending the Authentication and Ciphering Response message. In order for the enciphering bit stream at one end and the deciphering bit stream at the other end to coincide, the streams must be synchronized. This is done by using an explicit variable INPUT, the DIRECTION and the Kc in the algorithm GPRS-A5, The synchronization of ciphering at LLC frames level is done by a bit in the LLC header When a inter SGSN routing area update occurs, the necessary information (i.e Kc ,INPUT) is transmitted within the system infrastructure to enable the communication to proceed from the old SGSN to the new one. The key Kc may remain unchanged at Inter SGSN routing area update. The MS should indicate which version of the GPRSA5 algorithm it supports when it wants to establish a connection to the network. The negotiation of the GPRS-A5 algorithm happens during the authentication procedure. The network can decide to release the connection if there is no common GPRS-A5 algorithm, or if the MS indicates an illegal combination of supported algorithms. Otherwise the network selects one of the mutual acceptable versions of the GPRS-A5 algorithms to bused.

CDMA security 2.3.1 Introduction [6] Since the birth of the cellular industry, security has been a major concern for both service providers and subscribers. Service providers are primarily concerned with security to prevent fraudulent operations such as cloning or subscription fraud, while subscribers are mainly concerned with privacy issues. In 1996, fraudulent activities through cloning and other means cost operators some US$750 million in lost revenues in the United States alone. Fraud is still a problem today, and IDC estimates that in 2000, operators lost more than US$180M in revenues from fraud. Technical fraud, such as cloning, is decreasing in the United States, while subscription fraud is on the rise1. In this paper, we will limit our discussions to technical fraud only. With the advent of second-generation digital technology platforms like TDMA/CDMA-IS-41, operators were able to enhance their network security by using improved encryption algorithms and other means. The noise-like signature of a CDMA signal over the air interface makes eavesdropping very difficult. This is due to the CDMA “Long Code,” a 42-bit PN (Pseudo-Random Noise of length 242-1) sequence, which is used to scramble voice and data transmissions. This paper discusses how CDMA 2000 1xRTT implements three major features of mobile security: authentication, data protection, and anonymity

Security and Encryption in GSM, GPRS, CDMA System

33

Security and Encryption in GSM, GPRS, CDMA System

2.3.2 Security – CDMA Networks [15] The security protocols with CDMA-IS-41 networks are among the best in the industry. By design, CDMA technology makes eavesdropping very difficult, whether intentional or accidental. Unique to CDMA systems, is the 42-bit PN (Pseudo-Random Noise) Sequence called “Long Code” to scramble voice and data. On the forward link (network to mobile), data is scrambled at a rate of 19.2 Kilo symbols per second (Ksps) and on the reverse link, data is scrambled at a rate of 1.2288 Mega chips per second (Mcps). CDMA network security protocols rely on a 64-bit authentication key (A-Key) and the Electronic Serial Number (ESN) of the mobile.

Fig2.6 the authentication by CAVE A random binary number called RANDSSD, which is generated in the HLR/AC, also plays a role in the authentication procedures. The A-Key is programmed into the mobile and is stored in the Authentication Center (AC) of the network. In addition to authentication, the A-Key is used to generate the sub-keys for voice privacy and message encryption. CDMA uses the standardized CAVE (Cellular Authentication and Voice Encryption) algorithm to generate a 128-bit sub-key called the “Shared Secret Data” (SSD). The A-Key, the ESN and the network-supplied RANDSSD are the inputs to the CAVE that generates SSD. The SSD has two parts: SSD_A (64 bit), for creating authentication signatures and SSD_B (64 bit), for generating keys to encrypt voice and signaling messages. The SSD can be shared with roaming service providers to allow local authentication. A fresh SSD can be generated when a mobile returns to the home network or roams to a different system.

2.3.3 Authentication [6]

Security and Encryption in GSM, GPRS, CDMA System

34

Security and Encryption in GSM, GPRS, CDMA System In CDMA networks, the mobile uses the SSD_A and the broadcast RAND* as inputs to the CAVE algorithm to generate an 18-bit authentication signature (AUTH_SIGNATURE), and sends it to the base station. This signature is then used by the base station to verify that the subscriber is legitimate. Both Global Challenge (where all mobiles are challenged with same random number) and Unique Challenge (where a specific RAND is used for each requesting mobile) procedures are available to the operators for authentication. The Global Challenge method allows very rapid authentication. Also, both the mobile and the network track the Call History Count (a 6-bit counter). This provides a way to detect cloning, as the operator gets alerted if there is a mismatch.The A-Key is re-programmable, but both the mobile and the network Authentication Center

2.3.4 Basic of authentication : [6] 1. A- key (authentication Key) 2.ESN-MIN-MDN: 2.3.4.1 A- key (authentication Key): the A-key or authentication key is a 64 bit permanent number stored in the permanent memory of the mobile. Preprogrammed and stored security on the mobile phone during factory settings. Known only to the mobile and its associated HLR/AC. Is used to generate the SSD (share secret data)- the intermediate keys.

2.3.4.2. ESN-MIN-MDN: ESN (electronic serial number) The ESN is the 32 bit electronic serial number of the mobile phone. The ESN is pre-programmed by the phone manufacturer during factory setting. The ESN is unique to each mobile on the network and is used in conjunction with the mobile number to identity the mobile on the network . MIN (mobile identification number) The MIN is the 10 digit number which is assigned by the service providers to a mobile phone in the network . the MIN is unique each mobile on the network and is used in conjunction with the ESN to identify the mobile on the network. MDN (mobile directory number) The MDN is the 10 digit dilatable number assigned by the service provider to a mobile phone on its network . the MDN may be the same as the MIN (it depend on how the service provider provisions this pair on its network)

2.3.5Global challenge [6] 1- allows only valid subscriber to access the network resources. Security and Encryption in GSM, GPRS, CDMA System

35

Security and Encryption in GSM, GPRS, CDMA System 2- all MS challenge with same random number 3- VLR can authenticate MS if SDD is shared 4- subsequence action is based on policy in effect (i.e. unique challenge) Global challenge is performed when ever: 1-registration: when the mobile dose autonomous registration. 2- origination: when the mobile station originates a call . 3- terminations: when the mobile station responds with page message . 4- mobile station data: when it sends a data burst message I.e. SMS.

Fig 2.8 global challenge

2.3.6 unique challenge [6] signal MS challenged with selected random number( unique) VLR can initiate if SSD is shared (only report failure to AC) can executed on the traffic channel used for call saves control channel resources By design, all CDMA phones use a unique PN (Pseudo-random Noise) code for spreading the signal, which makes it difficult for the signal to be intercepted.

Security and Encryption in GSM, GPRS, CDMA System

36

Security and Encryption in GSM, GPRS, CDMA System

Fig 2.9 unique challenge:

2.3.7 The inherent security of the CDMA air interface [7] Code Division Multiple Access (CDMA) technology is an advance wide area wireless technology for voice and highspeed internet access supporting high mobility speeds. CDMA is inherently secure and has advantages to firstgeneration analog and Time Division Multiple Access (TDMA) system . CDMA originated from military application and cryptography and to data there has never been a report of high-jacking or eavesdropping on a CDMA call in a commercially deployed network .the inherent security of CDMA 's air interface comes from a combination of encryption and spread spectrum technology ,which are used simultaneously to void any gaps in security . first the CDMA signals of all calls are transmitted or spread over the entire bandwidth rather than being tied to a specific time or element in the system. this result in the signal of all calls tacking on white noise a noise-like appearance that work as disguise making the signal of any one call difficult to distinguish and detect from background noise

Security and Encryption in GSM, GPRS, CDMA System

37

Security and Encryption in GSM, GPRS, CDMA System

Security and Encryption in GSM, GPRS, CDMA System

38

Security and Encryption in GSM, GPRS, CDMA System

Security and Encryption in GSM, GPRS, CDMA System

39

Security and Encryption in GSM, GPRS, CDMA System

GSM Encryption 3.1.1 Introduction [1] Encryption, Decryption and cryptography Encryption is the conversion of message from the original form to an unrecognizable form (encrypted message) while decryption is the re-conversion of the encrypted message into its original form. The word cryptography comes from the Greek words kryptos which means hidden and graphein which means writing. Cryptography is the science of encryption and decryption. The art or study of cryptography was a known practice in the ancient world. The first recorded use of cryptography was by the Spartan’s in 400 B.C. and one of the more famous ancient cryptography was known as “Caesar Cipher” named after Julius Caesar which was used by the Roman armies to transfer messages during war. The modern day cryptographic techniques make use of much faster processing techniques which are embedded on advanced electronics chips and computers systems. In a general cryptographic system a message is encrypted with the help of keys which are nothing but variables which are applied to the original message. The formula for combining the original message and the key to produce an encrypted message is known as a cryptographic algorithm. For example an original text written as HOWAREYOU could be encrypted into KRZDUHBRX. In this example the cryptographic algorithm would read “shift key places forward” and the key could be 2 which means shift 2 places forward.As can be seen in the above example both sides must have the same cryptographic algorithm and must know the key or variable to perform the cryptographic algorithm on the original message. Most Cryptographic systems use either the Secret Key (Symmetric) cryptography or Public Key (Asymmetric) cryptography and sometimes even a mix of both. This White Paper will not discuss these two models as used in various applications but would stay focused on the Authentication and Encryption as used in GSM systems

3.1.2 GSM ALGORITHM [3] GSM subscriber identity module (SIM) contains • International Mobile Subscriber Identity (IMSI) • Subscriber identification key Ki Used for authentication and encryption via simple Challenge/response protocol • A3 and A8 algorithms provide authentication (usually Combined as COMP128) • A5 provides encryption

Security and Encryption in GSM, GPRS, CDMA System

40

Security and Encryption in GSM, GPRS, CDMA System

Fig 3.1 challenge response

3.1.3 GSM Security [15] 1. Base station transmits 128-bit challenge RAND 2. Mobile unit returns 32-bit signed response SRES via A3 3. RAND and Ki are combined via A8 to give a 64-bit A5 key 4. 114-bit frames are encrypted using the key and frame Number as input to A5

3.1.4 A5 ALGRITHM [15] 3.1.4.1 A5/1 Overview “Cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you.” - Ian Cassells, a former Bletchly Park cryptanalyst. •

A5/1 is a stream cipher, which is initialized all over again for every frame sent.



Consists of 3 LFSRs of 19,22,23 bits length.



The 3 registers are clocked in a stop/go fashion using the majority rule.

3.1.4.2 A5/1 : Operation •

All 3 registers are zeroed



64 cycles (without the stop/go clock) :

Security and Encryption in GSM, GPRS, CDMA System

41

Security and Encryption in GSM, GPRS, CDMA System •

Each bit of K (lsb to msb) is XOR'ed in parallel into the lsb's of the registers



22 cycles (without the stop/go clock) :



Each bit of Fn (lsb to msb) is XOR'ed in parallel into the lsb's of the registers



100 cycles with the stop/go clock control, discarding the output



228 cycles with the stop/go clock control which produce the output bit sequence.

Fig3.2 keystream generation

3.1.4.3 A5 The Model •

The internal state of A5/1 generator is the state of all 64 bits in the 3 registers, so there are 264-1

states. •

The operation of A5/1 can be viewed as a state transition :



Standard attack assumes the knowledge of about 64 output bits (64 bits →264 different

sequences).

About A5 : • A5/0 : no encryption. • A5/1 : original A5 algorithm • A5/2 : weaker algorithm created for export • A5/3 : strong encryption created by 3GPP • A5 is a stream cipher. • Uses three linear feed-back shift registers (LFSR) of different length (19/21/22) and Variable clock. The xor of the three registers Is the bit stream that is then xored with the Plain text. Security and Encryption in GSM, GPRS, CDMA System

42

Security and Encryption in GSM, GPRS, CDMA System • The key is the initial content of the Registers, in total 64 bits derived from Kc And the frame number.

3.1.5 A5/2 Algorithm [15] 3.1.5.1 Description of A5/2 •

4 LFSR R1,R2,R3,R4.



R4 controls the clocking of R1,R2,R3.



LFSRs are initialized using KC and frame # f.



After key is loaded, one bit of each register is forced to be set.



Output (228 bit key stream) is quadratic function of R1,R2,R3.



114 bits of key stream are used to encrypt uplink and rest 114 are used for downlink.

Fig 3.3 architecture of A5/2

3.1.5.3 Ciphertext-only Attack on A5/2 •

Error correction codes are employed in GSM before encryption.

Security and Encryption in GSM, GPRS, CDMA System

43

Security and Encryption in GSM, GPRS, CDMA System •

Plaintext has highly structured redundancy.



Complexity

Implementation on a personal computer recovers KC in less than a second and takes less than 5.5hours for one time pre-computation. Possible Attack Scenarios •

Eavesdropping conversation (passive listening)



Call hijacking (man in the middle)



Altering of data messages (SMS)



Call theft (parallel session)

3.1.7 Attack Categories [15] •

Attacks on GSM Security



SIM Attacks



Cryptanalytic Attack



Fake BTS



Radio-link interception attacks



Operator network attacks



GSM does not protect an operator’s Network

3.1.8.1 Attacks on GSM Security 3.1.8.2 SIM Attacks •

Secret key KI is compromised.



Physical access to SIM is needed.



COMP-128 leaks KI (April 1998)



Requires about 50K challenges



Side-channel attacks



Power consumption



Timing of operation

Security and Encryption in GSM, GPRS, CDMA System

44

Security and Encryption in GSM, GPRS, CDMA System •

Electromagnetic emanations



Cloning of SIM is possible

3.1.8.3 Cryptanalytic Attack •

Weakness in the encryption algorithm



Session key KC is compromised



Over the air attack (physical access not required)

3.1.9 Observations [15] •

Attack takes lesser time than authentication timeout.



No authentication for base station.



Replay attack is possible as nonce or time stamp are not used.



A5/2 is already broken and A5/1 is weak. Even changing to A5/3 won’t help.



GSM interceptor/scanners are easily available.



Security problems in mobile communications are keeping the applications like m-commerce

from deployment. •

Attack takes lesser time than authentication timeout.



No authentication for base station.



Replay attack is possible as nonce or time stamp are not used.



A5/2 is already broken and A5/1 is weak. Even changing to A5/3 won’t help.



GSM interceptor/scanners are easily available.



Security problems in mobile communications are keeping the applications like m-commerce

from deployment. •

GSM security design process was conducted in secrecy.



The A5 encryption algorithm was never published.



The key calculated does not depend on which of the A5 algorithms it is destined to be used with.



Real time cryptanalysis of A5/2.



The encryption is done after coding for error correction.

Security and Encryption in GSM, GPRS, CDMA System

45

Security and Encryption in GSM, GPRS, CDMA System

GPRS Encryption 3.2.1 Authentication and key agreement of GPRS [4] 3.2.1.1 Keys and triplets: When a connection is established with a Mobile Station (MS), the Serving GPRS Support Node (SGSN) is informed and takes over control of the Authentication procedure. The SGSN request the International Mobile Subscriber Identity (IMSI) and uses it to identify the station's HLR. The SGSN conveys the IMSI and its own identity to the HLR so that this can inform the Network of the Mobile Station's subscriber IMSI; it addresses the Authentication centre and requests for the ciphering key Ki. The key is retrieved by the Authentication centre and used with a Random number as parameter in an algorithm, A3 to calculate a signature or signed response. The AuC similarly uses Ki and the random number as a parameter in an other algorithm A8 to calculate the ciphering key Kc for traffic channel coding. The random number, the signed response and Kc make up a triplet for a mobile station which can be used for further ciphering.

3.2.1.2 GPRS Authentication [8] In GPRS the authentication mechanism is the same as in GSM except that it is performed by the SGSN instead of the VLR. As a side effect, the GPRS system effectively prevents eavesdropping on the backbone between the BSS and SGSN, because the frames are still encrypted at this point. Thus, security of GPRS depends largely on the placement and safety of the SGSNs. The particularity of GPRS is the "attach" procedure which allows sending and receiving packets on a date network. In fact, this procedure includes authentication as described above, ciphering algorithm negotiation and IP address assignment by the SGSN. The HLR conveys the value of the triplets (Kc, the signed response and the random number) to the SGSN and the value of the Random number is then passed to the Mobile Station. Additionally the SGSN performs the selection of the ciphering algorithm (different versions of the ciphering algorithm A5 should be available), and the synchronization for the start of the ciphering. The MS, after receiving the Random number, calculates the other value of the triplets (signed response and Kc) using algorithm A3 and A8. The signed response is sent back to the SGSN and compared to the one sent by the HLR (see Figure 3-12 Calculation of the triplets in the MS p.19). Any further processing are not undertaken before the signed response calculated by the HLR and stored in the SGSN matches the one calculated in the mobile.

3.2.1.3 GPRS Encryption [8] Security and Encryption in GSM, GPRS, CDMA System

46

Security and Encryption in GSM, GPRS, CDMA System A cryptosystem defines a pair of data transformations. The first transformation, the encryption is applied to an ordinary data item known as plaintext and generates a corresponding (unintelligible) data item called cipher text. The second transformation or decryption is applied to the cipher text and results it in the regeneration of the original plaintext. An encryption transformation is defined by an algorithm and uses as input both the plaintext data and an independent value known as an encryption key Similarly, a decryption transformation is defined by an algorithm and uses a decryption key as well as the cipher text so as to cover the plaintext. If the authentication of the subscriber is successful then the encoding step is targeted. Data and signaling are merged on a traffic channel between the mobile station and the SGSN using: •

The GPRS system uses a new A5 implementation as well referred to as the GEA version 1

(GPRS Encryption Algorithm). The GEA is responsible for securing the interface from Mobile Station to SGSN. The Kc is not transmitted to the BTSs and the transmission channel between the BTS and the SGSN is encrypted making impossible to monitor the backbone between the BTS and the SGSN •

The Key Kc as a parameter

Fig 3.4 authentication and encryption An important security mechanism that protects the radio link against eavesdropping is encryption. Encryption protects both user data and network control information. This is referred to as ciphering in the GPRS specification, is an option employed by AT&T Wireless. Please note, not all GPRS or EDGE device and an infrastructure element called the SGSN (a relatively centralized node) Encryption spans not only the radio interface, but a portion of the wire line infrastructure as well and includes Base Transceiver Station (BTSs), Base Station Controllers (BSCs), and all of the connections leading to the SGSN. Following authentication, the network and MS calculate a 64-bit encryption key by applying a key-generating algorithm called A8 to two values: the secret subscriber key and a random number previously used for authentication.

Security and Encryption in GSM, GPRS, CDMA System

47

Security and Encryption in GSM, GPRS, CDMA System Once the encryption key id derived, communication between the NS and the GPRS/EDGE network is encrypted using an algorithm called GPRSA5, a modified version of the A5 algorithm used in GSM network for voice communication. GPRSA5 is optimized for packet-data communications.

Fig 3.5 the GPRS ciphering This algorithm is also referred to as GPRS Encryption Algorithm (GEA). Both A5 and GPRS-A5 are based on an algorithm called COMP128. The first version of GPRS encryption was called GEA1. The current version is GEA2. The protocol level that handles encryption is called the Logical Link Control (LLC) layer. The LLC operates between the MS and SGSN at layer two of the network reference model (see Figure 3-14). Both signaling (control) information and user data are processed by the LLC layer; therefore the network keeps both user data and control information (such as the user's location) confidential.

Fig 3.6 THE GPRS traffic Security and Encryption in GSM, GPRS, CDMA System

48

Security and Encryption in GSM, GPRS, CDMA System

3.2.2 Scope of ciphering [8] In contrast to the scope of ciphering in existing GSM (a single logical channel between BTS and MS), the scope GPRS ciphering is form the ciphering function at the SGSN to the ciphering function in the MS. This means that user data and signaling are protected by the ciphering algorithm (A5)all way long form the MS to the SGSN and not only form the MS to the BTS as it was the case in GSM. As a matter of fact, this will avoid us to study the Gb Interface since the interconnection between the BSS and the SGSN are as well protected as the Um interface (MS-BSS interface).

Fig 3.7 scope of GPRS ciphering

3.2.3 Characteristics Of The Different Algorithms in GPRS [15] •

Three kinds of algorithms have been defined:



.Algorithm A3 which is the Authentication algorithm.



Algorithm A5 which is the ciphering/deciphering algorithm. As previously explained



several ciphering algorithms will be designed and one of them will be chosen during the

authentication procedure. •

Algorithm A8 which is the cipher key generator.

3.2.3.1 Algorithms A3 & A8 : Security and Encryption in GSM, GPRS, CDMA System

49

Security and Encryption in GSM, GPRS, CDMA System The algorithms is used for authentication processes and algorithms A8 it used for produce cipher key (kc). The algorithms A3 and A8 in GPRS takes same procedures which they occurs in GSM system.

3.2.3.2 Algorithms A5: A5 is implemented in to the math MS and SGSN. The ciphering take place just before modulation and after interleaving. The deciphering take place just before demodulation and after symmetrically. The useful information (plain text) is organized in to blocks of 114 bit .for ciphering A5 produces a sequence of 114cipher\ decipher bits (here called

BLOCK) which is combined by a bit wise modulo to addition to the 114 bits plain text . Deciphering is

symmetrically: A5 produces a sequence of 114cipher\ decipher bits and the first produced bits are added to cipher text (coded massage) and so on … For each slot , the decipherment is performed on MS side with first block ( BLOCK1) of 114 bits produced by the A5, And the encipherment is performed with the second produced block (BLOCK2) for deciphering.{4} therefore , A5 must produce twice 114 bits .THE ciphering start when valid authentication response is received from MS using synchronization for the start ciphering that has been selected in the BSC . synchronization guaranteed by explicit time variable , COUNT (22-bits) , derived from the logical link control (LLC) frame number .therefore , 114 bits block produced by A5 only depends on the LLC frame numbering , the cipher key kc (64 bits) and of course the A5 algorithm used . THE fig (3.9) summarises the above listed implementation indication , with only one

cipher\ decipher bits procedure represented.

Fig 2.8 use of the A5 algorithm

Security and Encryption in GSM, GPRS, CDMA System

50

Security and Encryption in GSM, GPRS, CDMA System

CDMA ENCRYPTION 3.3.1 Authentication and Encryption in CDMA system [13] Executive summary Mobile usage has virtually penetrated every aspect of our daily lives from the traditional voice communication to short message services (SMS), multimedia messaging services (MMS), ring tones, camera phones, games and a vast array of applications. In fact with the advent of 3G technologies most Service Providers are promising even more attractive features and applications. Most mobile phone manufacturers are making the mobile even more and more feature rich. One of the key areas which has been addressed by both the Service Provider and the Mobile manufacturers is in th area of Authentication and Encryption in Mobile technology. This White Paper is an attempt to address the concept of Authentication and Encryption in CDMA systems and the usage of this feature in today’s mobile telephony environment.

3.3.1.2 The Authentication model [6] An Authentication model is best represented by Figure 1 shown below. As soon as the User desires some service from the Serving System a random number is thrown at it from the Serving System as a Challenge to authenticate itself. The User uses this random number and performs a cryptographic algorithm on it using a Secret Key which is known at both ends. The same process is carried out at the Serving System using the same cryptographic algorithm and Secret key. The resultant output from the User side is given to the Serving System as a Response. The Serving System compares the Response with its own computation. If the two match the User is either permitted access to Services or is denied entry.

Security and Encryption in GSM, GPRS, CDMA System

51

Security and Encryption in GSM, GPRS, CDMA System

Fig 3.9 cryptographic algorithm

In CDMA systems as we shall see in subsequent sections the process of Authentication is to identify and provide service to a genuine mobile on the network and deny access to a cloned version of it.

3.3.1.3 Authentication and Encryption in CDMA system

[13]

At the heart of the Authentication model in CDMA is the Authentication key or A-key which is like a master key to the system. The A-key is a 64 bit number stored in the permanent section of the memory and is usually pre-programmed at factory settings. The A-key as we shall see in further sections is used to generate intermediate keys and session keys within the system. The model represented below represents the complete Authentication and Encryption systems in CDMA networks and will be the focus of our study from now.

Security and Encryption in GSM, GPRS, CDMA System

52

Security and Encryption in GSM, GPRS, CDMA System

Fig 1.10 authentication and Encryption For better understanding this system can be divided into three sections namely SSD (Shared Secret Data) Generation / Updation, Authentication and finally Encryption. The CDMA networks make use of a cryptographic algorithm known as CAVE or Cellular Authentication and Voice Encryption which is used in various stages of the procedure. On the initiation of a SSD generation/update the Home Location Register/Authentication Centre (HLR/AC) sends out a Random number RANDSSD (56 bits) as a challenge. The mobile takes this RANDSSD value along with the ESN and A-key to generate the SSD pairs namely SSD_A and SSD_B both 64 bits long. The above is followed by a procedure known as Global Challenge. In this process the SSD_A is further fed into the CAVE algorithm along with ESN and MIN and a random number known as RAND (32 bits) which is now generated by the MSC. The result computed as Authentication Signature (AUTHR) (18 bits) is sent back by the mobile to the network. The network too would have calculated its own version of AUTHR which it uses to compare the result. The network Base Station permits access to the mobile if the Authentication Signatures matchand denies access if they do not. In the event of a mismatch the network may also Security and Encryption in GSM, GPRS, CDMA System

53

Security and Encryption in GSM, GPRS, CDMA System initiate a SSD update to generate a new pair of SSD_A and SSD_B and also in some cases initiate a Unique Challenge to the mobile. Here it sends out a Unique Random number RANDU (24 bits) to a particular mobile and receives a unique Authentication Signature (AUTHU) (18 bits) from that mobile. The Authentication Procedure is invoked during Registration, Origination, Page Response or Data Burst Message.

How is Authentication Invoked [15] When a mobile is trying to Register onto the network by sending a Registration message on the Access Channel RAND (32)

ESN (32)

IMSI_S1 (24)

SSD_A (64)

AUTH_SIGNATURE-CAVE AUTHR (18)

When a Mobile attempts to Originate a call by sending an Origination message on the Access Channel RAND (32)

ESN (32)

IMSI_S1 (24)

SSD_A (64)

AUTH_SIGNATURE-CAVE AUTHR (18)

When a Mobile is trying to Terminate a call by sending a Page Response message on the Access Channel RAND (32)

ESN (32)

IMSI_S1 (24)

SSD_A (64)

AUTH_SIGNATURE-CAVE AUTHR (18)

When a Mobile attempts to send a Data Burst message on the Access Channel

Security and Encryption in GSM, GPRS, CDMA System

54

Security and Encryption in GSM, GPRS, CDMA System RAND (32)

ESN (32)

IMSI_S1 (24)

SSD_A (64)

AUTH_SIGNATURE-CAVE AUTHR (18)

3.3.2 Spread Spectrum

[15]

A technique in which the transmission bandwidth W and message bandwidth R are related as W >> R Counter intuitive Achieves several desirable objectives for e.g. enhanced capacity

3.3.3 Types of Spread Spectrum Systems 1-Frequency Hopping 2-Direct Sequence Frequency Hopping





Slow Frequency Hopping - multiple symbols per hop Fast Frequency Hopping - multiple hops per symbol

Care is taken to avoid or minimize collisions of hops from different users

Security and Encryption in GSM, GPRS, CDMA System

55

Security and Encryption in GSM, GPRS, CDMA System

3.3.3.1Frequency Hopping

Fig 1.11 Typical frequency-hopping waveform pattern

3.3.3.2 Direct Sequence

Fig 3.12 Transmitter side of system

Security and Encryption in GSM, GPRS, CDMA System

56

Security and Encryption in GSM, GPRS, CDMA System

3.3.4 Spreading Codes [15] 1- It is desired that each user’s transmitted signal appears noise like and random. Strictly speaking, the signals should appear as Gaussian noise 2- Such signals must be constructed from a finite number of randomly preselected stored parameters; to be realizable 3- The same signal must be generated at the receiver in perfect synchronization 4- We limit complexity by specifying only one bit per sample i.e. a binary sequence

IS-95 CDMA 1

Direct Sequence Spread Spectrum Signaling on Reverse and Forward Links

2

Each channel occupies 1.25 MHz

Reverse CH

Forward CH

847.74 MHz

892.74 MHz

1-Fixed chip rate 1.2288 Mcps

45 MHz Orthogonal Walsh Codes

3.3.4 Spreading Codes in IS-95 []15] 1

2



To separate channels from one another on forward link



Used for 64-ary orthogonal modulation on reverse link.

PN Codes –

Decimated version of long PN codes for scrambling on forward link

Long PN codes to identify users on reverse link Short PN codes have different code phases for different base stations

Reverse Link Modulation -The signal is spread by the short PN code modulation (since it is clocked at the same rate) -Zero offset code phases of the short PN code are used for all mobiles Security and Encryption in GSM, GPRS, CDMA System

57

Security and Encryption in GSM, GPRS, CDMA System -The long code PN sequence has a user distinct phase offset.

3.3.6 Characteristics Of The Different Algorithms in CDMA 3.3.6.1 The cellular authentication and voice Encryption (CAVE) [12] The cellular authentication and voice encryption (CAVE) security system used in ANSI-41 net words supporting analog, TDMA and CDMA systems is much more compels. The wireless device's private key is shared only by the wireless device and the home system, but the serving system is sent SSD, a secondary key (i.e. one that is derived from the primary key), rather than just a list of challenge response pairs. This enables the serving system to securely authenticate the wireless device any number of times without the overhead of further communication with the home system. This flexibility and efficiency does, however, require the same algorithm (CAVE) be used by all system. If a major loss of keys occurred it would be possible to update the valid wireless devices with a new SSD over the radio interface, but a serious breach of the CAVE algorithm would not be easily rectified CAVE id use 1. To generate A-Key Checksum. 2. To generate the SSD 3. To generate the CMEA Key an VPM

Fig 3.14 SAVE diagrammatically

3.3.6.2 Cellular Message Encryption Algorithm (CMEA) key (64 bit) [12] The CMEA key is used with the (ECMEA) algorithm for protection of digital data exchanged between the mobile station and the base station. Note that CMEA is not used to protect voice communications. Instead, it is intended to protect sensitive control data, such as the digits dialed by the cell phone user. A successful break of dialed (all KTMF Security and Encryption in GSM, GPRS, CDMA System

58

Security and Encryption in GSM, GPRS, CDMA System tones) by the remote endpoint and alphanumeric personal pages received by the cell phone user. Finally, compromise of the control channel contents could lead to any congenital data the user types on the keypad: calling card PIN numbers may be an especially widespread concern, and credit card numbers, bank account numbers, and voicemail PIN numbers are also at risk.

A description of CMEA We describe the CMEA speci_cation fully here for reference. CMEA is a byte oriented variable-width block cipher with a 64 bit key. Block sizes may be any number of bytes; with the block size potentially varying without any key changes. CMEA is quite simple, and appears to be optimized for 7-bit microprocessors with severe resource limitations. CMEA consists of three layers. Performs one non-linear, un keyed operation if tended to make changes propagate in the opposite direction. One can think of the second step as (roughly speaking) XORing the right half of the block from left to right; in fact, it is the inverse of the first layer.

Fig 3.15 the CMEA key

3.3.6.3 SSD –Shared Secret Data [12] The SSD (Shared Secret Data) 1

A 128 bit number that is stored in the semi-permanent memory of the mobile.

Security and Encryption in GSM, GPRS, CDMA System

59

Security and Encryption in GSM, GPRS, CDMA System 2

Is a temporary number that is updated during SSD updates.

3-SSD is divided into two parts, SSD_A (64 bits) and SSD_B (64 bits) which is used to generate the session keys for Voice, data and Signaling messages 4- The SSD is calculated simultaneously by both MS and AC 5- The SSD can be shared with the VLR

Fig 3.13 SSD update

3.3.6.4 The data key (32 bit) and the ORYX algorithm [12] A separate data key, and an encryption algorithm called ORYX, is used by the mobile and the network to encrypt data traffic on the CDMA channels. ORYX is a simple stream cipher based on binary linear feedback shift registers (LFSRs) that has been proposed for use in North American digital cellular systems to protect cellular data transmissions. The cipher ORYX is used as a key stream generator. The output of the generator is a random-looking sequence of bytes. Encryption is performed by XORing the key steam bytes with the data bytes to form cipher text. Decryption is performed by XORing the key steam bytes with the cipher text to recover the plaintext. Hence known plaintext-cipher text pairs can be used to recover segments of the key steam. In this paper, the security of ORYX is examined with respect to a known plaintext attack conducted under the assume piton that the cryptanalyst knows the complete LFSRs. For this attack, we assume that the compete structure of the cipher, including the LFSR feedback functions, is known to the cryptanalyst. The key is only Security and Encryption in GSM, GPRS, CDMA System

60

Security and Encryption in GSM, GPRS, CDMA System the initial states of the three 32 bit LFSRs: a total key size of 96 bits. there is a complicated key schedule which decreases the total key space to something easily searchable using brute-force techniques; this reduces the key size to 32 bits for export. However, ORYX is apparently intended to be strong Algorithm when used with a better key schedule that provides a full 96 bits of entropy. The attack proposed in this paper makes no use of the key schedule and is Applicable to ORYX whichever key schedule is use. Show the fig

Fig 3.16 the data key

3.3.6.5 Private long mask (PLM) [12] CDMA system is the 42-bit PN (pseudo Random Noise) Sequence called "long code" to scramble voice and data . On forward link (network to mobile) , data is scrambled at a rate 19-2 KSPS ( kilo symbols per second ) and on the reverse link, data is scrambled at a rate 1.2288 MCPS(mega chips per second).

Security and Encryption in GSM, GPRS, CDMA System

61

Security and Encryption in GSM, GPRS, CDMA System

Fig 3.17 the PLM

3.3.8 Conclusion The GSM security model is broken on many levels and is thus vulnerable to numerous attacks targeted different parts of an operator’s network. Assuming that the security algorithms were not broken, the GSM architecture would still be vulnerable to attacks targeting the operators backbone network or HLR and to various social engineering scenarios in which the attacker bribes an employee of the operator, etc. further more , the secretly designed security algorithms incorporated in to the GSM system have been proven faulty . The A5 algorithm used for encrypting over-the-air transmission channel is vulnerable against known-plain-text and divide –and conquer attacks and intentionally reduced key space is small enough to make a brute- force attack feasible as will . The COMP 128 algorithm used in most GSM networks as the A3\A8has been proved faulty so that is secret key Ki can be reverse engineered

over – the –air

through a chosen challenge attacks in approximately ten hours . All this means that if some body wants to intercept a GSM call, he can do so. It cannot be assumed that the GSM security model provides any kind of security against a dedicated attacker. The required resources depend on the attack chosen .Thus, one over the GSM network. The security of GPRS networks depend upon the A3, A5 and A8 algorithms used by the GSM system to authenticate the user and the base station and cipher all data and voice traffic between them .While on the surface GPRS seems to be secure many security holes have been discovered .The smartcard used in GSM system uses an authentication system in which a challenge response is performed with the mobile units ESN (electronic serial number). The encoding used in this challenge response scheme has been shown to be vulnerable and smartcards can be thus cloned. The A5 cipher is used to encrypt all the data communications. Researchers believe that A5 is not as strong as 114 bit key length but can be broken using hardware based cryptanalysis .however such attacks are not prevalent as the importance of user data transmitted by GPRS networks is stile quite small. The CDMA systems are believed to more secure than GPRS Security and Encryption in GSM, GPRS, CDMA System

62

Security and Encryption in GSM, GPRS, CDMA System networks, mainly due to the nature of the radio frequency signaling, while it is possible to listen in on a GPRS transmission using TDMA receivers, such is not possible with CDMA. A CDMA receiver has to be coded with the correct 64 bit code to be receive a channel of CDMA traffic and without This code , or with the wrong code ,the received signal is noise ,A brute force attack to find correct code is not feasible . The code is exchanged between the sender and receiver at the handshake , which happens over an encrypted channel. IN spite of the difficulty in 'tuning ' into CDMA transmission , the data (or voice ) transmission is further encrypted . This double layer of ciphering makes CDMA security possibly quit strong . All cellular networks however vulnerable to location finding by triangulation or directional antennas .that is , an attacker can find the location of mobile station with the use of the radio monitoring equipment , This dose not compromise the privacy of the data , but the privacy of the operators location , In our simulation we faced some difficulties in 3rd G security because it is new system and it is not applied more and encryption and functions content still secrecy . We also found the algorithms in GSM as not complex as algorithms in CDMA . in the end our advice to who wants to extend in this filed to concentrate in the algorithms and function and their functionalities in the new system like CDMA .

3.3.9 Recommendations In the project we are working hard to research in the Security and encryption in GSM, GPRS & CDMA system. But we denote a recommendation to the researchers in this project to make this project complete. A recommendation are : 1- they should be research in the new algorithm which are updated by the companies. Such as A5 algorithm , we are researching about A5/1 and A5/2 algorithms but now there is new algorithm called A5/3 in the 3G system. 2- the project miss to making simulation in the security and Encryption in the CDMA system to gives a realty to the project . 3- they should be research in the structure of the algorithm and architecture of the devices and chips which has Encryption system. 4- they should be research about a way to generate a codes in CDMA system .such as PN code and Walsh code.

Security and Encryption in GSM, GPRS, CDMA System

63

Security and Encryption in GSM, GPRS, CDMA System

Chapter 4 Simulation for Security and Encryption 4.1. Introduction: This project talks about the security and Encryption in cellular system so we should need to make simulate for a security and Encryption for this system. And we will provide simple simulate in this project about the security and Encryption in GSM system and specifically an Encryption via algorithms A5 , A8and A3.And we will provide a program via language of the programming language the visual basic a program to simulate the Encryption and Security . this program is not simulate an Encryption in all sides but its simulate the important side Message Encryption and user Authentication .this program also simulate the security by make the domain for the user (specific rang) so any user out of this domain can not allowed to access this system and each user in this domain can access a system by given each user the special code. This program generates the random code for all users in the domain. A program is contain two primary part, first the transmission part .second one the receiving part, and we well describe every part of them.

4.2. Purpose: The purpose of the program is to illustrating more the ideas in the project for the readers and making simulation to be closer to the realty.

4.3. Program operations: 4.3.1 Message encryption: This program encrypts the messages and decrypts it also and we will describe the tow operations :

4.3.1.1 In transmission part or(message encryption) Message Encryption defines by pair of data transformation .the way of Message Encryption operation when the user send a message to an other user the message will Encrypt by converting every letter in the message to the ASCII code and adding shift 128 bit to each letter, then the new result from the last converting , will be converting to the different code such as ( }?>{ ).

4.3.1.2 In the receiving part or ( message decryption ) Security and Encryption in GSM, GPRS, CDMA System

64

Security and Encryption in GSM, GPRS, CDMA System the receiving message will be like codes in the receiving part, but the program will convert these codes to the origin by converting a code to the number and subtract 128 bit from the number to be ASCII code ,and convert the ASCII to the letter , the converting of ASCII depending on the table of letter

Fig 4.1 algorithm of message encryption

4.3.2 User Authentication In this section a program simulates the Authentication for users to make a system very secure and private .the steps of Authentication operation are: First the users should be enter the size or capacity of the domain by entering the first mobile number and the last mobile number , Next u can chose any number between the first NO and last No for example first NO 733333333 and last NO 733334333 , the authorized user is between these numbers. Finally the program will generates the random for all authorized users, after that

Security and Encryption in GSM, GPRS, CDMA System

65

Security and Encryption in GSM, GPRS, CDMA System

Fig 4.2 algorithm for user Authentication

4.4.Program code : 4.4.2 Code of program Private Sub Command1_Click() Dim OurCodeMyString(200), CodeMyString(200), MyString(200) As String Dim CodeStringPrint As String Dim J, I, S, U As Integer S = Len(Text1.Text) ‫تخزين حروف الرسالة في متغير‬ For U = 1 To S MyString(U) = Mid$(Text1.Text, U, 1) Security and Encryption in GSM, GPRS, CDMA System

66

Security and Encryption in GSM, GPRS, CDMA System Next U

‫الحصول على قيم السكي للرسالة الصلية‬ For I = 1 To S CodeMyString(I) = Asc(MyString(I)) Next ‫لطباعة السكي للرسالة الصلية‬ Text2.Text = "" For I = 1 To S Text2.Text = Text2.Text & CodeMyString(I) & ", " Next I ‫سيتم عملية تشفيرالسكي للرسالة الصلية‬ 128 ‫ تجعلة اكبر من‬128 ‫حيث السكي الذي قيمتة اقل من‬ 128 ‫ تجعلة أصغر من‬128 ‫والسكي الذي قيمتة أكبر من‬ For J = 1 To S If CodeMyString(J) < 128 Then OurCodeMyString(J) = CodeMyString(J) + 128 Else OurCodeMyString(J) = CodeMyString(J) - 128 End If Next J ‫سيتم طباعة الرسالة الصلية مع وضع التشفير الجديد‬ Text3.Text = "" For J = 1 To S Text3.Text = Text3.Text & OurCodeMyString(J) & ", " Security and Encryption in GSM, GPRS, CDMA System

67

Security and Encryption in GSM, GPRS, CDMA System Next J ‫سيتم طباعة الرسالة المشفرة بالحرف‬ Text4.Text = "" For J = 1 To S Text4.Text = Text4.Text & Chr(OurCodeMyString(J)) Next J End Sub Private Sub Command2_Click() NewMobileNo = 322222221 'First Code No. =322222221 ' Last Code No. =322223222 Text7.Text = NewMobileNo Text8.Text = NewMobileNo + (Val(Text6.Text) - Val(Text5.Text)) End Sub Private Sub Command3_Click() Form2.Show 1 End Sub Private Sub Command4_Click() End End Sub Private Sub Command5_Click() x = InputBox("enter N.") If x < Val(Text5.Text) Then Security and Encryption in GSM, GPRS, CDMA System

68

Security and Encryption in GSM, GPRS, CDMA System MsgBox "Error, x is smaller " ElseIf x > Val(Text6.Text) Then MsgBox "Error, x is Higher " Else choise = x - Val(Text5.Text) + 322222221 MsgBox choise End If End Sub Private Sub Command6_Click() MsgBox "That project was Prepared by:" & Chr(13) & "Ammar Ahmed Naji" & Chr(13) & "Mohammed Ali AlMashraei" & Chr(13) & "Mohammed Qasem Saleh" & Chr(13) & "15-6-2006AM" End Sub

Show of program interface

Security and Encryption in GSM, GPRS, CDMA System

69

Security and Encryption in GSM, GPRS, CDMA System

1G First Generation (Mobile Communications) 4.5. Conclusion 2G Second Generation (Mobile Communications) this program 3G simulates the Authentication and message Encryption by the simple way . Third Generation (Mobile Communications) we are recommending in the security and Encryption providing 3GPP any researchers Third Generation Partnership Projectto(of ETSI) a program which simulate the 8PSK Eight system phase Shift Keying security and Encryption in the CDMA and any application of the algorithms in this system A A interface AAL ATM Adaptive Layer AAL2 ATM Adaptation Layer Type 2 AAL5 ATM Adaptation Layer Type 5 Abis Abis interface AC Authentication Center AES Advanced Encryption Standard AKA Authentication and Key Agreement ALCAP Access Link Control Application Part ALCAP Advanced Mobile Phone Service AMPS Adaptive Multi-Rate (speech codec) AMR Standards Committee T1 Telecommunication of the ANSI T1 American National Standards Institute ARIB/TTC Association of Radio Industries and Business/Telecommunication Technology Committee ASN.1 Abstract Syntax Notation One ATM Asynchronous Transfer Mode AuC Authentication Center BEC Backward Error Correction BMC Broadcast/Multicast Control BSC Base Station Controller BSS Base Station Subsystem BTS Base Transceiver Station CAMEL Customized Application for Mobile Enhanced Logic CAP CAMEL Application Part CATT China Academy of Telecommunication Technology CAVE Cellular Authentication and Voice Encryption CBR Constant Bit Rate (data stream) CC Call Control CCITT Comité Consultative International Téléphonique et Abbreviations Telecommunication CCS7 Common Control Signaling System No 7 CDMA Code Division Multiple Access CDMA2000 3rd Generation Code Division Multiple Access Security and Encryption in GSM, GPRS, CDMA System 70 CMEA Cellular Message Encryption Algorithm CN Core Network CRNC Controlling RNC (Radio Network Controller)

Security and Encryption in GSM, GPRS, CDMA System

CS Circuit Switched CS-CN Circuit Switched Core Network CSE CAMEL Service Environment CT Conformance Test D-AMPS Digital AMPS DCH Dedicated Channel DECT Digital Enhanced Cordless Telephone DL Downlink DPC Destination Point Code DRNC Drift Radio Network Controller DRNS Drift Radio Network Subsystem DTE Data Terminal Equipment EDGE Enhanced Data Rates for GSM Evolution EFR Enhanced Full Rate (speech codec) EIR Equipment Identity Register ESE Emulation Scenario Editor ESN Electronic Serial Number ETSI European Telecommunication Standards Institute FDD Frequency Division Duplex FDMA Frequency Division Multiple Access FEC Forward Error Correction FER Frame Error Rate GGSN Gateway GPRS Support Node GMM GPRS Mobility Management (protocols) GMSC Gateway MSC GMSK Gaussian Minimum Shift Keying GPRS General Packet Radio Service GSM Global System for Mobile Communication GSM-R GSM Railway GSMSCF GSM Service Control Function GSMSSF GSM Service Switching Function GTP GPRS Tunneling Protocol GTP-C GTP Control GTP-U GTP User HLR Home Location Register HO/HoV Handover HSCSD High Speed Circuit Switched Data ICO Intermediate Circular Orbits Security and Encryption in GSM, GPRS, CDMA System IDC International Data Corporation IETF Internet Engineering Task Force

71

Security and Encryption in GSM, GPRS, CDMA System

International Mobile Equipment Identification International Mobile Telecommunications 2000 International Mobile User Number Intelligent Network Internet Protocol IP version 4 IP version 6 Interim Standard ´95 Integrated Services Digital Network Internet Service Provider ISDN User Part International Telecommunication Union SS7 ISUP Tunneling UTRAN interface between RNC and CN UTRAN interface between Node B and RNC UTRAN interface between RNC and the circuit switched domain of the CN UTRAN interface between RNC and the packet switched Iu-PS domain of the CN UTRAN interface between two RNCs Iur Implementation Under Test IUT Interworking Function IWF kilobits per second Kbps Logical Link Control - Relay LLC Relay Medium Access Control MAC Mobile Application Part MAP Megabits per second Mbps Message Building System MBS Multi-Carrier MC Multi-Carrier CDMA MC-CDMA Multi-protocol Encapsulation MCE Multi Network Datagram Transmission Protocol MDTP Mobile Equipment ME Mobility Management (protocols) MM Mobile Services Switching Center, Message Sequence MSC Chart Mobile Satellite System MSS Mobile Telephone MT Security and Encryption in GSM, GPRS, CDMA SystemPart 72 Message Transfer MTP Message Transfer Part level 3 (broadband) for Q.2140 MTP3b IMEI IMT-2000 IMUN IN IP IPv4 IPv6 IS-95 ISDN ISP ISUP ITU ITUN Iu Iub Iu-CS

Security and Encryption in GSM, GPRS, CDMA System

Non-Access Stratum Node B Application Protocol Network Elements Nordic Mobile Telephone Network-Node Interface UMTS Base Station Non-Real Time Network Switching Subsystem Operation and Maintenance Operation and Maintenance Center Open Service Architecture Operation Subsystem Over The Air Service Provisioning Personal Digital Communication Packet Data Convergence Protocol Plesiochronous Digital Hierarchy Packet Data Network Protocol Data Unit Public Land Mobile Network Private Mobile Radio Packet Switched Public Switched Core Network Public Switched Telephone Network Quality of Service (ATM network channels) Quadrate Phase Shift Keying (or, Quaternary Phase Shift Keying) Radio Access Bearer RAB Radio Access Network RAN Radio Access Network Application Part RANAP Random challenge RAND Radio Link Control RLC Radio Link Protocol RLP Radio Network Controller RNC Radio Network Subsystem RNS Radio Network Subsystem Application Part RNSAP Radio Network Temporary Identity RNTI Radio Resource RR Radio Resource Control RRC Radio Resource Management RRM Security and RTT Encryption in GSM, GPRS, System Technology RadioCDMA Transmission Signaling ATM Adaptation Layer SAAL Signaling Connection Control Part SCCP NAS NBAP NE NMT NNI Node B NRT NSS O&M OMC OSA OSS OTASP PDC PDCP PDH PDN PDU PLMN PMR PS PS-CN PSTN QoS QPSK

73

Security and Encryption in GSM, GPRS, CDMA System

Security and Encryption in GSM, GPRS, CDMA System

74

Security and Encryption in GSM, GPRS, CDMA System

SCTP Simple Control Transmission Protocol SDH Synchronous Digital Hierarchy SDO Standard Developing Organization SGSN Serving GPRS Support Node SIM Subscriber Identity Module SM Session Management protocols SRNC Serving Radio Network Controller SRNS Serving Radio Network Subsystem SS7 =CCS7 (Common Control Signaling System No. 7) SSCOP Service Specific Connection Oriented Protocol SSD Shared Secret Data SSF Service Switching Function STC Signaling Transport Converter STM1 Synchronous Transport Module - level 1 SUT System under Test SW Software TACS Total Access Communication System TC Transcoder TD-CDMA Time Division-Code Division Multiple Access TDD Time Division Duplex TDMA Time Division Multiple Access TD-SCDMA Time Division - Synchronous CDMA TEID Tunneling Endpoint ID TETRA TErrestrial Trunked Radio Access TIA Telecommunications Industry Association TN-CP Transport Network-Control Plane TPC Transmission Power Control TRAU Transcoder and Rate Adaptation Unit TS Technical Specification TTA Telecommunications Technology Association U MSC UL Uplink U MSC Mobile Switching Center (the integration of the Um GSM Air Interface MSC and the SGSN in one physical entity (UMTS+MSC = UMTS Universal Mobile Telecommunication System UMSC) U MSC-CS UNI User-Network Interface U MSC Circuit Switched U MSC-PS UP User Plane U MSC Packed Switched U SIM USIM UMTS Subscriber Identity Module UMTS Subscriber Interface Module U SSD UTRA UMTS Terrestrial Radio Access Unstructured Supplementary Service Data UBR UTRAN UMTS Terrestrial Radio Access Network Unspecified Bit Rate (data stream) UDP Uu UMTS Air interface User Datagram Protocol UE UWC-136 Universal Wireless Communication User Equipment UICC VBR Variable Bit Rate (data stream) UMTS IC Card VHE Virtual Home Environment VLR Visitor Location Register Security and Encryption in GSM, GPRS, CDMA System 75 VMSC Visited MSC W-CDMA Wide band Code Division Multiple Access WLL Wireless Local Loop

Security and Encryption in GSM, GPRS, CDMA System

References Security and Encryption in GSM, GPRS, CDMA System

76

Security and Encryption in GSM, GPRS, CDMA System [1]-M. Rahnema, “Overview of the GSM System and Protocol Architecture [2]- j. Scourias “over view of the Global system gor mobile communication [3]- Vijay k. Garg Joseph E. Wilkes “ Principles & application of GSM” [4]- A. long-Garcia and l.wadjaja, “communication networks: fundamental concepts and key architecture “ [5]. Greg Rose, Qualcomm Inc., Australia. “Authentication and Security in Mobile Phones “ [6]. Frank Quick “Security in CDMA Wireless Systems”, Qualcomm Inc., February 1997 [7]. Mullaguru Naidu” Security Aspects of Mobile Wireless Networks,” , July 2002. [8]. Geir Stian Bjaen and Erling Kaasin , “Security in GPRS “, Grimstad, may 2001. [9]. Vijaya Chandran Ramasami , Kuid 698659, “security ,authentication and access control for mobile communication” [10]M. Rahnema, “Overview of the GSM System and Protocol Architecture”, IEEE Communication Magazine, April 1993 [11]- L. Pesonen, “GSM Interception”, November 1999 [12]- Amit Balani” Authentication and Encryption in CDMA SYSTEM “ [13]- Prof. Sridhar Iyer “Session 6 CDMA “ IIT Bombay [14]- Mullaguru Naidu” Security Aspect of mobile wireless Network", ,july 1997 [15]- Pages www.cdg.organdwww.Qualcomm.com GSM Association, http://www.gsmworld.com GSM World (www.gsmworld.com) GSM Association, http://www.gsmworld.com http://www.research.att.com/~janos/3gpp.html

Security and Encryption in GSM, GPRS, CDMA System

77

Related Documents

Gsm&gprs
August 2019 11
Gsm Gprs
November 2019 13
Gsm & Cdma
October 2019 40
Security In Gsm
June 2020 1