Page 61 - From GMS to LTE
P. 61

Global System for Mobile Communications (GSM)  47

               Mobile Device       BTS               BSC                  MSC

                Connection establishment with the network as shown in Figure 1.27


                                      Location Update Request
                       UA Ack frame
                                                           Connection Confirmed

                                   Authentication as shown in Figure 1.16

                                       Encryption Command  Cipher Mode Command
                      Cipher Mode Cmd
                      Cipher Mode Compl
                                       Cipher Mode Compl.
                                                          Cipher Mode Complete
                                      TMSI Reallocation Cmd.
                                     TMSI Reallocation Compl.
                                      Location Update Accept


                                       Connection establishment

               Figure 1.39  Message flow for a location update procedure.


               procedure. Figure  1.39 further shows how ciphering is activated during a location
               update procedure.
                With the rising popularity of GSM over the last 20 years, its authentication and
               encryption procedures have received a lot of scrutiny. From a user point of view, encryption
               and other security measures must prevent eavesdropping on any kind of communica-
               tion such as voice conversations, SMS message transfers and signaling  in general.
               Furthermore, it must prevent the theft and misuse of personal authentication data to
               ensure integrity of the system and to prevent false billing. Also, mobile devices must be
               protected from third‐party attacks that attempt to steal or alter personal data from
               mobile devices that are directly based on the air interface.
                At the time of writing, a number of security issues have been found in the GSM secu-
               rity architecture from a user point of view. In this regard, it is important to differentiate
               between several categories:
               1)  Theoretical security issues which, at the time of writing, cannot as yet be exploited.
               2)  Security issues for which practical exploits are likely to have been developed but
                 which require sophisticated and expensive equipment which are not available to the
                 general public.
               3)  The third group covers security issues which can be exploited with hardware and
                 software available to the general public.

                The following discussion gives an overview of a number of security issues from the
               second category, which are described in more detail in Barkan et al. [26], the 26C3 [27]
               and the 28C3 [28]:
   56   57   58   59   60   61   62   63   64   65   66