Introduction of GSM
GSM which also means (Group Special Mobile or General System for mobile communications) is the Pan-European standard for second generation (2G) digital cellular communications. GSM was introduced in 1982 within the European Conference of Post and Telecommunication Administrations (CEPT). Some of the GSM security feature includes subscriber authentication, detection of compromised equipment and also signaling and user data protection.
Security Features
Subscriber authentication means that it provides both a subscriber requesting service and also the base station. Once it is authenticated, messages may be protected by using a message integrity mechanism. Detection of compromised equipment means that there is a mechanism that helps to detect whether the mobile devices are compromised or not. For signaling and user data protection, signaling and data channels are protected over the radio path.
Threats
Some examples of GSM threats are short range of protection, and also vulnerability to replay attacks. Short range of protection means the encryption is only between MS and BSC. There is no protection over other parts of the network and the information is clearly sent over the fixed parts. For vulnerability to replay attacks, the attacker can misuse the previously exchanged messages between the subscriber and network in order to perform the replay attacks.
Solutions
Example of the GSM solutions includes end-to end security is the best, easiest and the most profitable solution is to implement the end-to-end security or security at the application layer. Securing the backbone traffic means encrypting the backbone traffic between the network components that can prevent the attacker to eavesdrop or modify the transmitted data.
www.cs.huji.ac.il/~sans/students_lectures/GSM%20Security.ppt
http://uib.academia.edu/toorani/Papers/146481/Solutions_to_the_GSM_Security_Weaknesses 
No comments:
Post a Comment