1

“Man-in-the-middle” attacks in 3G.

University of Tartu

Computer science department

Ksenia Orman

kseniao@ut.ee

Introduction.

GSM (Global System for Mobile communications) is the technology that supports

most of the world’s mobile phone networks. Nowadays mobile phones are used by over than

one billion of users worldwide (by mid-March 2006 there were over 1.7 billion GSM

subscribers) and is available in more than 190 countries. [1] GSM security issues such as theft

of privacy, service and legal interception are still significantly interesting in the GSM

community. The purpose of security for GSM system is to make the system as secure as the

public switched telephone network and to prevent phone cloning. Today’s GSM platform is

growing and evolving. 3GSM is the latest addition to the GSM family. 3G Systems enable to

provide a global mobility with wide range of services including telephony, paging,

messaging, Internet and broadband data. 3GSM system makes possible to migrate users of

current second generation (2G) GSM wireless network to the new third generation services

with minimal disruption.

1. What is GSM?

In the telecommunication’s world various systems were developed without the benefit

of standards. This caused many problems directly related to compatibility, especially with the

development of digital radio technology. In 1982 by the European Conference of Post and

Telecommunications Administrations (CEPT) was formed the name GSM, which first comes

from a group called Group Special Mobile (GSM). The purpose of that conference was to

develop European cellular systems that would replace the many existing inconsistent cellular

systems. But in 1991 the abbreviation “GSM” was renamed to Global System for Mobile

Communications. [2]

GSM is the most popular phone system in the world. More than 1.7 billion people use

GSM phones as of 2005, making GSM the dominant mobile phone system worldwide with

about 70% of the world’s market. The legislation mandating of using the European-originated

2

GSM (and its 3G successors), as the single mobile phone system in the countries of the

European Union, gave the system a solid base for expansion to other countries who wish to

roam in Europe. [3]

GSM grew out of a vision that users should be able to make and receive calls on their

mobiles, wherever they travelled. GSM is unique in having specific international roaming

among telecommunications technologies. National roaming refers to the ability to move to a

foreign service provider’s network. It is of particular interest to international tourist and

business travellers.

The billionth GSM user was connected in the first quarter of 2004. We can see in the

figure 1 how quickly and successfully GSM has been developing.

Fig.1. GSM subscriber statistics [4]

2. The GSM Network.

GSM provides recommendations, not requirements. The GSM specifications define

the functions and interface requirements in detail but do not address the hardware. It is made

for limiting the designers as less as possible, but encouraging the operators to buy equipment

from different suppliers.

The GSM network is divided into the Base Station Subsystem (BSS), the Network and

Switching Subsystem (NSS), the GPRS Core Network. All of the elements in the system are

combined to produce various GSM services such as voice and SMS.

3

Fig.2. Structure of a GSM network [2]

The figure 2 shows the simplified structure of GSM network.

• The BSS

The Base Station Subsystem consists of the Base Transceiver Station (BTS) and the

Base Station Controller (BSC). The BSC and the BTS are connected together via the

interface. The Packet Control Unit (PCU) is a late addition to the GSM standard. It performs

some of the processing tasks of the BSC, but for packet data. So The PCU is also shown

connected to the BTS, although exact specification depends on the vendor’s architecture.

• The NSS

The Network and Switching Subsystem is shown containing the MSC/VLR connected

via the SS7 network to the HLR.

The Mobile Switching Centre or MSC performs the telephony switching functions of

the system. It controls calls to and from other telephone and data system. It also performs

functions such as toll ticketing, network interfacing, common channel signalling and others.

The Visitor Location Register (VLR) is a database that contains temporary

information about subscribers that is needed by the MSC in order to service visiting

subscribers. The VLR is always integrated with the MSC. When a mobile station roams into

a new MSC area, the VLR connected to that MSC will request the mobile station data from

4

HLR. Later, if the mobile station makes a call, the VLR will have the information needed for

call setup without having to interrogate the HLR each time.

The Home Location Register (HLR) is a database used for storage and management of

subscriptions. The HLR is considered the most important database, as it stores permanent data

about subscribers, including s subscriber’s service profile, location information, and activity

status.

Signalling System #7 (SS7) is a set of telephony signalling protocols which are used to

set up the vast majority of the world’s public switched telephone network (PSTN) telephone

calls. SS7 provides an universal structure for telephony network signalling, messaging, and

network maintenance. It deals with establishment of a call, exchanging user information, call

routing, different billing structures and supports Intelligent network (IN) services.

The AUC and EIR, although technically separate functions from the HLR are shown

together since combining them is almost standard in all Vendor’s networks.

The Authentication Centre (AUC) provides authentication and encryption parameters

that verify the user’s identity and ensure the confidentiality of each call. The AUC protects

network operators from different types of fraud found in today’s cellular world.

The Equipment identity register (EIR) is a database that contains information about the

identity of mobile equipment that prevents calls from stolen, unauthorized, or defective

mobile stations. The AUC and EIR are implemented as stand-alone nodes or as a combined

AUC/EIR node.

The NSS is connected by the A interface to the BSS. It has a direct connection to the

PSTN from the MSC. There is also connection to the Packet Core although this is optional

and not always implemented.

• The GPRS Core Network

The GPRS Core Network shown here simply and has the SGSN (connected to the BSS

by the interface) and the GGSN. The GSN (GPRS Support Nodes) supports the use of GPRS

in the GSM core network. All GSNs should have an interface and support the GPRS

tunnelling protocol. There are two key variants of the GSN: GGSN and the SGSN defined

below. For encyclopedical inquiry on GPRS please check [5] .

3. Introduction to 3G.

3GSM is the latest addition to the GSM family. It enables the provision of mobile

multimedia services such as music, TV and video, rich entertainment content and Internet

5

access. Global operators, in conjunction with the 3G Partnership Project (3GPP) standards

organisation, have developed 3GSM as an open standard. [6]

1G or First generation wireless refers to analog networks introduced in the mid-1980s.

Most 1G technologies and systems were country or region-specific and thus offered limited

coverage. As mobile communications grew in popularity, networks often became overloaded,

1G was replaced in the early 1990s by 2G digital cell phones. This allowed a considerable

improvement in voice quality. 2G networks may offer an optional service to transfer low-

speed data, such as email or software, in addition to the digital voice call itself. 2G

technologies can be divided into TDMA-based and CDMA-based standards depending on the

type of multiplexing used. [7]

The main 2G standards are:

• GSM came originally from Europe but used worldwide

• TDMA (Time Division Multiple Access) was used in the Americas and Latin

America

CDMA (Code division multiple access) IS-95 or cdmaOne (the brand name for IS-95.

Interium Standard 95 is the first CDMA-based digital cellular standard.) was used

primarily in the Americas and Asia Pacific.

Fig.3. GSM Technologies Evolution [1]

The Evolution to 3G started in 1999. Japan is the first country, who has introduced 3G

nationally, and in Japan the transition to 3G will be largely completed during 2005/2006. In

other countries it can last till 2010. [8]

6

The main reasons for these changes are basically the limited capacity of existing 2G

networks. The 2G was built mainly for telephone calls and slow data transmission.

The International Telecommunication Union (ITU) has defined the demands for the

third generation mobile networks with the IMT-2000 standard. [7]

Today, WCDMA (Wideband CDMA) and CDMA2000 are the dominant standards in

terms of current commercial services. CDMA 2000 1X was the world’s first operational 3G

technology, capable of transmitting data faster than most dial-up services. Today, more than

190 million people enjoy the benefits of CDMA-2000 1X. [7]

Also known as UMTS (Universal Mobile Telecommunications System), WCDMA is

the 3G standard chosen mostly by GSM/GPRS wireless network operators. WCDMA

supports speeds between 384 kbit/s and 2 Mbit/sec. When this protocol is used in a WAN

(wide area network), the top speed is 384 kbit/s. When it is used in LAN (local area network),

the top speed is 2 Mbit/s. [7]

As of February 2006, more than 51 million subscribers were using WCDMA for their

mobile voice and data needs. [8]

For consumers’ 3G offers high-quality, low-cost voice, fun and useful data services,

such as:

• Mobile Internet connectivity

• Mobile email

• Multimedia services (digital photos, movies etc)

• Wireless application downloading

• Real-time multiplayer gaming

• Video-on-demand

Finally, 3G technology’s data capabilities open up an enormous world of opportunity

for application developers and content providers.

4. GSM Security model. What is different in 3G.

GSM was designed with a moderate level of security. The system was designed to

authenticate the subscriber using the shared secret cryptography. Communications between

the subscriber and the base station can be encrypted.

GSM security features:

7

• Authentication of a user.

International Mobile Subscriber identity (IMSI) is a unique number that is associated

with all GSM and UMTS network mobile phone users. The number is stored in the SIM. It is

sent by the mobile to the network and is used to look up the other details of the mobile in the

HLR or as locally copied in the VLR.

An IMSI is usually fifteen digits long, however they can be shorter. The first three

digits are the country code (MCC), and the next digits are the network code (MNC). The

MNC can be either two digits long (in Europe) or three digits long (in North America), the

remaining digits, up to the maximum length are the unique subscriber number (MSIN) within

the network’s customer base.

• Data and signalling confidentiality

This requires that all signalling and user data (such as text messages and speech) are

protected against interception by means of ciphering.

Currently there are 3 algorithms defined – A5/1, A5/2 and A5/3. A5/1 and A5/2 were

the original algorithms defined by the GSM standard and are based on simple clock-controlled

linear feedback shift registers. A5/2 was a deliberate weakening of the algorithm for certain

export regions, where A5/1 is used in countries like the US, UK and Australia.

A5/3 was added in 2002 and is based on the open Kasumi algorithm defined by

3GPP.[8]

A large security advantage of GSM over earlier systems is that the Ki, the crypto

variable stored on the SIM card that is the key to any GSM ciphering algorithm, it is never

sent over the air interface. Serious weaknesses have been found in both algorithms, and it is

possible to break A5/2 in real-time in a cipher text-only attack. The system supports multiple

algorithms so operators may replace that cipher with a stronger A5/1, provided that also the

equipment on the user’s side is upgraded to support this algorithm.

• Confidentiality of a user

Designed to protect the user against someone, who knows the user’s IMSI, from using

this information to track the location of the user or to identify calls made to or from that user

by eavesdropping on the radio path.

Next figure (Fig. 4) gives us more detailed an overview of the GSM security

architecture.

8

• Authentication of the user in GSM.

Fig 4. GSM system

There exists a permanent secret key Ki for each user i. As we can see in Fig. 4 this key

is stored in two locations:

• In the user’s Subscriber Identity Module (SIM) card;

• At the Authentication Centre (AuC).

The key Ki never leaves either of these two locations.

Authentication and key agreement is needed to protect from unauthorized service

access. The network authentication is done by a response and challenge method. A random

128-bit number (RAND) is generated by the algorithm using a secret key Ki (128 bits)

assigned to that mobile, encrypts the RAND and sends the signed respone (SRES-32 bits)

back.

9

Fig 5. Identification and authentication of a user. GSM security protocol

The authentication procedure:

• The mobile station sends the IMSI to the network

• The network received the IMSI looks for the correspondent Ki in that IMSI

• The network generates a 128 bit random number (RAND) and sends it to the

mobile station over the air interface

• The MS calculates a SRES with the A3 algorithm using the given Challenge

(RAND) and the Ki resindes in the SIM.

• At the same time, the network calculates the SRES using the same algorithm and

the same inputs.

• The MS sends the SRES to the network.

• The network tests the SRES for validity.

So the authentication is based on a shared secret Ki between the subscriber’s home

network’s HLR and the subscriber’s SIM. This Ki was generated and written to the SIM card

at a safe place when the SIM card is personalised, and a copy of the key is puten to the HLR.

10

GSM makes use of a ciphering key to protect both user data and signal over the air

interface. Similarly, a temporary session key Kc is generated as an output of another oneway

function A8 that takes the same input parameters Ki and RAND. The serving network has no

knowledge of the master key Ki and, therefore, it cannot handle all the security alone. Instead,

other relevant parameters ( the so-called authentication triplet – RAND, SRES, Kc) are sent to

the serving network element MSC/VLR (Mobile Switching Centre/Visitor Location Register),

or SGSN (Serving GPRS Support Node) in the case of GPRS (General Packet Radio Service)

from the AuC. That process of identification, authentication and cipher key generation is

showen in Figure 5.

5. 3G Security Principles

There are three key principles behind 3G security:

• 3G security builds on the security of second generation systems. Required security

elements within GSM and other second generation systems provided must be adopted

for 3G security.

• 3G security improves on the security of second generation systems – 3G security will

address and correct real and perceived weaknesses in second generation systems.

• 3G security offers new security features and will secure new services offered by 3G.

6. Weaknesses in Second Generation security.

The following weaknesses in the security of GSM must be corrected in 3G security:

• active attacks using a „false BTS” are possible;

• cipher keys and authentication data are transmitted in clear between and within

networks

• encryption does not extend far enough towards the core network resulting in the

cleartext transmission of user and signalling data across microwave links (in GSM,

from the BTS to the BSC)

• user authentication using a previously generated chiper key (where user authentication

using for example A3/8 is not provided) and the provision of protection against

channel hijack rely on the use of encryption, which provides implicit user

authentication. However, encryption is not used in some networks, leaving

opportunities for fraud

• data integrity is not provided. Data integrity defeats certain false BTS attacks and, in

the absence of encryption provides protection against channel hijack

11

• the IMEI (International Mobile Equipment Identity) is an unsecured identity and

should be treated as such

• second generation systems do not have the flexibility to upgrade and improve security

functionality over time.

7. Man-in-the-Middle Attacks

• Authentication in GSM is one-way: base station is not authenticated

• Anyone with proper equipment can impersonate a base station to user.

In the attacks which will be described next, the attacker is required to impersonate the

network to the MS or impersonating the MS to the network or combining both in a so called

man-in-the-middle atack.

Figure 6. Active attack

Active attacks on the network are possible, in principle, by somebody who has

requisite equipment to masquerade as a legitimate network element and or legitimate user

terminal (there is an example in Fig. 6)

Before an active attack can be conducted the attacker may have to capture the MS. An

attacker equipped with a False BS resinding between the MS and the Correct BS, providing

higher power levels than the BS is able to make the MS use the False BS, thereby having total

control over which system information the MS gets and even which messages (and with

which content) will rach the legitimate network from this MS. The MS is captured by the

attacker who controls that messages go between the MS and the legitimate network as well as

12

messages flowing in the other direction. The captured MS indentity will then be used to

provide fabricated messages on behalf of a legitimate subscriber.

Capturing MSs not only gives the attacker the ability to mount several attacks on GSM

users, it is in itself a quite severe attack. Captured MSs have no contact with the network

(apart from information that the attacker relys) and are therefore unable to get servides. It is

fully possible and quite easy to do, though it is also easy to detect.

Now we take a brief look at the most known possibilities for attackers called „man-in-

the-middle” in GSM.

7.1 Integrity protection of RRC (Radio Resource Control) signalling

The Radio Recource Control (RRC) protocol is used to carry control information over

the radio link. The RRC protocol routes mobility and connection management control

messages submitted by higher layers, and establishes connections and user plane radio

barers.[12]

It is very important to authenticate individual control messages, because it is one of

the main reasons of the integrity protection. We know that separate authentication procedures

only give us warranty of the identities of the communicating parties at the time of the

authentication. And there is possibility for an attacker called „man-in-the-middle”. It gives

odds to act as simple relay and deliver all messages in their correct form until the

authentication procedure is complitely executed. After that, „the man-in-the-middle” is free to

manipulate messages between users. However, if messages are protected individually,

premeditated manipulation of messages can be noticed and false messages can be discarded.

The integrity protection mechanism is based on the concept of a message

authentication code, which is one-way function controlled by the secret Integrity Key (IK).

The algorithm for integrity protection is based on the same core function as encryption.

Indeed, the KASUMI block cipher is used in a special mode to create a message

authentication code function. This block cipher transforms 64-bit input to 64-bit output. The

transformation is controlled by the 128-bit CK. More information about Kasumi block cipher

in [11] .A detailed description of the first 3GPP integrity protection algorithm is given in

source [8].

Definitely, there are RRC control messages whose integrity cannot be protected by the

mechanism. Indeed, messages sent before Integrity Key is in place cannot be protected.

13

7.2 Security mode set-up

The term „network domain security” in Third Generation Partnership Project (3GPP)

specifications covers security of the communication between network elements. In particular,

the User Equipment (EU) is not affected at all by network domain security. As we already

know, the two communicating network elements in the same network can be administered by

two possibilities. First of all by single operator. And as alternative they also may belong to

two different networks. The second opportunity definitely requires standardized solutions.

Otherwise each pair of the operators that are roaming partners would need to agree separately

on a common solution. It is quite new science field, which had no cryptographic security

mechanisms available for network communications before. There was a persuasion that

security has been based on the fact that the global Signalling System No. 7 (SS7) network has

only been accessible to a relatively small number of well admitted institutions (network

operators or large corporations). SS7 was standardized by the International

Telecommunications Union (ITU) and still owns the first place in the fixed part of

telecommunication networks. Unfortunately, now there is a big danger that attacker can insert

and manipulate SS7 messages soon. And there are two reasons: first the increasing number of

different operators and service providers that need to communicate with each other; and the

second, there is a trend to replace SS7-based networks by the Internet Protocol (IP)-based

networks. Of course there is also a good side about the introduction of IP, which brings many

profits but it also gives a possibility for a large number of hacking tools, some of which are

available on the Internet, may become applicative to telecommunication networks. Especially

session keys that are used to protect radio communications are sent in plaintext between

operators.

So there are some critical points when a communication channel is protected by

security mechanisms. It is necessarily to pay attention in the very beginning of protection.

First of all we need to find out what mechanisms are activated, then check at what point in the

time does protection start in each direction, and finally what parameters (for example keys)

are activated.

An evident attack against any security mechanism is to try and prevent execution of

the mechanism in the first place, even the strongest mechanisms are useless if you do not turn

them on. This attack, and other similar attacks, can be carried out by a „man-in-the-middle”.

A new standards track specification was called for by RFC 3329[13]. The need for

such a specification arose from IMS security work. The basic idea is, first, to exchange

14

security capability lists between the client and the server in an unprotected manner and then

check the validity of the mechanism choice later when protection is turned on (Fig.7).

Figure 7. Security agreement message flow

More information is in corresponding earlier specification [14].

7.3 Message authentication codes (MAC).

A MAC (cryptographic message authentication code) is a cryptographic algorithm that

is used to protect the integrity and origin of data. It is a short piece of information used to

authenticate a message. A MAC algorithm accepts as input a secret key. Opposite to block

chipers, MAC transformations need not be invertible. The Mac value protects both a

message’s integrity and also its authenticity. The sender and receiver of a message must agree

on keys before initiating communications, because MAC values are both generated and

verified using the same secret key. The security specification for a MAC is that, if you don’t

know the secret key, it should be not possible to produce a MAC for any new message, even

when some messages and corresponding MAC values are known. For more information about

MAC check in [14] [15].

The attacks against MAC algorithms can be classifield depending on the information

available to an attacker as followes:

• Known message attack. In this way the attacker has knows some messages

(plaintext) and the corresponding MAC values.

• Chosen message attack. The attacker owns possibility to select messages and

obtain the corresponding MAC values.

• Adaptively chosen message attack. The attacker is able to choose a number of

messages and obtain the corresponding MAC values. When choosing a new message it may

exploit the information of previously obtained Mac values. [16]

15

An attacker may try different strategies to invent MAC values. A straightforward way

that cannot be prevented is simply to guess the correct MAC value for a chosen message.

Another way is to try and determine the secret key. Similarly to encryption systems, an

attacker may perfom an exhaustive key search given a valid pair: a message and its MAC

value. More advanced attackers are based on internal collisions of the Mac algorithm. An

internal collision occurs when two different messages are input and the compression function

transforms them to the same values at some intermediate round. Depending on the type of

compression function, an internal collision can sometimes be turned to a key recovery attack,

which is faster than an exhaustive search.

7.4 Classmark Attacks

This attack makes use of the classmark information that the MS sends to the network

to inform about, among the other things, its ciphering capabilities. The goal of the attack is to

make the MS send a message to the network, indicating that it can only encrypt and decrypt

using A5/2 and A5/0 ( no ecryption). Later when a call is made, with this specific MS

involved, the encryption method chosen will be one of these two(preferably A5/0). In the case

of A5/0, no encryption will be used, meaning it is straightforward to eavesdrop on the

conversation. In the case of A5/2 the attacker has an implementation of one of the attacks

against A5/2 and is able to cryptanalyse the encryption. The attack is active in the start. The

attacker functions as a repeator between the MS and the BTS. When signalling messages

containing classmark IE is observed, the attacker modifies it in such way that the network

thinks that this specific MS has no encryption capabilities or only A5/2. When this is done the

active part of the attack is done and the attacker goes over to passive monitoring of the traffic.

Every message the specific MS sends and receives will unencrypted or possible to decrypt.

The scheme of attack is showen in Figure 8.

Fig 8. Classmark Attacks

16

Since GSM does not provide integrity control of the transmitted messages, the attacker

is able to alter the classmark IE. The attacker only has to change a few bits of inrformation,

thereby making the network think that the victim MS is not able to use A5/1 or A5/2.

As a priority, 3G security will provide the proven second generation security features

and correct the weaknesses in the second generation systems.

8. Conclusion

The goal of this essay was to introduce GSM and give an overview of its history,

standards and structure. It presents the terminology and describes the GSM security operation,

including its principles and features. We compare 2G and 3G networks from the security point

of view. Though my research topic was also „Man-in-the-middle attacks in 3G” there was

given an overview of most common attacks on communication networks. I am planning to

study more thougthfully those attacks and research their countremeasures in 3G later on.

Dictionary of abbreviations:

CEPT – European Conference of Post and Telecommunications Administrations

GSM – Group Special Mobile

Global System for Mobile Communications

BSS – Base Station Subsystem

NSS – Network Switching Subsystem

GPRS – General Packet Radio Service

SMS – Short Message Service

BTS – Base Transceiver Station

BSC – Base Station Controller

PCU – Packet Control Unit

MSC – Mobile Switching Centre

VLR – Visitor Location Register

HLR – Home Location Register

SS7 – Signalling System #7

PSTN – Public Switched telephone network

17

IN – Intelligent network

AUC – Authentication Center

EIR – Equipment register

GSN – GPRS Support Nodes

GGSN – Gateway GPRS Support Node

UMTS – Universal Mobile Telecommunications System

SGSN – Serving GPRS Support Node

3GPP – 3G Partnership Project

TDMA – Time Division Multiple Access

CDMA – Code Division Multiple Access

ITU – International Telecommunication Union

WCDMA – Wideband CDMA

IMSI – International Mobile Subscriber identity

MCC – country code

MNC- network code

MSIN – the unique subscriber number

LFR – Lead-Cooled Fast Reactor

SIM – Subscriber Identity Module

RAND – RANDOM 128-BIT NUMBER

SRES –signed response

XRES – expected response

IMEI – International Mobile Equipment Identity

UE – User Equipment

BS- Base Station

IK – Integrity Key

RRC – Radio Resource Control

ITU- International Telecommunication Union

SIP – Session Initiation Protocol

MAC – Message authentication codes

18

References

[1] Brief History of GSM &the GSMA

http://www.gsmworld.com/about/history.shtml, Retrieved September, 2006

[2] Global System for Mobile Communications

http://en.wikipedia.org/wiki/Global_System_for_Mobile_Communications, Retrieved

November, 2006

[3] Third Generation Mobile Technology

http://www.cellular.co.za/technologies/3g/3g.htm, Retrieved September, 2006

[4] 3GSM Statistics

http://www.gsmworld.com/technology/3g/statistics.shtml, Retrieved September, 2006

[5] General Packet Radio Services

http://en.wikipedia.org/wiki/GPRS, Retrieved November, 2006

[6] The 3rd Generation Partnership Project

http://www.3gpp.org/, Retrieved September, 2006

[7] Overview of the Universal Mobile Telecommunication System

http://www.umtsworld.com/technology/overview.htm, Retrieved September, 2006

[8] UMTS / 3G History and Future Milestones

http://www.umtsworld.com/umts/history.htm, Retrieved September, 2006

[9] 3G and UMTS Technology

http://www.umtsworld.com/, Retrieved September, 2006

[10] Kasumi algorithm

http://en.wikipedia.org/wiki/KASUMI, Retrieved November, 2006

[11] 3GPP TS 35.201 V 5.0.0 (2002-06); Document f9 specification (Release 5).

[12] Universal Mobile Telecommunications Systems

http://en.wikipedia.org/wiki/UMTS, Retrieved November, 2006

[13] Security mechanism agreement for the Session Initiation Protocol (SIP). J. Arkko,

V.Torvinen, G.Gamarillo, A.Niemi and T.Haukka. January 2003.

[14] D. Stinson, Cryptography, Theory and Practise (2nd edn), Chapman &Hall/CRC

Press, London, 2002.

[15] MAC algorithms

http://homes.esat.kuleuven.be/~preneel/preneel_mac_wcap06.pdf, Retrieved

November, 2006

[16] UMTS Security, Valtteri Niemi and Kaisa Nyber, Nokia Research Center, Finland

2003

[17] Internet Security, Applications, Authentication and Cryptography, University of

California, Berkley. “GSM Security and Encryption”

[18] Privacy and Security in GSM, MTAT.07.006 Research Seminar in Cryptography,

seminar talk, Emilia Käsper, 2005.

[19] Security in the GSM system by Jeremy Quirke, 1st May 2004,

http://www.ausmobile.com, Retrieved November, 2006

[20] GSM and UMTS Security by Daniel Mc Keon, Colm Brewer, James Carter and

Mark Mc Taggart http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group7/index.html, Retrieved

November, 2006

.