GSM Security Threats and Countermeasures
description
Transcript of GSM Security Threats and Countermeasures
![Page 1: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/1.jpg)
GSM Security Threats and Countermeasures
Saravanan BalaTanvir Ahmed
Samuel SolomonTravis Atkison
![Page 2: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/2.jpg)
Outline
Introduction
A5/1 algorithm
Security & attacks
Proposed Solution Hardware Enhancement
Software Application
Conclusion
![Page 3: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/3.jpg)
Mobile Communication-GSM
Most widely used cellular technology
Cryptographic Algorithms- A5/1, A5/2, A5/3
A5/1 Algorithm provides over the air privacy
![Page 4: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/4.jpg)
A5/1• GSM phone conversations:
sequences of frames.• One 228 bit = frame is sent in 4.6
milliseconds: 114 bits for the communication in each direction.
• A5/1 produces 228 bits to XOR with the plaintext in each frame
![Page 5: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/5.jpg)
A5/1 LFSRsConsists of 3 LFSRs of
different lengths
19 bits • x18 + x17 + x16 + x13 + 1
• clock bit 8 • tapped bits: 13, 16, 17,
18
22 bits • x21 + x20 + 1 • clock bit 10
• tapped bits 20, 21
23 bits • x22 + x21 + x20 + x7 + 1
• clock bit 10 • tapped bits 7, 20, 21, 22
![Page 6: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/6.jpg)
A5/1 - Clocking
![Page 7: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/7.jpg)
A5/1 clocking
Majority rule
m=maj(c1, c2, c3)
m=maj(1, 1, 0)
maj = 1
Registers R1 & R2
![Page 8: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/8.jpg)
Design Vulnerability
Design of Clock Controlling Unit
Linear Combination Function
![Page 9: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/9.jpg)
Possible Attacks
Chosen plain Text attacks
Time memory trade off attacks
Correlation attacks
![Page 10: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/10.jpg)
Proposed Counter Measures
Hardware Enhancement
Software Application- Additional Encryption
![Page 11: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/11.jpg)
Hardware Enhancement
![Page 12: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/12.jpg)
Contd..
Enhanced Majority Rule
Computes two majority values
m1=maj(b1, b2, b3) m2=maj(c1, c2, c3)
Let S1 = { } and S2 = { } (Imaginary sets)
S1∩S2
![Page 13: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/13.jpg)
Contd..
Linear combining functions are cryptographically weak functions
Non Linear Combining Function
Combining function not fixed - changed dynamically by using a 2:1 multiplexer.
![Page 14: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/14.jpg)
Software Application
End to end encryption Encrypt speech signal at user end Solution includes using transmission of encrypted voice GSM
Data Call CSW Example : SecureGSM
Another solution includes usage of connection based packet switching. Example : Babylon nG
Both techniques use Diffie-Hellman key agreement protocol for ciphering key exchange and AES cipher for encryption of voice.
Experimentally proved that the implementation of AES cipher provides more robust and efficient system.
![Page 15: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/15.jpg)
CONCLUSION
Proposed scheme generates cryptographically better key sequence than the current version of A5/1
Future mobile communications can be handled using UMTS
![Page 16: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/16.jpg)
REFERENCES
[1] “Secure Mobile Communication Using Low Bit-Rate Coding Method”. IEEE paper published by Wasif, M.; Sanghavi, C.R.; Elahi, M.; [2] “Another attack on A5/1”. IEEE paper published by Patrik Ekdahl and Thomas Johansson.[3] “Enhanced A5/1 Cipher with Improved Linear Complexity”. IEEE paper published by Musheer Ahmad and Izharuddin. [4] “Introduction to the design & analysis of algorithms” by Anany Levitin.[5] Based on the presentation given by Karsten Nohl on the “26th Chaos Communication Congress (26C3)” conference.[6] “Security Enhancements in GSM Cellular Standard”. IEEE paper published by Musheer Ahmad and Izharuddin.[7] “Communication Security in GSM Networks” published on 2008 international conference on security technology by Petr Bouška, Martin Drahanský.[8] “Implementation and Analysis of AES, DES and Triple DES on GSM network” an IEEE paper published by Sachin and Dinesh kumar[9] “Construction of nonlinear Boolean functions with important Cryptographic properties - Advances in Cryptology” by Sarkar and Maitra.[10] Diagram in slide number 6 taken from wikipedia.
![Page 17: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/17.jpg)
Questions ????
![Page 18: GSM Security Threats and Countermeasures](https://reader035.fdocuments.net/reader035/viewer/2022062315/56815acd550346895dc89fc0/html5/thumbnails/18.jpg)
Thank you all