scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Secure communication mechanisms for GSM networks

Chi-Chun Lo1, Yu-Jen Chen1
National Chiao Tung University1
01 Nov 1999-IEEE Transactions on Consumer Electronics (IEEE)-Vol. 45, Iss: 4, pp 1074-1080
TL;DR: A secure communication architecture for the GSM network is proposed that uses public-key cryptography for user authentication and stream cipher for message encryption and decryption and an authentication protocol and a key generation method are presented.
Abstract: With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

Summary (2 min read)

Jump to: [1. INTRODUCTION][Contrihuted Paper][2.3 The X.509 Three-way Exchange (2l]][2.4.1 Replay Attack [lJ][2.4.2 Guessing Attack III][3.4 Message EncryptionlDecryption(C5)][4.1.2 Operational Analysis][4.2.1 Security Analysis] and [Period]

1. INTRODUCTION

  • Mobile communications has hecome more popular and easier for the past few years.
  • Nowadays, people call communicate with each other all allY place at any (ime.

Contrihuted Paper

  • The security architecture of GSM is intended 10 prevent unauthorized network access, disallow subscriber impersonation, protect conridentiality, and provide privacy.
  • The m,tior problem of stream cipher cryp tography is the difficulty of generating a long unpredictable bit pattern .
  • An ideal kcystre<lm ill one-time pad is purely random and has infinite length.
  • The keystreClm can not be generated by the rcceiving end, and can not be distributed to the receiving end either.

2.3 The X.509 Three-way Exchange (2l]

  • The X.509 three-way exchange, described ill ITU-T Recommendations X.50C), is a novel example of a public-key based authentication protocol.
  • Key management of this protocol is seclJI'er than those of the protocols lIsing symmetric cryptography.
  • The X,509 three-wa y exchange has some noticeable problems.
  • Since the X . 50,) three way exchange performs encryption before signiug, the attacker Illay remove the signature from the ellClypted message and replace it with his own [21.
  • Furthermore, the X.509 three-way exchange docs not provide pe/feet jf'IVlJrd secrecy so that the disclosure of the private key may compromise the session k ey.

2.4.1 Replay Attack [lJ

  • An attacker can lise this attack to capture legitimate messages and retransmit them for illegal purpose, To defeat such an attack.
  • Non-repeated random /lumbers arc ollen used to ensure that all replayed messages will be detected.
  • Time stamp, sequcnce number, and challenge-response arc three different types of nonccs.

2.4.2 Guessing Attack III

  • Authentication usillg password is widely used by many security systems.
  • Password is vulnerable under the dictionary attack by which an attacker can guess the password successfully.
  • Public-key clyptography provides a means for preventing the guessing attack .

3.4 Message EncryptionlDecryption(C5)

  • The (2) base station attack if all attacker pretendee!.
  • As thc mobile uscr, he/she could !lot modify CA 's sign<1lmC on mobile 11ser's ide11lily.
  • In the third step of the eOIlIlcctioll phase, since an attacker call llut sign R.'_ without mobile user's private key, he/she is llut able tu pretend as the mobile user.

4.1.2 Operational Analysis

  • Protocol is one less than that of the X.509 three-way exchange.
  • With rega rd to signing/verification, the C3 protocol is more efficient than the X.509 three-way exchange.

4.2.1 Security Analysis

  • Two metrics, randomness and period, arc selected for security evaluation.
  • Four different types of input messages (ms) are also considered.

Period

  • The authors consider four different pairs of (1M, 1m).
  • Where 1M and In' represent the length (the number of bytes) of the initial keystream M and the input message tn, respectively.
  • For Type-I M and Ill, their period is equal to 1M and 1m, respectively.
  • For Type-2 M and I ,(] and Chen; Secure COllllllunicatioll Mccillllli,\lllS ror GSM.

Did you find this useful? Give us your feedback

Figures (5)

Content maybe subject to copyright    Report


 
   
    
   

  
   
   
 

           

               
             
        
             
           
                 
  
     
 
     
        
     
   
      
       
       
       
       
      
        
        
      
     
       
    
        
     
      
       
        
         
       
   
        
      
  
  
  
       
       
     

        
    
     
     
 
        
         
       
       
          
          
      
     
  

 
           
       
        
        
          
 




   

  

 
 

 
   
        


   
     
     
         
         
       
        
         
        

     
  
        
       
         
          
       
          
  
        
      
         
      
   
   
      

     
      
        
     

      

     
       
         
  
         

  

     
 

   
        
    
   
      
 
    
        
       
        
 
   
       
      
 

  
   
     
        
     

  
      
         
      

     
        
         
 
   
       
 

       
     
      
    
  
  

   








 


   

 
     
    
 

   
       
       
      
         
        
 

  
 
   
  
  

        
         
         
       
     
         
         
        
       
     
      
      
       
         
  
  
      
  

       
    
       
       
  
  
        
        
      

   

 
 
  
     
         
   

    
       
    
 

   
    
         
       
   
      
          

 

 
  
   
 
          

    
 

        
     
       
      
        
         

 
    
          
         
     
           
         
  

    

  

  
     
  



          

    
     
  
   

    
      
      
          

 
   
         
       
   

   
        

       

          
      
     
  

       

        

        
 
     
 
   

         
       
          
       
       
        
   
        
      
 


        

   
   

 

     
       


        
         
            
           
           

         


  





 
      
   
   

   

  
   
            
  

         

 
      
  

      

     
   
 
  
 
   

         
         
         
         
   
 
  
        
       

  

       
       
         

  
         
       

    
        
       
         
    
        
 
 
        
  
 
 
 
    
   
  
 

         
      
       
        
       
      



       
        
      
       
     
       

 
 





     
   
      
    
   
  





 








 




  







      
      
          
 
        
      
         
       
       
       

   
         
      
         
       
  

 
        
         
         
       
       
      
 
      
     
          
       
  
   
    
         
  
         
       
         
     

       



        
     
           
 
    

  
 
   

 








 





 

 

�-




 



        
 
   











 


 







 













         
  
       
           
        
        
         
      
   
           
         
         

  

         
          
        
        
         
          
Citations
More filters
Proceedings ArticleDOI
On cellular botnets: measuring the impact of malicious devices on a cellular network core

[...]

Patrick Traynor1, Michael Lin2, Machigar Ongtang2, Vikhyath Rao2, Trent Jaeger2, Patrick McDaniel2, Thomas F. La Porta2 
Georgia Institute of Technology1, Pennsylvania State University2
09 Nov 2009
TL;DR: The impact of the large scale compromise and coordination of mobile phones in attacks against the core of cellular networks is characterized and a number of countermeasures that may help to partially mitigate the threats posed by such attacks are discussed.
Abstract: The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of mobile phones in attacks against the core of these networks. Through a combination of measurement, simulation and analysis, we demonstrate the ability of a botnet composed of as few as 11,750 compromised mobile phones to degrade service to area-code sized regions by 93%. As such attacks are accomplished through the execution of network service requests and not a constant stream of phone calls, users are unlikely to be aware of their occurrence. We then investigate a number of significant network bottlenecks, their impact on the density of compromised nodes per base station and how they can be avoided. We conclude by discussing a number of countermeasures that may help to partially mitigate the threats posed by such attacks.

240 citations

Journal ArticleDOI
Bluetooth telemedicine Processor for multichannel biomedical signal transmission via mobile cellular networks

[...]

Mohd Fadlee A. Rasid1, Bryan Woodward1
Loughborough University1
01 Mar 2005
TL;DR: The paper focuses on the design of a processor, which samples signals from sensors on the patient, and transmits digital data over a Bluetooth link to a mobile telephone that uses the General Packet Radio Service.
Abstract: One of the emerging issues in m-Health is how best to exploit the mobile communications technologies that are now almost globally available. The challenge is to produce a system to transmit a patient's biomedical signals directly to a hospital for monitoring or diagnosis, using an unmodified mobile telephone. The paper focuses on the design of a processor, which samples signals from sensors on the patient. It then transmits digital data over a Bluetooth link to a mobile telephone that uses the General Packet Radio Service. The modular design adopted is intended to provide a "future-proofed" system, whose functionality may be upgraded by modifying the software.

223 citations

Proceedings ArticleDOI
Solutions to the GSM Security Weaknesses

[...]

Mohsen Toorani1, A. A. Beheshti1
Iran University of Science and Technology1
16 Sep 2008
TL;DR: The most important security flaws of the GSM network and its transport channels are presented and some practical solutions to improve the security of currently available 2G systems are provided.
Abstract: Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.

91 citations

Cites background from "Secure communication mechanisms for..."

  • ...The security architecture of GSM was originally intended to provide security services such as anonymity, authentication, and confidentiality of user data and signaling information [5]....

    [...]

Journal ArticleDOI
A new delegation-based authentication protocol for use in portable communication systems

[...]

Wei-Bin Lee1, Chang-Kuo Yeh1
Feng Chia University1
01 Jan 2005-IEEE Transactions on Wireless Communications
TL;DR: This work introduces the concept of delegation into the wireless communication system, and this new model makes this scheme an especially valuable improvement to portable communication systems.
Abstract: Portable communication systems (PCSs) provide a convenient means of communication; however, many problems arise relating to data security, user privacy, computational load, and communicational efficiency. To provide solutions for these problems, we introduce the concept of delegation into the wireless communication system. This new model makes our scheme an especially valuable improvement to portable communication systems.

88 citations

Cites background from "Secure communication mechanisms for..."

  • ...Many protocols try to enhance security or promote efficiency while maintaining the original architecture of GSM....

    [...]

Journal ArticleDOI
Extension of authentication protocol for GSM

[...]

Cheng-Chi Lee1, Min-Shiang Hwang1, Wei-Pang Yang1
National Chiao Tung University1
21 May 2003
TL;DR: The merit of the proposed protocol is that it does not cause problems and alter the existing architecture of GSM at all, and the robustness of the new protocol is also based on security algorithms A3, A5 and A8.
Abstract: An extension of the authentication protocol for GSM is proposed to improve some drawbacks of the current GSM authentication protocol including: not supporting bilateral authentication; huge bandwidth consumption between VLR and HLR; stored space overhead in VLR; and overloaded HLR with authentication of mobile stations. As a result, this new extension of the authentication protocol not only improves these drawbacks but also achieves the requirements: mutual authentication, reduction of bandwidth consumption, less storage of VLR database, security, and efficiency. The merit of the proposed protocol is that it does not cause problems and alter the existing architecture of GSM at all. The robustness of the new protocol is also based on security algorithms A3, A5 and A8.

74 citations

References
More filters
Journal ArticleDOI
Timestamps in key distribution protocols

[...]

Dorothy E. Denning1, Giovanni Maria Sacco1
Purdue University1
01 Aug 1981-Communications of The ACM
TL;DR: It is shown that key distribution protocols with timestamps prevent replays of compromised keys and have the additional benefit of replacing a two-step handshake.
Abstract: The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake.

787 citations

Book ChapterDOI
Systematic Design of Two-Party Authentication Protocols

[...]

Ray Bird1, Inder Sarat Gopal1, Amir Herzberg1, Philippe Janson1, Shay Kutten1, Refik Molva1, Moti Yung1 
IBM1
11 Aug 1991
TL;DR: A new authenticated exchange protocol is presented which is both provably secure and highly efficient and practical, and prevents chosen plaintext or ciphertext attacks on the cryptosystem.
Abstract: We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such 'solutions' can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO.We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem.The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

180 citations

Journal ArticleDOI
Systematic design of a family of attack-resistant authentication protocols

[...]

Ray Bird1, Inder Sarat Gopal2, Amir Herzberg2, Philippe Janson2, Shay Kutten2, Refik Molva3, Marcel Mordechay Yung2 
Research Triangle Park1, IBM2, Institut Eurécom3
01 Jun 1993-IEEE Journal on Selected Areas in Communications
TL;DR: A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described.
Abstract: Most existing designs for two-way cryptographic authentication protocols suffer from one or more limitations. Among other things, they require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, and they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use. Designing suitable cryptographic protocols that cater to large and dynamic network communities but do not suffer from these problems presents substantial problems. It is shown how a few simple protocols, including one proposed by ISO, can easily be broken, and properties that authentication protocols should exhibit are derived. A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described. Examples of protocols of that family that presents various advantages in specific distributed system scenarios are discussed. >

163 citations

Journal ArticleDOI
Pseudorandom bit generators in stream-cipher cryptography

[...]

K. Zeng1, Chung-Huang Yang1, D.-Y. Wei1, T.R.N. Rao1
University of Louisiana at Lafayette1
01 Feb 1991-IEEE Computer
TL;DR: Three methods for attacking keystream generators are reviewed, and three techniques for designing them are considered, focusing on how they fail or how their weakness is exposed under the attacks previously described.
Abstract: Progress in the design and analysis of pseudorandom bit generators over the last decade is surveyed. Background information is provided, and the linear feedback shift registers that serve as building blocks for constructing the generators are examined. Three methods for attacking keystream generators are reviewed, and three techniques for designing them are considered, focusing on how they fail or how their weakness is exposed under the attacks previously described. These techniques are nonlinear feedforward transformation, step control, and multiclocking. >

146 citations

Journal ArticleDOI
Mobility and security management in the GSM system and some proposed future improvements

[...]

A. Mehrotra, L.S. Golding
01 Jul 1998
TL;DR: The important role of security in the GSM system is fully explored, including authentication, encryption, and positive identification of mobile equipment before the user is provided with the service.
Abstract: Important aspects of mobility and security in the Global System for Mobile communications (GSM) system are discussed in this paper. Mobility management functions are broadly categorized into three groups: a) mobile turned on, b) mobile turned off, and c) mobile in conversation. The paper first outlines the mobile synchronization sequence followed by its mobility functions: mobile identification, authentication, international mobile station identity attach/detach, and its location update. The important role of security in the GSM system is fully explored, including authentication, encryption, and positive identification of mobile equipment before the user is provided with the service. The future of mobility management with respect to subscriber identification module roaming, intersystem roaming, advancement in mobile service, and its impact on data base requirements, is covered.

73 citations

Related Papers (5)
A new authentication protocol for GSM networks

[...]

11 Oct 1998
K. Al-Tawil, A. Akrami, Habib Youssef
Overview of the GSM system and protocol architecture

[...]

01 Apr 1993-IEEE Communications Magazine
Moe Rahnema
Privacy and authentication on a portable communications system

[...]

01 Aug 1993-IEEE Journal on Selected Areas in Communications
M.J. Beller, Li-Fung Chang, Y. Yacobi
Enhanced privacy and authentication for the global system for mobile communications

[...]

01 Jul 1999-Wireless Networks
Chii-Hwa Lee, Min-Shiang Hwang, Wei-Pang Yang
Mobility and security management in the GSM system and some proposed future improvements

[...]

01 Jul 1998
A. Mehrotra, L.S. Golding
Frequently Asked Questions (1)
Q1. What are the contributions mentioned in the paper "Secure communication mechanisms for gsm networks" ?

In this paper, a secure communication architecture for the Glohal System for Mohile communication ( GSM ) networks is proposed.