Analysis of the Mobile Technologies - Report Example

With the developments that are seen in mobile technologies, there has been a need to ensure that the standards and policies are followed well in this field. Mobile technologies are the most widely used and researched technologies currently. Many researchers have been seen to show a great interest. This paper will analyze the very current technology of GSM and its associated technologies. It is meant to assess the impact that the technology has had on mobile communications. Introduction There is a need to have secure wireless networks for secure data transmission and sharing of information. Security is an important factor and issue that is taken by many organizations today. for security to be achieved, encryption is an important aspect that should be implemented. The vendor instruction should be allowed to use the Internet so that fraud can be avoided. The purpose of this paper is to assess the second-generation networks that are referred to as GSM. This will entail an overview of the GSM architecture and a brief description of how the technology works. It will go ahead and look at how the components are connected with each other. This is done so that the subscribers are able to protect their information. Overview Group Special Mobile (GSM), developed in Europe in 1991, is a digital feature that is used for digital communication. It is regarded to be the next technology that will be used in data and voice and multimedia services. In the beginning, it was not possible to In the first generation, there was no way to use a single mobile phone from one country to another, and the quality of services was to use a mobile phone from one country and used it in another country. Therefore, users are able to travel and use their mobile number outside their country. It also provides many other services and security features such as authentication, confidentiality, and anonymity [KE05]. According to [Hei98], [Meh97], and [You04],GSM organizes the communication between its components, which are network and its subsystems, mobile stations and base stations. 1. There are various components that are associated with mobile services which include: a. Mobile equipment, this is the real device. It stores the IMEI (short for International Mobile Station Equipment Identity) and is a serial number to identify the device. b. The Subscriber Identity Module (SIM). It is a microprocessor smart card where both A3 and A8 are calculated in the GSM. It also stores: i. The mobile subscriber ISDN number, which is the real phone number ii. The International Mobile Subscriber Identity (IMSI): it is the most important part in GSM security. It has a 15 digits unique number, which consists of three parts: 3 digits of country code, 2 digits of network code, and 10 digits of mobile subscriber identification number. iii. The TMSI (short for Temporary Mobile Subscriber Identity) and is a temporary random number, changes directly when a location is changed. It is used instead of the IMSI to identify the user to the network. Also, it is stored on the network in the VLR to complete the user verification process. 2. The Base Station subsystem (BSS) involves: a. The base Station Transceiver (BTS). To connect the MS to the network through the air interface, GSM uses a group of radio transmitters named BTSs. The BTS is responsible to send and receive the radio signal, and to connect with the MS. b. The base Station Controller (BSC). Its responsibility is to maintain calls, control the BTSs, and link MS and MSC. 3. The Network Subsystems (NSS) comprise of: a. The Mobile Services Switching Center (MSC), whose responsibility is to control and switch calls in the network. b. The Authentication Center (AuC). It is a database which saves the authentication key (Ki) that is used in the authentication and ciphering operation. c. The Home Location Register (HLR) contains all important information such as IMSI, Ki, telephone number, and TMSI for each subscriber which was recorded in the network with the recent location. d. The Visitor Location Register (VLR). It contains the same information like HLR, but just for the subscribers who are recently in a given area that belongs to the VLR responsible area. Once the subscriber moves out of a VLR area, the HLR takes care of the relocation of the subscriber information from the old to the new VLR. e. The Equipment Identity Register (EIR). This is a database that stores a list of all the International Mobile Equipment Identities (IMEI). It has three different lists from the IMEI: i. White list. For all the IMEI that are accepted on the network. ii. Black list. For all the IMEI that are blocked. iii. Gray list. For the devices that has some problems on the network but still accepted by the network. Figure 1: GSM Architecture GSM Security and Algorithm. The main purpose of the security design for GSM is to save the subscriber privacy from being stolen or cloned by an attacker. In order to protect the subscriber, the GSM system uses three algorithms which are A3, A5, and A8 to authenticate the subscriber and encrypt the communication. The most important security characters in the GSM are: a. Authentication. b. Ciphering (Signaling and Data Confidentiality). c. Anonymity (Subscriber Identity Confidentiality). 1- Authentication. GSM uses Authentication to identify (confirm) subscriber to the network to ensure that the subscriber requesting the services is authorized to access the network. Then, if authentication process succeeds, which means the identity of the subscriber matches what is in the network, the service will proceed. Otherwise, if the authentication process fails, the network will assume that the subscriber is parasitical and the service will be denied [You04]. Authentication is based on the SIM, and the Authentication Key (Ki) privacy, which is unique for each subscriber. When the SIM card is first modified, the Ki (128 bit) is created in the SIM card, and also a copy is saved in the HLR. Therefore, if we find a matching in the two Ki’s values, the subscriber is authenticated [Ala05]. 1.1 A3 This is an authentication algorithm for the GSM, which is located in the SIM in the mobile station and in the AuC/HLR. Also, it is the first step to start using GSM services. That means, before a subscriber establishes the call or using GSM services, he must be first authenticated. This algorithm takes Ki and RAND (non-repeating 128 bit) as an input, and generates the SRES (32 bit) as an output [Qui04]. When a call is started, the Mobile station drives the IMSI to the network as an authentication request. Instead, it derives the TMSI to protect the subscriber from being known by attackers. After the network got the IMSI and subsequently found the Ki which is corresponding in HLR, it then regains the subscriber’s information from the AuC. Then, the VLR in the network creates a RAND (short for Random Number) and then sends this number to the Mobile station, which passes it to SIM. After that, and in the same time both the SIM and the AuC use A3 algorithm with Ki to encrypt the RAND and get 32-bit sign response (SRES). After which, the Mobile station sends the SRES via air interface to the network. The VLR in the network matches the value of the SRES from the SIM with its value. If the two values are equal, which means the two Ki’s are the same, the phone has been authenticated and the subscriber can access the network. If the two values are not equal, the request is dismissed [Rhe09], [Sch03]. Figure 2: A3 Authentication Algorithm. Figure 3: Authentication in GSM. 2- Confidentiality (Ciphering): Ciphering is an important technique to keep the communication over the radio connection reliable, and the subscriber’s data and signal privet. All calls and data are encrypted in the GSM between the MS and BSS to make it unreadable to anyone. 2-1 The A8 ciphering key generating algorithm: Once the subscriber is authenticated, the MS and BSS are able to start the encryption by generating a 64-bit cipher key (Kc) from the A8 algorithm that is tasked with ciphering key generation. This algorithm, A8, is stored in the MS and the network, and takes the same as A3 inputs, which are the Ki and RAND [Qui04], [Sch03]. Figure 4: A8 ciphering key generation Algorithm. GSM supplier nearly always uses a combined algorithm known as COMP128 for the A3 and A8 algorithm. The COMP128 algorithm takes the RAND and Ki, and creates the Kc with SRES at the same time as an output [You04]. Figure 5: COMP128 Algorithm. The COMP128 was described as the weakest algorithm due to the fact that it had a flaw that made it unsecure. By using this algorithm, the attackers are able to clone the SIM and extract the Ki from the SIM so that the intruder can access the subscribers SIM. Therefore, as a response, a new version was developed, COMP128-2, after the COMP128 algorithm was broken in 1998. Even though the COMP128 is unsecure, many operators still use it [Pag02], [RRS02]. 2-2 The A5 ciphering/deciphering algorithm: After the Kc is generated from the A8 algorithm, the MS and BSS use the A5 algorithm to complete the encryption/decryption operation. This algorithm, which is kept in hardware in the MS and in the BSS, takes the Kc and user’s data such as voice, or multimedia as an input and then gives the encryption/decryption data. Figure 5: A5 ciphering Algorithm. Figure 6: Data encryption in GSM. There are many versions from this algorithm, but the four most common are A5/0, A5/1, A5/2 and A5/3. The A5/1 is the standard encryption algorithm because of its strong encryption. It is used in Western Europe, America and Australia. The A5/2 is common in Asia and other parts of the world (Mishra67). It is not as strong as A5/1, so it has less data protection. The A5/0 has no encryption at all, which means that the whole data is unsafe. A5/3 is the newest one. It is used in the ciphering algorithm of UMTS (Universal Mobile Telecommunications System), which is a third generation mobile cellular technology [Rhe09], [Qui04]. Summary of A5/0, A5/1, A5/2, and A5/3 A5/1 is a stream cipher that is exploited in the privacy of the over-the-air communication. How this works is that the transmission of the GSM is organized into bursts. A typical burst is that the transmission is sent after every 4.615 milliseconds and has information worth 114 bits. Its initialization is by use of 64-bit key combined with 22-bit frame number. On the other hand, A5/0 is security-less cipher. It has not security defined and therefore is not used by any association. A5/2 is a stream cipher that is used to provide security of voice communication in GSM communications. The cipher works in such a way that four linear shift registers are combined with clocking which is irregular and non-linear combiner. It was however found to be weak and needed to be amended. It was then that A5/3 was introduced. The latest format is that of A3/3. Its definitions are still under process (Aggelou073). 3- Anonymity (Subscriber Identity Confidentiality): To achieve Subscriber Identity Confidentiality, GSM uses the TMSI instead of IMSI to be transferring over the radio link from the MS to the network and visa versa. Therefore, the attacker cannot know who the subscriber is, or trace the call. However, the IMSI is transferred to the network only in the first using new phone to identify the subscriber to the network. After that, the TMSI, which is a changeable value, is created for the subscriber to store his location and information. The network determines a new TMSI and transfers it to the MS over an encrypted path every time a location is updated. Then, the MS stores the new TMSI in the SIM to use it later in the authenticating process [Qui04]. Weaknesses of GSM One of the weaknesses of GSM can be attributed to the general weaknesses that are associated with radio/RF technical; they are associated with interference. GSM means that the telephone number that someone has can be used and accessed and blocked by any telemarketers who are calling it. If control depends on SMS, then the SMS delivery will delay. There is also a weakness that is evident in GPRS and EDGE technologies which are susceptible to traffic congestion and traffic hours. For this reason, delivery during heavy traffic is problematic and has a lot of problems (Friedhelm72). Conclusion It is evident that there is much that has been done in GSM technologies. One important factor that the developers and engineers are working on right now is security. Most improvements have been done to ensure that the technology is secure. Mobile communications are based on reliability, efficiency and effectiveness. The developments that have been developed and discussed in the paper have been based on these three features. Although it is evident that UMTS and 3G technologies are seen to be improving GSM in various ways, security being a key issue, GSM is still here to stay and will be used for many years to come only safe for the fact that there need to provide a safe and effective transition to 3G. GSM still has admirable features that makes it attractive and still preferred and be used for some many years to come. References Aggelou Neonakis, 2001: On the relaying capability of next-generation GSM cellular network. Wiley Online Library. Tenikay, Samuel, 2001: Handover and channel assignment in mobile cellular network. Communications Magazine, 56pp. Mishra Mike, 2004: Fundamentals of Cellular Network Planning & Optimisation. Wiley Online Library, 62pp Rahnema Mike, 2003: Overview of the GSM system and protocol architecture. Communications Magazine. 632pp Friedhelm Hillebrand, 2002: GSM and UMTS : The creation of global mobile communication. Wiley Online Library, 261pp. Charles Brookson, 1994: GSM security: a description of the reasons for security and the techniques. IEE, 243pp. Praphul Chandra, 2005: Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security. Elsevire Inc, 632pp. Sajal Kumar Das, 2010: Mobile Handset Design. WIELY, 243pp. Jörg Eberspächer, Hans-Joerg Vögel, Christian Bettstetter, and Christian Hartmann, 2009: GSM - Architecture, Protocols and Services. Third edition, WILEY, 524pp. Vijay K. Garg, 2007: Wireless Communications & Networking. Morgan kaufmann publishers of Elsevier,625pp. Gunnar Hein, 1998: GSM Networks: Protocols, Terminology, and Implementation. Artech House, Boston. London, 282pp. Basar Kasim and Levent Ertaul. GSM SECURITY I, 2005: Proceedings of the International Conference on Wireless Networks, ICWN’05, June, Las Vegas, 534pp. David Margrave, 1999: GSM Security and Encryption. George Mason University, 315pp. Asha K. Mehrotra, 1997: GSM System Engineering . Artech House Mobile Communications Series, Artech House INC, 341pp. Rogier Noldus, 2006: CAMEL: Intelligent Network for the GSM, GPRS and UMTS network. WILEY, 612pp. Kaisa Nyberg, 2004: Cryptographic Algorithms For Umts. Nokia Research Center, 514pp. Paulo S. Pagliusi, 2002: A Contemporary Foreword on GSM Security. Proceedings of the International Conference on Infrastructure Security. Dl ACM digital library, 512pp. Lauri Pesonen, 1999: GSM Interception. Helsinki University of Technology. 274pp. Jeremy Quirke, 2004: Security in the GSM system. AusMobil. 421pp. Man Young Rhee, 2009: Mobile Communication Systems and Security. John Wiley & Sons (Asia) Pte Ltd, 723pp. Josyula R. Rao, Pankaj Rohatgi and Helmut Scherzer, 2002: Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards. IEEE Symposium on Security and Privacy , 723pp. Jochen Schiller, 2003: Mobile communication. Second edition, Addison Wesley, Pearson education limited, 726pp. Jhon Scourias, 1997: Overview of the Global System for Mobile Communications. Waterloo University, 612pp. Shivi Saxena and Arpit Kuma, 2012: Security aspect: Tetra And GSM. International Journal of Research in IT & Management. 2(2), 317- 326. Paul Yousef, 2004: GSM-Security: a Survey and Evaluation of the Current Situation. M.A thesis, Linköping universities, Sweden, 321pp. Read More