Security of GSM System


Every day tens of millions of folks use mobile telephones over radio hyperlinks. With the growing options, the cell phone is progressively changing into a handheld laptop. In the early 1980’s, when most of the cellular phone system was analog, the inefficiency in managing the rising calls for in an economical method led to the opening of the door for digital expertise (Huynh & Nguyen, 2003). According to Margrave (n.d), “With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS)”, mobile fraud is intensive. It’s quite simple for a radio hobbyist to tune in and listen to mobile phone conversations since with out encryption, the voice and consumer knowledge of the subscriber is distributed to the community (Peng, 2000). Margrave (n.d) states that other than this, mobile fraud may be dedicated through the use of advanced gear to obtain the Electronic Serial Number in order to clone one other cell phone and place calls with that. To counteract the aforementioned mobile fraud and to make cell phone site visitors safe to a sure extent, GSM (Global System for Mobile communication or Group Special Mobile) is one of the various options now on the market. According to GSM-tutorials, shaped in 1982, GSM is a worldwide accepted customary for digital mobile communication. GSM operates within the 900MHz, 1800MHz, or 1900Mhz frequency bands by “digitizing and compressing data and then sending it down a channel with two other streams of user data, each in its own time slot.” GSM gives a safe and confidential technique of communication.

Security supplied by GSM

The limitation of safety in mobile communication is a end result of the truth that all mobile communication is distributed over the air, which then provides rise to threats from eavesdroppers with appropriate receivers. Keeping this in account, safety controls had been built-in into GSM to make the system as safe as public switched phone networks. The safety capabilities are:

1. Anonymity: It implies that it’s not easy and straightforward to trace the consumer of the system. According to Srinivas (2001), when a brand new GSM subscriber switches on his/her cellphone for the primary time, its International Mobile Subscriber Identity (IMSI), i.e. actual id is used and a Temporary Mobile Subscriber Identity (TMSI) is issued to the subscriber, which from that point ahead is at all times used. Use of this TMSI, prevents the popularity of a GSM consumer by the potential eavesdropper.

2. Authentication: It checks the id of the holder of the good card after which decides whether or not the cellular station is allowed on a specific community. The authentication by the community is completed by a response and problem technique. A random 128-bit quantity (RAND) is generated by the community and despatched to the cellular. The cellular makes use of this RAND as an enter and thru A3 algorithm utilizing a secret key Ki (128 bits) assigned to that cellular, encrypts the RAND and sends the signed response (SRES-32 bits) again. Network performs the identical SRES course of and compares its worth with the response it has acquired from the cellular in order to examine whether or not the cellular actually has the key key (Margrave, n.d). Authentication turns into profitable when the 2 values of SRES matches which permits the subscriber to affix the community. Since each time a brand new random quantity is generated, eavesdroppers don’t get any related data by listening to the channel. (Srinivas, 2001)

3. User Data and Signalling Protection: Srinivas (2001) states that to guard each consumer knowledge and signalling, GSM makes use of a cipher key. After the authentication of the consumer, the A8 ciphering key producing algorithm (saved within the SIM card) is used. Taking the RAND and Ki as inputs, it ends in the ciphering key Kc which is distributed by way of. To encipher or decipher the info, this Kc (54 bits) is used with the A5 ciphering algorithm. This algorithm is contained throughout the {hardware} of the cell phone in order to encrypt and decrypt the info whereas roaming.

Algorithms used to make cellular site visitors safe

Authentication Algorithm A3: One manner operate, A3 is an operator-dependent stream cipher. To compute the output SRES through the use of A3 is straightforward however it is extremely troublesome to find the enter (RAND and Ki) from the output. To cowl the difficulty of worldwide roaming, it was necessary that every operator could select to make use of A3 independently. The foundation of GSM’s safety is to maintain Ki secret (Srinivas, 2001)

Ciphering Algorithm A5: In current occasions, many sequence of A5 exists however the commonest ones are A5/0(unencrypted), A5/1 and A5/2. Because of the export laws of encryption applied sciences there may be the existence of a sequence of A5 algorithms (Brookson, 1994).

A8 (Ciphering Key Generating Algorithm): Like A3, additionally it is operator-dependent. Most suppliers mix A3 and A8 algorithms right into a single hash operate generally known as COMP128. The COMP128 creates KC and SRES, in a single occasion (Huynh & Nguyen, 2003).

GSM safety flaws

  • Security by obscurity. According to (Li, Chen & Ma) some folks asserts that for the reason that GSM algorithms aren’t publicized so it’s not a safe system. “Most security analysts believe any system that is not subject to the scrutiny of the world’s best minds can’t be as secure.” For occasion, A5 was by no means made public, solely its description is divulged as half of the GSM specification.
  • Another limitation of GSM is that though all communication between the Mobile station and the Base transceiver station are encrypted, within the fastened community all of the communication and signalling will not be protected as it’s transmitted in plain textual content most of the time (Li, Chen & Ma).
  • One extra drawback is that it’s onerous to improve the cryptographic mechanisms well timed.
  • Flaws are current throughout the GSM algorithms. According to Quirke (2004) “ A5/2 is a deliberately weakened version of A5/1, since A5/2 can be cracked on the order of about 216”.

Security breaches

Time to time, folks have tried to decode GSM algorithms. For occasion, in accordance with Issac press launch (1998) in April 1998, the SDA (Smartcard Developer Association) together with two U.C Berkeley researchers alleged that they’ve cracked the COMP128 algorithm, which is saved on the SIM. They claimed that inside a number of hours they had been capable of deduce the Ki by sending immense numbers of challenges to the authorization module. They additionally stated that out of 64 bits, Kc makes use of solely 54 bits with zeros padding out the opposite 10, which makes the cipher key purposefully weaker. They felt authorities interference is perhaps the explanation behind this, as this is able to enable them to watch conversations. However, they had been unable to substantiate their assertion since it’s unlawful to make use of gear to hold out such an assault within the US. In reply to this assertion, the GSM alliance acknowledged that for the reason that GSM community permits just one name from any cellphone quantity at anybody time it’s of no related use even when a SIM could possibly be cloned. GSM has the flexibility to detect and shut down duplicate SIM codes discovered on a number of telephones (Business press launch, 1998).

According to Srinivas (2001), one of the opposite claims was made by the ISAAC safety analysis group. They asserted {that a} faux base station could possibly be constructed for round $10,000, which might enable a “man-in-the-middle” assault. As a end result of this, the actual base station can get deluged which might compel a cellular station to connect with the faux station. Consequently, the bottom station might snoop on the dialog by informing the cellphone to make use of A5/0, which is with out encryption.

One of the opposite doable eventualities is of insider assault. In the GSM system, communication is encrypted solely between the Mobile station and the Base Transceiver station however throughout the supplier’s community, all indicators are transmitted in plain textual content, which might give an opportunity for a hacker to step inside (Li, Chen & Ma).

Measures taken to sort out these flaws

According to Quirke (2004), for the reason that emergence of these, assaults, GSM have been revising its customary so as to add newer applied sciences to patch up the doable safety holes, e.g. GSM1800, HSCSD, GPRS and EDGE. In the final yr, two vital patches have been carried out. Firstly, patches for COMP 128-2 and COMP128-Three hash operate have been developed to handle the safety gap with COMP 128 operate. COMP128-Three fixes the difficulty the place the remaining 10 bits of the Session Key (Kc) had been changed by zeroes. Secondly, it has been determined {that a} new A5/Three algorithm, which is created as half of the third Generation Partnership Project (3GPP) will substitute the outdated and weak A5/2. But this alternative would lead to releasing new variations of the software program and {hardware} in an effort to implement this new algorithm and it requires the co-operation of the {hardware} and software program producers.

GSM is popping out of their “security by obscurity” ideology, which is definitely a flaw by making their 3GPP algorithms out there to safety researchers and scientists (Srinivas, 2001).


To present safety for cell phone site visitors is one the targets described in GSM 02.09 specification, GSM has failed in reaching it in previous (Quirke, 2004). Until a sure level GSM did present sturdy subscriber authentication and over-the-air transmission encryption however totally different components of an operator’s community grew to become susceptible to assaults (Li, Chen, Ma). The motive behind this was the secrecy of designing algorithms and use of weakened algorithms like A5/2 and COMP 128. One of different vulnerability is that of inside assault. In order to attain its acknowledged targets, GSM is revising its requirements and it’s bringing in new applied sciences in order to counteract these safety holes. While no human-made expertise is ideal, GSM is probably the most safe, globally accepted, wi-fi, public customary up to now and it may be made safer by taking acceptable safety measures in sure areas.


Business Wire Press launch (1998). GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning. Retrieved October 26th, 2004 Web website:

Brookson (1994). Gsmdoc Retrieved October 24th, 2004 from gsm Web website:

Chengyuan Peng (2000). GSM and GPRS safety. Retrieved October 24th, 2004 from Telecommunications Software and Multimedia Laboratory Helsinki University of Technology Web website:

Epoker Retrieved October 27th, 2004 from Department of Mathematics

Boise State University, Mathematics 124,Fall 2004 Web website:[]

Huynh & Nguyen (2003). Overview of GSM and GSM safety. Retrieved October 25th, 2004 from Oregon State college, undertaking Web website: []

Li, Chen & Ma (n.d). Security in gsm. Retrieved October 24th, 2004 from gsm-security

Web website:

Quirke (2004). Security within the GSM system. Retrieved October 25th, 2004 from Security

Website:[] within the GSM system 01052004.pdf

Margrave (n.d). GSM system and Encryption. Retrieved October 25th, 2004 from gsm-secur Web website:

Press launch (1998). Smartcard Developer Association Clones Digital GSM

1998). Retrieved October 26th, 2004 from is sac Web website:

Srinivas (2001). The GSM Standard (An overview of its safety) Retrieved October 25th, 2004 from papers Web website:

Stallings (2003). Cryptography and Network Security: Principles and practices. USA: Prentice Hall.

Ambertemplates Banner

Source by Priyanka Agarwal

Related posts