How Secure is your GSM network?

GSM services offer protection to the users and network operators against undesirable intrusion by third parties. Let’s delve deep into how the security of GSM services is ensured -- Rajiv Kumar Singh

- Advertisement -

Associated registers. The home location register (HLR) contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile. There is logically one HLR per GSM network, though it may contain several physical HLRs depending on the number of mobile subscribers, capacity of the equipment and the organisation of the network. However, even if the HLR comprises geographically-separated hardware, it logically forms a single virtual database.

The visitor location register (VLR) is a database serving temporary subscribers within an MSC area. Each MSC in the network has an associated VLR that may serve many MSCs. A mobile station roaming in an MSC area is controlled by the VLR associated with that MSC.

When an MS enters a new location area, it starts a registration procedure. The MSC incharge of that area notices this registration and transfers the identity of the location area where the MS to the VLR is situated. If this MS is not yet registered, the VLR and HLR exchange information to allow proper handling of calls involving the MS.

- Advertisement -

The authentication centre (AuC) is associated with an HLR and stores an identity key for each mobile subscriber registered with the associated HLR. This key is used to generate data, which is used to authenticate the IMSI. The key is also used to encrypt user-data and cipher communication over the radio path between the mobile station and the network.

The equipment identity register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its IMEI number. The status returned in response to an IMEI query to the EIR may be white-listed, grey-listed or black-listed. The white-listed ME is allowed to connect to the network. Grey-listed means that the terminal is under observation from the network for possible problems. The black-listed terminal has either been reported stolen or is not type-approved (the correct type of terminal for a GSM network). Black-listed terminals are not allowed to connect to the network.

GSM security mechanisms
GSM standard was designed to be a secure mobile phone system with strong subscriber-authentication and over-the-air transmission encryption. The security model and algorithms were developed in secrecy and were never published. GSM system provides solutions to a few important aspects of security including:
1. Authorising network access (authentication)
2. Protecting user-identity confidentiality (use of temporary identities)
3. Protecting user-data confidentiality (use of encryption)
4. Protecting network signalling information and the SIM module, which plays an important role in GSM security

A personal identification number (PIN) code is used as a local security (network security is not involved here) for authentication of the SIM. The PIN is stored in the SIM and is asked when the mobile phone is switched on. If three faulty PIN inputs are entered, a longer personal unblocking key is asked. If ten faulty unblocking key inputs are keyed-in, the SIM gets locked.

Authentication. Since Um is vulnerable to fraudulent access, it is necessary to determine whether the IMSI received from the mobile subscriber is from the SIM that was assigned this particular IMSI. For this purpose, authentication of mobile subscribers is done. It is also done to protect the network against unauthorised access. It provides a degree of protection for GSM subscribers by preventing intruders from impersonating authorised users.

A request for authentication can be initiated by the MS or the network. The authentication process involves three items of information:

Ki key. A ciphering key stored permanently only in the MS SIM and in the subscriber profile in the AuC

RAND. A random number generated within the AuC

SRES. A ‘signed result’ code generated in the AuC by passing the Ki and RAND through A3 algorithm

Authentication is built around this notion and Ki that reside in only two places—in AuC and in the user’s SIM card. Since Ki is never transmitted, it is virtually impossible for unauthorised individuals to obtain this key to impersonate a mobile subscriber.



What's New @

Most Popular DIYs

Electronics Components

Truly Innovative Tech