The motivations for security in cellular telecommunications systems are to secure conversations and signaling data from interception as well as to prevent cellular telephone fraud. With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS), it is a relatively simple matter for the radio hobbyist to intercept cellular telephone conversations with a police scanner. A well-publicized case involved a potentially embarrassing cellular telephone conversation with a member of the British royal family being recorded and released to the media.

Another security consideration with cellular telecommunications systems involves identification credentials such as the Electronic Serial Number (ESN), which are transmitted "in the clear" in analog systems. With more complicated equipment, it is possible to receive the ESN and use it to commit cellular telephone fraud by "cloning" another cellular phone and placing calls with it. Estimates for cellular fraud in the U.S. in 1993 are as high as $500 million. The procedure wherein the Mobile Station (MS) registers its location with the system is also vulnerable to interception and permits the subscriber's location to be monitored even when a call is not in progress, as evidenced by the recent highly-publicized police pursuit of a famous U.S. athlete.

The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available, particularly in comparison to the analog systems described above. Part of the enhanced security of GSM is due to the fact that it is a digital system utilizing a speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital modulation, slow frequency hopping, and Time Division Multiple Access (TDMA) time slot architecture. To intercept and reconstruct this signal would require more highly specialized and expensive equipment than a police scanner to perform the reception, synchronization, and decoding of the signal.
a.Symmetric Algorithms
They are algorithms in which the encryption and decryption use the same key. symmetric algorithms are functionally described as follows:

c: ciphrtext,
Ex( ):encryption with key x
Dx( ):decryption with key x

A good example is the Data Encryption Standard (DES).Symmetric encryption algorithms may be further divided into block ciphers and stream ciphers.

GSM Security Features
It consists the following aspects:
1.subscriber identity authentication:
International Mobile Subscriber Identity (IMSI) along with individual subscriber authentication key (Ki)makes up the sensitive identification credentials.These are never transmitted over the radio channel, but a challenge-response mechanism is used to perform authentication.
2. subscriber identity confidentiality
This is done with the Temporary Mobile Subscriber Identity (TMSI). it is sent to the mobile station after the authentication and encryption procedures have taken place.To which the mobile station responds .
3. signaling data confidentiality
The user's SIM contains the ciphering key generating algorithm which is used to produce the 64-bit ciphering key (Kc). The ciphering key may be changed at regular intervals as required by network design and security considerations.
4. user data confidentiality.

The security mechanisms of GSM are implemented in three different system elements; the Subscriber Identity Module (SIM), the GSM handset or MS, and the GSM network.
SIM contains:
a) the IMSI
b)the individual subscriber authentication key (Ki)
c) the ciphering key generating algorithm (A8)
d) the authentication algorithm (A3)
e) Personal Identification Number (PIN)
GSM handset contains:
a) ciphering algorithm (A5)

The security aspects of GSM are detailed in GSM Recommendations 02.09, "Security Aspects," 02.17, "Subscriber Identity Modules," 03.20, "Security Related Network Functions," and 03.21, "Security Related Algorithms". Security in GSM consists of the following aspects: subscriber identity authentication, subscriber identity confidentiality, signaling data confidentiality, and user data confidentiality. The subscriber is uniquely identified by the International Mobile Subscriber Identity (IMSI). This information, along with the individual subscriber authentication key (Ki), constitutes sensitive identification credentials analogous to the Electronic Serial Number (ESN) in analog systems such as AMPS and TACS. The design of the GSM authentication and encryption schemes is such that this sensitive information is never transmitted over the radio channel. Rather, a challenge-response mechanism is used to perform authentication. The actual conversations are encrypted using a temporary, randomly generated ciphering key (Kc). The MS identifies itself by means of the Temporary Mobile Subscriber Identity (TMSI), which is issued by the network and may be changed periodically (i.e. during hand-offs) for additional security.
identifies itself by means of the Temporary Mobile Subscriber Identity (TMSI), which is issued bythe network and may be changed periodically (i.e. during hand-offs) for additional security.
The security mechanisms of GSM are implemented in three different system elements; theSubscriber Identity Module (SIM), the GSM handset or MS, and the GSM network. The SIM
contains the IMSI, the individual subscriber authentication key (Ki), the ciphering key generating
algorithm (A8), the authentication algorithm (A3), as well as a Personal Identification Number
(PIN). The GSM handset contains the ciphering algorithm (A5). The encryption algorithms (A3,
A5, A8) are present in the GSM network as well. The Authentication Center (AUC), part of the
Operation and Maintenance Subsystem (OMS) of the GSM network, consists of a database of
identification and authentication information for subscribers. This information consists of the
IMSI, the TMSI, the Location Area Identity (LAI), and the individual subscriber authentication
key (Ki) for each user. In order for the authentication and security mechanisms to function, all
three elements (SIM, handset, and GSM network) are required. This distribution of security
credentials and encryption algorithms provides an additional measure of security both in
ensuringthe privacy of cellular telephone conversations and in the prevention of cellular telephone fraud.Figure 4 demonstrates the distribution of security information among the three systemelements, the SIM, the MS, and the GSM network. Within the GSM network, the security
information is further distributed among the authentication center (AUC), the home location
register (HLR) and the visitor location register (VLR). The AUC is responsible for generating the
sets of RAND, SRES, and Kc which are stored in the HLR and VLR for subsequent use in the
authentication and encryption processes.
The GSM network authenticates the identity of the subscriber through the use of a
challenge-response mechanism. A 128-bit random number (RAND) is sent to the MS. The MS
computes the 32-bit signed response (SRES) based on the encryption of the random number
(RAND) with the authentication algorithm (A3) using the individual subscriber authentication key
(Ki). Upon receiving the signed response (SRES) from the subscriber, the GSM network repeats
the calculation to verify the identity of the subscriber. Note that the individual subscriber
authentication key (Ki) is never transmitted over the radio channel. It is present in the subscriber's
SIM, as well as the AUC, HLR, and VLR databases as previously described. If the received SRES
agrees with the calculated value, the MS has been successfully authenticated and may continue. If
the values do not match, the connection is terminated and an authentication failure indicated to the
MS. Figure 5 shown below illustrates the authentication mechanism.
The calculation of the signed response is processed within the SIM. This provides
enhanced security, because the confidential subscriber information such as the IMSI or the
individual subscriber authentication key (Ki) is never released from the SIM during the
authentication process.
Signaling and Data Confidentiality
The SIM contains the ciphering key generating algorithm (A8) which is used to produce
the 64-bit ciphering key (Kc). The ciphering key is computed by applying the same random
number (RAND) used in the authentication process to the ciphering key generating algorithm (A8)with the individual subscriber authentication key (Ki). As will be shown in later sections, theciphering key (Kc) is used to encrypt and decrypt the data between the MS and BS. An additionallevel of security is provided by having the means to change the ciphering key, making the systemmore resistant to eavesdropping. The ciphering key may be changed at regular intervals as requiredby network design and security considerations. Figure 6 below shows the calculation of theciphering key (Kc).
In a similar manner to the authentication process, the computation of the ciphering key(Kc) takes place internally within the SIM. Therefore sensitive information such as the individualsubscriber authentication key (Ki) is never revealed by the SIM.Encrypted voice and data communications between the MS and the network isaccomplished through use of the ciphering algorithm A5. Encrypted communication is initiated bya ciphering mode request command from the GSM network. Upon receipt of this command, themobile station begins encryption and decryption of data using the ciphering algorithm (A5) and theciphering key (Kc). Figure 7 below demonstrates the encryption mechanism.
Subscriber Identity Confidentiality
To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity
(TMSI) is used. The TMSI is sent to the mobile station after the authentication and encryption
procedures have taken place. The mobile station responds by confirming reception of the TMSI.
The TMSI is valid in the location area in which it was issued. For communications outside the
location area, the Location Area Identification (LAI) is necessary in addition to the TMSI. The
TMSI allocation/reallocation process is shown in Figure 8 below.
This section evaluates and expands on the information presented in previous sections.
Additional considerations such as export controls on crypography are discussed as well.
GSM Encryption Algorithms
A partial source code implementation of the GSM A5 algorithm was leaked to the Internet in
June, 1994. More recently there have been rumors that this implementation was an early design
and bears little resemblance to the A5 algorithm currently deployed. Nevertheless, insight into the
underlying design theory can be gained by analyzing the available information. The details of this
implementation, as well as some documented facts about A5, are summarized below:
¢ A5 is a stream cipher consisting of three clock-controlled LFSRs of degree 19, 22, and 23.
¢ The clock control is a threshold function of the middle bits of each of the three shift
¢ The sum of the degrees of the three shift registers is 64. The 64-bit session key is used to
initialize the contents of the shift registers.
¢ The 22-bit TDMA frame number is fed into the shift registers.
¢ Two 114-bit keystreams are produced for each TDMA frame, which are XOR-ed with the
uplink and downlink traffic channels.
¢ It is rumored that the A5 algorithm has an "effective" key length of 40 bits.
Key Length
This section focuses on key length as a figure of merit of an encryption algorithm.
Assuming a brute-force search of every possible key is the most efficient method of cracking an
encrypted message (a big assumption), Table 1 shown below summarizes how long it would take
to decrypt a message with a given key length, assuming a cracking machine capable of one million
encryptions per second.
Table 1 Brute-force key search times for various key sizes
Key length in bits 32 40 56 64 128
Time required to test all possible
10.8 x 10^24
The time required for a 128-bit key is extremely large; as a basis for comparison the age of
the Universe is believed to be 1.6x10^10 years. An example of an algorithm with a 128-bit key is
the International Data Encryption Algorithm (IDEA). The key length may alternately be examined
by determining the number of hypothetical cracking machines required to decrypt a message in a
given period of time.
Table 2 Number of machines required to search a key space in a given time
Key length in bits 1 day 1 week 1 year
40 13 2 -
56 836,788 119,132 2,291
64 2.14x10^8 3.04x10^6 584,542
128 3.9x10^27 5.6x10^26 10.8x10^24
A machine capable of testing one million keys per second is possible by todayâ„¢s standards.
In considering the strength of an encryption algorithm, the value of the information being protected
should be taken into account. It is generally accepted that DES with its 56-bit key will have
reached the end of its useful lifetime by the turn of the century for protecting data such as banking
transactions. Assuming that the A5 algorithm has an effective key length of 40 bits (instead of 64),it currently provides adequate protection for information with a short lifetime. A common
observation is that the "tactical lifetime" of cellular telephone conversations is on the order of
Export Restrictions on Encryption Technology
The goal of the GSM recommendations is to provide a pan- European standard for digitalcellular telecommunications. A consequence of this is that export restrictions and other legalrestrictions on encryption have come into play. This is a hotly debated, highly political issue whichinvolves the privacy rights of the individual, the ability of law enforcement agencies to conductsurveillance, and the business interests of corporations manufacturing cellular hardware for export.The technical details of the encryption algorithms used in GSM are closely held secrets.The algorithms were developed in Britain, and cellular telephone manufacturers desiring toimplement the encryption technology must agree to non-disclosure and obtain special licenses
from the British government. Law enforcement and Intelligence agencies from the U.S., Britain,
France, the Netherlands, and other nations are very concerned about the export of encryption
technology because of the potential for military application by hostile nations. An additionalconcern is that the widespread use of encryption technology for cellular telephone communicationswill interfere with the ability of law enforcement agencies to conduct surveillance on terrorists ororganized criminal activity.A disagreement between cellular telephone manufacturers and the British governmentcentering around export permits for the encryption technology in GSM was settled by acompromise in 1993. Western European nations and a few other specialized markets such as HongKong would be allowed to have the GSM encryption technology, in particular the A5/1 algorithm.A weaker version of the algorithm (A5/2) was approved for export to most other countries,including central and eastern European nations. Under the agreement, designated countries such asRussia would not be allowed to receive any functional encryption technology in their GSMsystems. Future developments will likely lead to some relaxation of the export restrictions,allowing countries who currently have no GSM cryptographic technology to receive the A5/2algorithm.
The security mechanisms specified in the GSM standard make it the most
secure cellular telecommunications system available. The use of authentication,
encryption, and temporary identification numbers ensures the privacy and anonymity
of the system's users, as well as safeguarding the system against fraudulent use.
Even GSM systems with the A5/2 encryption algorithm, or even with no encryption
are inherently more secure than analog systems due to their use of speech coding,
digital modulation, and TDMA channel access.
A GSM modem can be an external modem device, such as the Siemens MC35 or Wavecom FASTRACK external modems. Insert a GSM SIM card into this modem, and connect the modem to an available serial port on your computer.
A GSM modem can be a PC Card installed in a notebook computer, such as the Sierra Wireless Aircard 750.
A GSM modem could also be a standard GSM mobile phone with the appropriate cable and software driver to connect to a serial port or USB port on your computer. Any phone that supports the "extended AT command set" for sending/receiving SMS messages, as defined in the ETSI GSM 07.05 Specification can be supported by the Now SMS/MMS Gateway.
A dedicated GSM modem (external or PC Card) is usually preferable to a GSM mobile phone. This is because of some compatibility issues that can exist with mobile phones. For example, if you wish to be able to receive inbound MMS messages with your gateway, most GSM phones will only allow you to send MMS messgaes. This is because the mobile phone automatically processes received MMS message notifications these messages, without forwarding them via the modem interface. Similarly some mobile phones will not allow you to correctly receive SMS text messages longer than 160 bytes (known as "concatenated SMS" or "long SMS"). This is because these long messages are actually sent as separate SMS messages, and the phone attempts to reassemble the message before forwarding via the modem interface. (We've observed this latter problem utilizing the Ericsson R380, while it does not appear to be a problem with many other Ericsson models.)
When you install your GSM modem, or connect your GSM mobile phone to the computer, be sure to install the appropriate Windows modem driver from the device manufacturer. To simplify configuration, the Now SMS/MMS Gateway will communicate with the device via this driver. If a Windows driver is not available for your modem, you can use either the "Standard" or "Generic" 19200 bps modem driver that is built into windows. A benefit of utilizing a Windows modem driver is that you can use Windows diagnostics to ensure that the modem is communicating properly with the computer.
The Now SMS/MMS gateway can simultaneously support multiple modems, provided that your computer hardware has the available communications port resources.
