liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
GSM-Security: A Survey and Evaluation of the Current Situation
Linköping University, Department of Electrical Engineering.
2004 (English)Independent thesis Basic level (professional degree)Student thesisAlternative title
GSM-säkerhet: En Översikt och evaluering av nuvarande situation (Swedish)
Abstract [en]

The Global System for Mobile Communications (GSM) is the most widely used cellular technology in the world. Approximately 800 million people around the world are using GSM for different purposes, but mostly for voice communication and SMS. For GSM, like many other widely used systems, security is crucial. The security involves mechanisms used to protect the different shareholders, like subscribers and service providers. The aspects of security that this report covers are mainly anonymity, authentication and confidentiality.

The important aspects of the system that need protection are described, along with the implementation of mechanisms used for the protection. It appears that many of the very valuable aspects of GSM can be attacked.

The anonymity of a GSM user is compromised resulting in the attacker being able to observe the time, rate, length, sources or destinations of e g calls. Even tracking a subscriber’s movements becomes possible. However, a passive attack is not sufficient to perform these attacks. The attacker needs to mount an active attack using equipment offering base station functionality.

Authentication is a crucial aspect of a wireless communication system due to the nature of the medium used, i e the radio link that is available to every one and not only the legitimate entities. Even the authentication mechanisms are attacked. It is possible to clone a subscription either by having physical access to the smart card or over the air interface. Cloning a subscription over the air requires base station functionality.

The most obvious threat against communication systems is eavesdropping on conversations. The privacy of GSM conversations is protected using some version of the A5 algorithm. There are several impressive cryptanalytical attacks against these algorithms, that break the encryption and make it possible to eavesdrop in real-time. Most of these algorithms require, however, extensive computation power and unrealistic quantities of known plaintext, which make it difficult to use them in practice. Difficulties using cryptanalytical attacks to break the confidentiality of GSM calls does not mean that conversations are well protected. Loopholes in the protocols used in GSM make it possible for an outsider, with access to sufficient equipment, to eavesdrop on conversations in real-time.

In the presence of these threats and vulnerabilities it is justified to wonder whether GSM provides sufficient security for users with very valuable information to communicate. These users may be military organisations, senior management personnel in large companies etc. GSM’s current security model does note provide sufficient protection for these entities. An additional layer of security should be added to the current security model.

Place, publisher, year, edition, pages
Institutionen för systemteknik , 2004. , 104 p.
Series
LiTH-ISY-Ex, 3559
Keyword [en]
Datorteknik, GSM, security, attacks, cryptanalysis, protocols, flaws resources
Keyword [sv]
Datorteknik
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:liu:diva-2273OAI: oai:DiVA.org:liu-2273DiVA: diva2:19603
Uppsok
teknik
Available from: 2004-08-31 Created: 2004-08-31

Open Access in DiVA

fulltext(1177 kB)6108 downloads
File information
File name FULLTEXT01.pdfFile size 1177 kBChecksum MD5
af519123abeab8aff336d3668c1a9496874a3b804439de1d92700c5c762ae859ebea1c1d
Type fulltextMimetype application/pdf

By organisation
Department of Electrical Engineering
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 6108 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 3612 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf