Authentication In GSM
- The security procedures in GSM are aimed at protecting the network against unauthorized access and protecting the privacy of mobile subscriber against eavesdropping,
- Eavesdropping on subscriber communication is prevented by ciphering the information.
- To protect identity and location of the subscriber the appropriate signalling channels are ciphered and Temporary Subscriber Identity (TMSI) instead of IMSI is used over the radio path.
- At the time of initiating a service, the mobile terminal is powered on the subscriber may be required to enter 4-8 digits Password Identification Number (PIN) to validate the ownership of the SIM.
- At the time of service provisioning the IMSI, the individual subscriber authentication key (Ki), the authentication algorithm (A3), the cipher key generation algorithm (A8) and the encryption algorithm (A5) are programmed into the SIM by GSM operator.
- The A3 ciphering algorithm is used to authenticate each mobile by verifying the user password within the SIM with the cryptographic key at the MSC. The A5 ciphering algorithm is used for encryption. It provides scrambling for 114 coded bits sent in each TS. The A8 is used for ciphering key.
- The IMSI and the secret authentication key (Ki) are specific to each mobile station, the authentication algorithm A3 and A8 are different for different networks and operators encryption algorithm A5 is unique and needs to be used across all GSM network operators.
- The authentication centre is responsible for all security aspects and its function is closely linked with HLR.
- The secret authentication key (Ki) is not known to mobile user and is the property of service provider, the home system of the mobile station (MS) generates the random number say Rand which is 126 bit number. This random number is sent to MS. The MS uses A3 algorithm to authenticate the user. The algorithm A3 uses Ki and Rand number to generate a signed result called s_RES. MS sends s_RES to home system of MS.
- In the home system authentication contains Ki and it also uses the same authentication algorithm A3 to authenticate the valid user. The A3 algorithm use Ki and Rand generated by home system to generate a signed result called〖(s〗_RES). The s_RES generated by MS and authentication centre are compared. If both s_RES are identical only then the user is valid and access is granted otherwise not.
Security in GSM
GSM allows three-band phones to be used seamlessly in more than 160 countries.
In GSM, security is implemented in three entities:
1) Subscriber identity module (SIM) contains authentication key Ki (64-bit), ciphering key (Kc) generating algorithm, and authentication algorithm. SIM is a single chip computer containing the operating system (OS), the file system, and applications. SIM is protected by a PIN and owned by an operator. SIM applications can be written with a SIM tool kit.
2) GSM handset contains ciphering algorithm.
3) Network uses algorithms and IDs that are stored in the authentication center.
Degree of security in GSM is higher basic security mechanisms are:
a) Access control and authentication :It prevents access by unregistered users.
b) Encryption: It prevents unauthorized listening.
c) Confidentiality: It prevents subscriber’s location discloser.