GSM Security and Authentication

1. Introduction

Global System for Mobile Communication (GSM) is a digital second generation

(2G) cellular communication system, initiated by Europeans and widely used all

over the world. GSM together with other modern communication technologies

provide a range of services which include voice and video calling service, short

messaging service (SMS), multimedia messaging service (MMS), call divert, call

waiting, call forwarding, and call baring services, circuit-switched data (HCSD),

packet-switched data (GPRS), enhanced GSM (EDGE) and Universal Mobile

Telecommunications Service (UMTS). More than 2 billion people around the

world use GSM for different purposes. Most of them use this system for calling

and messaging but some also use the system for internet and mobile TV.

Cellular communication systems make use of microwave radio links. The security

and authentication of the services provided under these kinds of systems is an

important issue to discuss. The first generation cellular communication systems,

like NMT, TACS and AMPS, were less secure. This resulted in significant levels

of fraudulent activities. These kinds of activities did great damage to the

subscribers as well as the network operators [1]. There was a need to authenticate

users of the system so that the resources would not be misused by nonsubscribers

[2]. This was also realized that these systems need implementation of higher level

of security protocols than the traditional fixed line phones, which offer some

secure communications because the hacker need to have physical access to the

subscriber’s line. Therefore, to protect the system against such kinds of threats,

1
 several possible measures were taken. Hence, a new mobile communication

system, so called GSM, came into existence. The objective behind GSM was to

provide a secure and authenticated communication services to the mobile phone

subscribers, and make an efficient use of the electromagnetic radio spectrum.

For GSM, like many other widely used communication systems, security is

crucial. The security involves mechanisms used to protect different shareholders,

like subscribers and service providers [3]. This essay discusses the security

features of GSM. Different aspects of GSM security are taken into consideration

like subscriber authentication, data encryption, privacy, and user identity.

2. Encryption and Security in GSM

GSM incorporates certain security features that prevent (1) unauthorized use of

the network as it maintains the identity and authentication key of the subscriber on

the subscriber’s identity module (SIM), and (2) over-the-air interfacing through

ciphering of the user and signaling data. Subscriber’s identity (IMSI) is further

protected by a temporary number, so called the Temporary Mobile Subscriber

Identity (TMSI) number [4]. The TMSI number is much smaller in length than the

IMSI number. This is temporary because it keeps on changing from call to call.

Hence, it frees up some signaling space on the spectrum, and there is no need to

on-air the original IMSI, therefore ensuring the confidentiality of the subscriber’s

data and location. References [1-2] and [4-6] provide relevant GSM specifications

and other discussions on security, authentication and encryption. The architecture

of GSM is best understood by the following Figure 2.1 [2].

2
 Figure 2.1: GSM Architecture

There are four basic security services provided by GSM [2]:

1) Anonymity: TMSI assignment;

2.1. Anonymity

Any subscriber of a mobile network is identified by a unique and permanently

attached identifier to the subscriber, called an IMSI. This IMSI has to be

protected over the air interface. GSM does this by making use of a technique,

so called Anonymity. In this technique, the mobile subscriber is temporarily

assigned an ID that is known as TMSI. The TMSI is used instead of IMSI

whenever the system wants to address the subscriber. Both the permanent and

temporary IDs are stored in the SIM. When a mobile phone first switch on in

a new Mobile Switching Center (MSC) or Visitor Location Register (VLR)

area, the real identity (IMSI) is used and a temporary identification (TMSI) is

3
 issued. From then on the TMSI is used for all communication between mobile

and the system. [2]

Figure 2.2: TMSI assignment process as a result of location updates [2].

The subscriber identity confidentiality procedure for the protection of IMSI is

described in the Figure 2.2. Anonymity is the procedure of keeping the IMSI

confidential from the unauthorized individuals or entities. This feature

protects user’s identity from being stolen or hacked, hence, ensuring a high

degree of privacy to the user. This feature also provides better security to the

GSM network operators as they can easily identify the users present on the

network, resulting in correct billing of the phone calls and other services.

2.2. Authentication

The authentication feature ensures to a very high level of probability that the

user is who they claim to be [2]. This feature protects the GSM network from

4
any unauthorized or misuse. The subscriber authentication is performed at

every call attempt, location update, and every time when the mobile set is

switched on and off.

Authentication uses a technique that can be described as a Challenge and

Response technique [2]. A simple representation of authentication is shown in

Figure 2.3.

Figure 2.3: Authentication process [2].

The Challenge and Response authentication technique makes use of an

algorithm named A3. The generic process of GSM authentication is described

in Figure 2.4.

Figure 2.4: Generic GSM Authentication Process [2].

5
The A3 algorithm computes the response of the network and the mobile

subscriber unit, at the same time, by using the secret key of the mobile

subscriber and a random key generated by the Authentication Center (AuC)

of GSM network. This random number is made available to the mobile

subscriber unit via network to compute the response. The authentication

process is carried out at the MSC and the mobile, simultaneously. The

responses are then compared and access to the network is granted if both are

same. Only the random number and the mobile subscriber response (SRES)

are transmitted over the radio interface between the MSC and the mobile.

Hence the secret key is not disclosed to anyone. This secret key is issued to

the subscriber at the time of first registration, and is stored in the SIM and the

AuC. The AuC uses this secret key to identify the user as well as to generate

some keys and numbers based on that secret key to use for further

authentication processing. Another algorithm called A8 is used in further

authentication process to generate the cipher key.

The AuC begins authentication and cipher key generation procedures after

receiving the subscriber’s identification information from the location

registers (HLR/VLR). The AuC first queries the HLR for the subscriber’s

authentication key, Ki. It then generates a 128-bit RAND for use as a

challenge to be sent to the mobile set for verification of the mobile set

authenticity. RAND is also used by the AuC, with Ki in the algorithm A3 for

authentication, to calculate the expected correct response, SRES, from the

mobile subscriber unit. RAND and Ki are also used in the AuC to calculate

6
 the Kc with algorithm A8. SRES is a 32-bit number, and Kc is a 64-bit

number. [2]

The complete procedure for user authentication in a GSM system is best

described in Figure 2.5.

Figure 2.5: Complete authentication procedure in GSM [2].

2.3. Encryption

This feature ensures the privacy and confidentiality of the information, either

voice or message, of the subscriber as well as the user-related signaling

information. Everything is ciphered and all other information is protected.

Encryption of data is must against eavesdropping. This can be achieved using

the following process. The network generates a random number and sends to

7
the mobile. The mobile uses that random number along with its secret key to

encrypt the plain text. The plain text is then transformed into a ciphered text.

In this process, series of bits are transformed by mathematical or logical

functions into another series of bits which are encrypted bits then. The

encryption process is illustrated in Figure 2.6 [2], where the input is the Plain

text and the output is Cipher text.

Figure 2.6: Encryption process.

The confidentiality of the information elements carried on the radio path

(signaling and user data) is ensured by systematic encryption. The

ciphering/deciphering algorithm (called A5) uses a cipher key Kc that is

generated during the authentication procedures. Kc is computed from the

RAND by an algorithm (called A8) driven by Ki. Figure 2.5 shows the

process of generating the cipher key Kc. The sequential steps for encryption

and decryption process are shown in Figures 2.7 and 2.8 [2].

8
 Figure 2.7: Illustration of encryption and decryption process.

The algorithms are applied before the data is sent over the radio link. The user

as well as signaling data is protected by manipulating the 114 radio bits that

fill each normal burst in a TDMA frame. A reverse manipulation is performed

in the receiver immediately after the data stream is recovered in the receiver.

Ciphering/deciphering keys have to be generated for each TDMA frame by a

stream cipher algorithm. A stream cipher algorithm with so-called linear

feedback shift registers (LFSRs) is used in GSM. The A5 is first fed with the

64-bit cipher key Kc (for initialization) and the current 22-bit TDMA frame

number. Note that Kc may actually contain less than 64 bits of significance;

64 significant bits implies maximum security. [4]

9
 Figure 2.8: GSM encryption process.

A short (not-so-secure) Kc is accompanied by enough zeros in order to fill all

64 bits of the A5 register. Because the output is also a function of the current

TDMA frame number, the output of the clocked A5 shift registers, the

ciphering keys, is different for each TDMA frame and has two different

uplink and downlink cipher sequences of 114 bits each. Finally, the data is

XOR with the cipher keys in order to have enciphered data. To recover the

transmitted enciphered data, the receiver needs to use the same cipher key for

decryption (XOR with received radio bits) that was used by the transmitter

for encryption. [4]

10
 2.4. SIM and IMEI

The identity of the subscriber (IMSI) and the authentication key is stored in

the SIM. The IMEI is the mobile equipment identification number which is

used to identify the mobile equipment being used over the network. Both of

these assure that no stolen or unauthorized user and mobile equipment is used

in the system.

3. Conclusion

The objective of this essay is to clearly outline the security features adopted in

GSM. The older mobile communication systems, like NMT, TACS, and AMPS,

showed that improper authentication mechanisms result in impersonate

subscribers. This did a great financial damage to the network operators as there

was no billing information with the operator. GSM is the first secure mobile

communication system. The evolution of GSM rectified this problem as certain

authentication algorithms were used for subscriber identity and correct billing.

The GSM facilitates both the subscriber and the network operator by providing

them a variety of services and security features to ensure their protection against

many fraudulent and deceitful activities, as well as unauthorized use of the

services.

GSM authentication architecture ensures that the network is accessed by the

genuine subscribers only. The radio link is ciphered in order to protect

subscriber’s calling information from being stolen or hacked. The subscriber’s

connection and data is encrypted in such a way that there is no eavesdropping.

The details and the location of the subscriber are protected, and full privacy is

11
 ensured to the users of the system. This is done by using different ciphering

algorithms, as described in the essay. The use of enciphering is one of several

important contributions of GSM. To protect the location address of the system

user and to understate eavesdropping, instead of user’s IMSI, a temporary

subscriber identity (TMSI) number is assigned to each active user on the system

which keeps changing from call to call.

In short, the GSM is a reasonably secure mobile communication system. The

development in the architecture of GSM and further enhancement in the

communication technologies, like the development of UMTS introduced more

secure mobile communications because of the fact that it uses a longer

authentication key, making it more and more difficult to break the cipher

algorithms.

References and Bibliography

[1] Raymond Steele, Chin-Chun Lee, Peter Gould. (2001). GSM, cdmaOne and

3G Systems. pp. 145-148. England: John Wiley & Sons, Inc. (0471491853)

[2] Asha Mehrotra. (1997). GSM System Engineering. pp. 151-167. Boston-

London: Artech House, Inc. (0890068607)

[3] Paul Yousef. (2004, Mar. 5). GSM Security: a Survey and Evaluation of the

Current Situation. Master’s Thesis: Linkoping Institute of Technology.

Retrieved December 9, 2007, from Linkoping University Electronic Press

Web site: [Link]

12
[4] Siegmund M. Redl, Matthias K. Weber, Malcolm W. Oliphant. (1998). GSM

and Personal Communications Handbook. pp. 459-462. Boston-London:

Artech House, Inc. (0890069573)

[5] Rejis J. Bates. (2002). Broadband Telecommunications Handbook. 2nd edition,

pp. 30-33. McGraw-Hill Publishing Corporation. (0071398511)

[6] K. Daniel Wong. (2005). Wireless Internet Telecommunications. pp. 143-161.

Boston-London: Artech House, Inc. (1580537111)

[7] (2007, Dec. 9). [Link]: Your Portal to the World of GSM Security.

Retrieved December 9, 2007, from GSM-Security Web site: [Link]

[Link]/

[8] Jeremy Quirke. (2004, May 1). Security in the GSM System. (AusMobile

Paper). Retrieved December 9, 2007, from Google Search Engine Web site:

[Link]

[9] Mikko Suominen. (2003, April 15). GSM Security. Lecture slides: S-38.153

Security of Communication Protocols, University of Helsinki, Finland.

Retrieved December 9, 2007, from University of Helsinki Web site:

[Link]

[10] Max Stepanov. GSM Security. (PowerPoint introduction to GSM Security).

Retrieved December 9, 2007, from The Rachel and Selim Benin School of

Computer Science and Engineering, The Hebrew University of Jerusalem Web

site: [Link]

13
[11] Wei Zhang. (2000, Nov. 15). GSM Security Issues. Notes on Introduction to

GSM Security Issues. Retrieved December 9, 2007, from the Department of

Computer Engineering, Iowa State University Web site:

[Link]

[12] Kaj J. Grahn, Goran Pulkkis, Jean-Sebastien Guillard. (2002, June). Security

of Mobile and Wireless Networks. (Informing Science Conference Paper).

Retrieved December 10, 2007, from Informing Science Web site:

[Link]/proceedings/IS2002Proceedings/papers/Grahn152

[Link]

14