19-05-2010, 09:20 PM
[attachment=3579]
INTRODUCTION
The motivations for security in cellular telecommunications systems are to secure conversations and signaling data from interception as well as to prevent cellular telephone fraud. With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS), it is a relatively simple matter for the radio hobbyist to intercept cellular telephone conversations with a police scanner. A well-publicized case involved a potentially embarrassing cellular telephone conversation with a member of the British royal family being recorded and released to the media. Another security consideration with cellular telecommunications systems involves identification credentials such as the Electronic Serial Number (ESN), which are transmitted "in the clear" in analog systems. With more complicated equipment, it is possible to receive the ESN and use it to commit cellular telephone fraud by "cloning" another cellular phone and placing calls with it. Estimates for cellular fraud in the U.S. in 1993 are as high as $500 million. The procedure wherein the Mobile Station (MS) registers its location with the system is also vulnerable to interception and permits the subscriber's location to be monitored even when a call is not in progress, as evidenced by the recent highly-publicized police pursuit of a famous U.S. athlete.
The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available, particularly in comparison to the analog systems described above. Part of the enhanced security of GSM is due to the fact that it is a digital system utilizing a speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital modulation, slow frequency hopping, and Time Division Multiple Access (TDMA) time slot architecture. To intercept and reconstruct this signal would require more highly specialized and expensive equipment than a police scanner to perform the reception, synchronization, and decoding of the signal. In addition, the authentication and encryption capabilities discussed in this paper ensure the security of GSM cellular telephone conversations and subscriber identification credentials against even the determined eavesdropper.
OVERVIEW OF GSM
GSM (group special mobile or general system for mobile communications) is the Pan-European standard for digital cellular communications. The Group Special Mobile was established in 1982 within the European Conference of Post and Telecommunication Administrations (CEPT). A Further important step in the history of GSM as a standard for a digital mobile cellular communications was the signing of a GSM Memorandum of Understanding (MoU) in 1987 in which 18 nations committed themselves to implement cellular networks based on the GSM specifications. In 1991 the first GSM based networks commenced operations. GSM provides enhanced features over older analog-based systems, which are summarized below:
Total Mobility: The subscriber has the advantage of a Pan-European system allowing him to communicate from everywhere and to be called in any area served by a GSM cellular network using the same assigned telephone number, even outside his home location. The calling party does not need to be informed about the called person's location because the GSM networks are responsible for the location tasks. With his personal chipcard he can use a telephone in a rental car, for example, even outside his home location. This mobility feature is preferred by many business people who constantly need to be in touch with their headquarters.
High Capacity and Optimal Spectrum Allocation: The former analog-based cellular networks had to combat capacity problems, particularly in metropolitan areas. Through a more efficient utilization of the assigned frequency bandwidth and smaller cell sizes, the GSM System is capable of serving a greater number of subscribers. The optimal use of the available spectrum is achieved through the application Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), efficient half-rate and full-rate speech coding, and the Gaussian Minimum Shift Keying (GMSK) modulation scheme.
Security: The security methods standardized for the GSM System make it the most secure cellular telecommunications standard currently available. Although the confidentiality of a call and anonymity of the GSM subscriber is only guaranteed on the radio channel, this is a major step in achieving end-to- end security. The subscriber's anonymity is ensured through the use of temporary identification numbers. The confidentiality of the communication itself on the radio page link is performed by the application of encryption algorithms and frequency hopping which could only be realized using digital systems and signaling.
Services: The list of services available to GSM subscribers typically includes the following: voice communication, facsimile, voice mail, short message transmission, data transmission and supplemental services such as call forwarding.
GSM RADIO CHANNEL
The GSM standard specifies the frequency bands of 890 to 915 MHz for the uplink band, and 935 to 960 MHz for the downlink band, with each band divided up into 200 kHz channels. Other features of the radio channel interface include adaptive time alignment, GMSK modulation, discontinuous transmission and reception, and slow frequency hopping. Adaptive time alignment enables the MS to correct its transmit timeslot for propagation delay. GMSK modulation provides the spectral efficiency and low out-of-band interference required in the GSM system. Discontinuous transmission and reception refers to the MS powering down during idle periods and serves the dual purpose of reducing co-channel interference and extending the portable unit's battery life. Slow frequency hopping is an additional feature of the GSM radio channel interface which helps to counter the effects of Rayleigh fading and co-channel interference.
TDMA Frame Structures, Channel Types, and Burst Types
The 200 kHz channels in each band are further subdivided into 577 ms timeslots, with 8 timeslots comprising a TDMA frame of 4.6 ms. Either 26 or 51 TDMA frames are grouped into multiframes (120 or 235 ms), depending on whether the channel is for traffic or control data. Either 51 or 26 of the multiframes (again depending on the channel type) make up one superframe (6.12 s). A hyperframe is composed of 2048 superframes, for a total duration of 3 hours, 28 minutes, 53 seconds, and 760 ms. The TDMA frame structure has an associated 22-bit sequence number which uniquely identifies a TDMA frame within a given hyperframe. Figure 1 illustrates the various TDMA frame structures.
Figure 1 TDMA Frame Structures
The various logical channels which are mapped onto the TDMA frame structure may be grouped into traffic channels (TCHs) used to carry voice or user data, and control channels (CCHs) used to carry signaling and synchronization data. Control channels are further divided into broadcast control channels, common control channels, and dedicated control channels.
Each timeslot within a TDMA frame contains modulated data referred to as a "burst". There are five burst types (normal, frequency correction, synchronization, dummy, and access bursts), with the normal burst being discussed in detail here. The bit rate of the radio channel is 270.833 kbit/sec, which corresponds to a timeslot duration of 156.25 bits. The normal burst is composed of a 3-bit start sequence, 116 bits of payload, a 26-bit training sequence used to help counter the effects of multipath interference, a 3-bit stop sequence required by the channel coder, and a guard period (8.25 bit durations) which is a "cushion" to allow for different arrival times of bursts in adjacent timeslots from geographically disperse MSs. Two bits from the 116-bit payload are used by the Fast Associated Control Channel (FACCH) to signal that a given burst has been borrowed, leaving a total of 114 bits of payload. Figure 2 illustrates the structure of the normal burst.
3 bits 58 bit; 26 bit; 5 8 bit; 3 bits 8.25 bit;
Tiaimng Sequence Payload Stop Guaid Peiiod
Figure 2 Normal Burst Structure
Speech Coding, Channel Coding, and Interleaving
The speech coding algorithm used in GSM is based on a rectangular pulse excited linear predictive coder with long-term prediction (RPE-LTP). The speech coder produces samples at 20 ms intervals at a 13 kbps bit rate, producing 260 bits per sample or frame. These 260 bits are divided into 182 class 1 and 78 class 2 bits based on a subjective evaluation of their sensitivity to bit errors, with the class 1 bits being the most sensitive. Channel coding involves the addition of parity check bits and half-rate convolutional coding of the 260-bit output of the speech coder. The output of the channel coder is a 456-bit frame, which is divided into eight 57-bit components and interleaved over eight consecutive 114-bit TDMA frames. Each TDMA frame correspondingly consists of two sets of 57 bits from two separate 456-bit channel coder frames. The result of channel coding and interleaving is to counter the effects of fading channel interference and other sources of bit errors.
Overview of Cryptography
This section provides a brief overview of cryptography, with an emphasis on the features that appear in the GSM system.
Symmetric Algorithms
Symmetric algorithms are algorithms in which the encryption and decryption use the same key. For example, if the plaintext is denoted by the variable P, the ciphertext by C, the encryption with key x by the function Ex( ), and the decryption with key x by Dx( ), then the symmetric algorithms are functionally described as follows:
C=Ex(P) P=Dx© P=Dx(Ex(P))
For a good encryption algorithm, the security of the data rests with the security of the key, which introduces the problem of key management for symmetric algorithms. The most widely-known example of a symmetric algorithm is the Data Encryption Standard (DES). Symmetric encryption algorithms may be further divided into block ciphers and stream ciphers.
Block Ciphers
As the name suggests, block ciphers encrypt or decrypt data in blocks or groups of bits. DES uses a 56-bit key and processes data in 64- bit blocks, producing 64-bits of encrypted data for 64-bits of input, and vice-versa. Block algorithms are further characterized by their mode of operation, such as electronic code book (ECB), cipher block chaining (CBC) and cipher feedback (CFB). CBC and CFB are examples of modes of operation where the encryption of successive blocks is dependent on the output of one or more previous encryptions. These modes are desirable because they break up the one-to-one correspondence between ciphertext blocks and plaintext blocks (as in ECB mode). Block ciphers may even be implemented as a component of a stream cipher.
Stream Ciphers
Stream ciphers operate on a bit-by-bit basis, producing a single encrypted bit for a single plaintext bit. Stream ciphers are commonly implemented as the exclusive-or (XOR) of the data stream with the keystream. The security of a stream cipher is determined by the properties of the keystream. A completely random keystream would effectively implement an unbreakable one-time pad encryption, and a deterministic keystream with a short period would provide very little security.
Linear Feedback Shift Registers (LFSRs) are a key component of many stream ciphers. LFSRs are implemented as a shift register where the vacant bit created by the shifting is a function of the previous states. With the correct choice of feedback taps, LFSRs can function as pseudo
INTRODUCTION
The motivations for security in cellular telecommunications systems are to secure conversations and signaling data from interception as well as to prevent cellular telephone fraud. With the older analog-based cellular telephone systems such as the Advanced Mobile Phone System (AMPS) and the Total Access Communication System (TACS), it is a relatively simple matter for the radio hobbyist to intercept cellular telephone conversations with a police scanner. A well-publicized case involved a potentially embarrassing cellular telephone conversation with a member of the British royal family being recorded and released to the media. Another security consideration with cellular telecommunications systems involves identification credentials such as the Electronic Serial Number (ESN), which are transmitted "in the clear" in analog systems. With more complicated equipment, it is possible to receive the ESN and use it to commit cellular telephone fraud by "cloning" another cellular phone and placing calls with it. Estimates for cellular fraud in the U.S. in 1993 are as high as $500 million. The procedure wherein the Mobile Station (MS) registers its location with the system is also vulnerable to interception and permits the subscriber's location to be monitored even when a call is not in progress, as evidenced by the recent highly-publicized police pursuit of a famous U.S. athlete.
The security and authentication mechanisms incorporated in GSM make it the most secure mobile communication standard currently available, particularly in comparison to the analog systems described above. Part of the enhanced security of GSM is due to the fact that it is a digital system utilizing a speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital modulation, slow frequency hopping, and Time Division Multiple Access (TDMA) time slot architecture. To intercept and reconstruct this signal would require more highly specialized and expensive equipment than a police scanner to perform the reception, synchronization, and decoding of the signal. In addition, the authentication and encryption capabilities discussed in this paper ensure the security of GSM cellular telephone conversations and subscriber identification credentials against even the determined eavesdropper.
OVERVIEW OF GSM
GSM (group special mobile or general system for mobile communications) is the Pan-European standard for digital cellular communications. The Group Special Mobile was established in 1982 within the European Conference of Post and Telecommunication Administrations (CEPT). A Further important step in the history of GSM as a standard for a digital mobile cellular communications was the signing of a GSM Memorandum of Understanding (MoU) in 1987 in which 18 nations committed themselves to implement cellular networks based on the GSM specifications. In 1991 the first GSM based networks commenced operations. GSM provides enhanced features over older analog-based systems, which are summarized below:
Total Mobility: The subscriber has the advantage of a Pan-European system allowing him to communicate from everywhere and to be called in any area served by a GSM cellular network using the same assigned telephone number, even outside his home location. The calling party does not need to be informed about the called person's location because the GSM networks are responsible for the location tasks. With his personal chipcard he can use a telephone in a rental car, for example, even outside his home location. This mobility feature is preferred by many business people who constantly need to be in touch with their headquarters.
High Capacity and Optimal Spectrum Allocation: The former analog-based cellular networks had to combat capacity problems, particularly in metropolitan areas. Through a more efficient utilization of the assigned frequency bandwidth and smaller cell sizes, the GSM System is capable of serving a greater number of subscribers. The optimal use of the available spectrum is achieved through the application Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), efficient half-rate and full-rate speech coding, and the Gaussian Minimum Shift Keying (GMSK) modulation scheme.
Security: The security methods standardized for the GSM System make it the most secure cellular telecommunications standard currently available. Although the confidentiality of a call and anonymity of the GSM subscriber is only guaranteed on the radio channel, this is a major step in achieving end-to- end security. The subscriber's anonymity is ensured through the use of temporary identification numbers. The confidentiality of the communication itself on the radio page link is performed by the application of encryption algorithms and frequency hopping which could only be realized using digital systems and signaling.
Services: The list of services available to GSM subscribers typically includes the following: voice communication, facsimile, voice mail, short message transmission, data transmission and supplemental services such as call forwarding.
GSM RADIO CHANNEL
The GSM standard specifies the frequency bands of 890 to 915 MHz for the uplink band, and 935 to 960 MHz for the downlink band, with each band divided up into 200 kHz channels. Other features of the radio channel interface include adaptive time alignment, GMSK modulation, discontinuous transmission and reception, and slow frequency hopping. Adaptive time alignment enables the MS to correct its transmit timeslot for propagation delay. GMSK modulation provides the spectral efficiency and low out-of-band interference required in the GSM system. Discontinuous transmission and reception refers to the MS powering down during idle periods and serves the dual purpose of reducing co-channel interference and extending the portable unit's battery life. Slow frequency hopping is an additional feature of the GSM radio channel interface which helps to counter the effects of Rayleigh fading and co-channel interference.
TDMA Frame Structures, Channel Types, and Burst Types
The 200 kHz channels in each band are further subdivided into 577 ms timeslots, with 8 timeslots comprising a TDMA frame of 4.6 ms. Either 26 or 51 TDMA frames are grouped into multiframes (120 or 235 ms), depending on whether the channel is for traffic or control data. Either 51 or 26 of the multiframes (again depending on the channel type) make up one superframe (6.12 s). A hyperframe is composed of 2048 superframes, for a total duration of 3 hours, 28 minutes, 53 seconds, and 760 ms. The TDMA frame structure has an associated 22-bit sequence number which uniquely identifies a TDMA frame within a given hyperframe. Figure 1 illustrates the various TDMA frame structures.
Figure 1 TDMA Frame Structures
The various logical channels which are mapped onto the TDMA frame structure may be grouped into traffic channels (TCHs) used to carry voice or user data, and control channels (CCHs) used to carry signaling and synchronization data. Control channels are further divided into broadcast control channels, common control channels, and dedicated control channels.
Each timeslot within a TDMA frame contains modulated data referred to as a "burst". There are five burst types (normal, frequency correction, synchronization, dummy, and access bursts), with the normal burst being discussed in detail here. The bit rate of the radio channel is 270.833 kbit/sec, which corresponds to a timeslot duration of 156.25 bits. The normal burst is composed of a 3-bit start sequence, 116 bits of payload, a 26-bit training sequence used to help counter the effects of multipath interference, a 3-bit stop sequence required by the channel coder, and a guard period (8.25 bit durations) which is a "cushion" to allow for different arrival times of bursts in adjacent timeslots from geographically disperse MSs. Two bits from the 116-bit payload are used by the Fast Associated Control Channel (FACCH) to signal that a given burst has been borrowed, leaving a total of 114 bits of payload. Figure 2 illustrates the structure of the normal burst.
3 bits 58 bit; 26 bit; 5 8 bit; 3 bits 8.25 bit;
Tiaimng Sequence Payload Stop Guaid Peiiod
Figure 2 Normal Burst Structure
Speech Coding, Channel Coding, and Interleaving
The speech coding algorithm used in GSM is based on a rectangular pulse excited linear predictive coder with long-term prediction (RPE-LTP). The speech coder produces samples at 20 ms intervals at a 13 kbps bit rate, producing 260 bits per sample or frame. These 260 bits are divided into 182 class 1 and 78 class 2 bits based on a subjective evaluation of their sensitivity to bit errors, with the class 1 bits being the most sensitive. Channel coding involves the addition of parity check bits and half-rate convolutional coding of the 260-bit output of the speech coder. The output of the channel coder is a 456-bit frame, which is divided into eight 57-bit components and interleaved over eight consecutive 114-bit TDMA frames. Each TDMA frame correspondingly consists of two sets of 57 bits from two separate 456-bit channel coder frames. The result of channel coding and interleaving is to counter the effects of fading channel interference and other sources of bit errors.
Overview of Cryptography
This section provides a brief overview of cryptography, with an emphasis on the features that appear in the GSM system.
Symmetric Algorithms
Symmetric algorithms are algorithms in which the encryption and decryption use the same key. For example, if the plaintext is denoted by the variable P, the ciphertext by C, the encryption with key x by the function Ex( ), and the decryption with key x by Dx( ), then the symmetric algorithms are functionally described as follows:
C=Ex(P) P=Dx© P=Dx(Ex(P))
For a good encryption algorithm, the security of the data rests with the security of the key, which introduces the problem of key management for symmetric algorithms. The most widely-known example of a symmetric algorithm is the Data Encryption Standard (DES). Symmetric encryption algorithms may be further divided into block ciphers and stream ciphers.
Block Ciphers
As the name suggests, block ciphers encrypt or decrypt data in blocks or groups of bits. DES uses a 56-bit key and processes data in 64- bit blocks, producing 64-bits of encrypted data for 64-bits of input, and vice-versa. Block algorithms are further characterized by their mode of operation, such as electronic code book (ECB), cipher block chaining (CBC) and cipher feedback (CFB). CBC and CFB are examples of modes of operation where the encryption of successive blocks is dependent on the output of one or more previous encryptions. These modes are desirable because they break up the one-to-one correspondence between ciphertext blocks and plaintext blocks (as in ECB mode). Block ciphers may even be implemented as a component of a stream cipher.
Stream Ciphers
Stream ciphers operate on a bit-by-bit basis, producing a single encrypted bit for a single plaintext bit. Stream ciphers are commonly implemented as the exclusive-or (XOR) of the data stream with the keystream. The security of a stream cipher is determined by the properties of the keystream. A completely random keystream would effectively implement an unbreakable one-time pad encryption, and a deterministic keystream with a short period would provide very little security.
Linear Feedback Shift Registers (LFSRs) are a key component of many stream ciphers. LFSRs are implemented as a shift register where the vacant bit created by the shifting is a function of the previous states. With the correct choice of feedback taps, LFSRs can function as pseudo
