-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
1/17
Technical SeminarTechnical Seminar
onon
GSM InterceptionGSM Interception
Presented by
K. R. SRIKANT
ECE0701406044
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
2/17
CONTENTS
1. INTRODUCTION
2. GSMNETWORK
3. GSM ARCHITECTURE
4. GSMSECURITY5. AUTHENTICATION
6. GSM vs.GPRS
7. GPRS ARCHITECTURE
8. CONCLUSION
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
3/17
IntroductionGlobal System for Mobile communication (GSM) isa
globally accepted standard for digital cellular communication
It is the most widely used cellular mobile phonesystem in the
world with over 100 million GSMsubscribers.
GSM was one of the first digital mobile phonesystems to follow
the analog era.
Problem with GSM's analog counter parts:intercepting the phone
call over the air andeavesdropping on the discussion.
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
4/17
The GSM Network
A generic GSM network consists of 3 main
components:
Mobile Station
Base Station Subsystem
Network Subsystem
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
5/17
Architecture of the GSMNetwork
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
6/17
Definitions
A3 The authentication algorithm used in the GSM system.Currently
the COMP128 algorithm is used as the A3/A8implementation in most
GSM networks
A5 The encryption algorithm used in the GSM system.
There are various implementations named A5/1, A5/2,... The A5/1
is known as the strong over-the-air voice-privacy algorithm. A5/x
(A5/2 ...) are weakerimplementations targeted at foreign markets
out side ofEurope. There is also an A5/0 algorithm, which
enclosesno encryption at all.
A8 The key generation algorithm used in the GSM system.Currently
COMP128 algorithm is used as the A3/A8implementation in most
GSM
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
7/17
GSM Security Model
The GSM Security Model is based on a sharedsecret between the
subscriber's home network'sHLR and the subscriber's SIM.
Purpose Of GSM Security:Secure end-to-end channel for
confidential dataPotential embarrassment, where customers may
move to another service because of the lack of security.Strong
authentication i.e to protect the operatoragainst billing fraud
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
8/17
Mobile Station Authentication
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
9/17
Authentication Authentication involves two functional
entities:
the SIM card in the mobile
the Authentication Center (AuC).
Each GSM terminal is identified by a unique
International Mobile Equipment Identity (IMEI)number.
A list of IMEIs in the network is stored in the
Equipment Identity Register (EIR).
The status returned in response to an IMEI query tothe EIR is
one of the following:
White-listed
Grey-listed
Black-listed
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
10/17
Authentication Algorithms
A3:The Ms Authentication Algorithm
A8:The Voice-Privacy Key Generation Algorithm
A5/1: The Strong Over-the-Air Voice Privacy
Algorithm.
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
11/17
Possible Interception Attacks
Brute-Force Attack against A5
Divide and Conquer Attack against A5
Accessing the signaling network
Retrieving the key from the SIM.Retrieving the key from the SIM
over the air
Retrieving the key from the AuC
Cracking the A8 Algorithm
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
12/17
GPRS Security Vs GSM Security
In GPRS, the SGSN handles the procedures
where as in GSM it is handled by MSC.
The scope of GPRS is from the SGSN to the MSC
where as in GSM it is from BTS and MS.
The GPRS system uses a new ciphering A5algorithm which is
different from GSM.
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
13/17
GPRS Architecture
In order to integrate GPRS
into the existing GSM architecture, a
new class of network nodes, called
GPRS support nodes (GSN), has
been introduced .
It converts the GPRS
packets coming from the SGSN
into the appropriate packet data
protocol (PDP) format and sendsthem out on the corresponding
packet data network.
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
14/17
Possible Improvements
Another cryptographically secure algorithm for A3could be
used.
To employ a new A5 implementation with strongencryption so that
a brute-force attack is not feasiblein any case.
To encrypt the traffic on the operators backbonenetwork between
the network components whichwould disable the attacker from
wiretapping thebackbone network
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
15/17
Conclusion
The secretly designed security algorithms in theGSM system have
been proven faulty.
The GSM standard failed to correct the problemsof phone fraud
and call interception found in theanalog mobile phone systems by
using strongcrypto for MS authentication and over-the-air
traffic
encryptiont.The current GSM standard implements bothsubscriber
identity cloning and call interception.
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
16/17
Thank YouThank You
-
8/7/2019 K.R. SRIKANT SEMINAR ON GSM
17/17
?
![[A3] SHASTY Srikant and SRIDHAR Sanjay_Transit Oriented Development](https://img.dokumen.tips/doc/110x75/577ce47a1a28abf1038e703b/a3-shasty-srikant-and-sridhar-sanjaytransit-oriented-development.jpg)
![Pattern Discovery: an Example with Sequential Patterns [Agrawal and Srikant 1996]](https://img.dokumen.tips/doc/110x75/56813d11550346895da6ccc1/pattern-discovery-an-example-with-sequential-patterns-agrawal-and-srikant.jpg)
