Home
Home
Introduction
Historical Background
GSM
EDGE
WCDMA
UMTS
The Future
Final Thoughts
Blueadmiral.com
|
Security
The GSM system has
several security services for security, these security services use
confidential information that is stored in the AuC and in the customers
SIM (Subscriber Identity Module) chip. The SIM chip may be plugged into
any MS, however for the SIM chip to allow access to the MS the user must
enter a PIN (Personal Identification Number), the SIM chip contain
personal, secret data. The following are the security services offered
by GSM:
-
Authentication and
Access Control : For any MS to be used on the GSM network a number
of events have to take place, the first event includes the
authentication of a valid user for the SIM, the user enters their
secret PIN to access the SIM. Then the MS contacts the AuC (See
Figure 16 (Authentication Request)).
-
Confidentiality :
All data that is related to the user is encrypted, after
authentication the BTS and MS apply encryption to data, voice and
signaling. This confidentiality only exist between the BTS and MS,
however it does not exist end-to-end or within the whole fixed
GSM/telephone network.
-
Anonymity : The
GSM system also provides a level of anonymity, all of the data is
encrypted before transmission, and user identifiers that would show
the identity of a user are not used over the air. Instead the GSM
system uses a temporary identitfier (TMSI), this is newly assigned
by the VLR after each location update. Further more the VLR can
change the TMSI at any time.
The GSM system uses
three different algorithms to provide security services, the A3
algorithm is used primarily for authentication, A5 is used for the
encryption/decryption and A8 which is used for the generation of a
cipher key. Out of the three algorithms A5 was the only one that was
publicly available, where as A3 and A8 were secret, but standard with
open interfaces. However that change in 1998 when A3 and A8 were
published on the internet.
|