Cryptography Reference
In-Depth Information
12.3.1
GSM and UMTS background
In Section 12.2.1 we observed that there is an inherent level of physical security
provided by a wired computer network. The same can be said for a wired
telecommunications network. Thus, in a very similar way to the development
of WLANs, the advent of mobile telecommunications brought with it a range of
new threats that did not exist for traditional wired telecommunications networks.
These problems were not recognised by the designers of the first mobile phone
systems. These used analogue signals and did not have suitable protection. Mobile
handsets sent their serial numbers in the clear, leaving them highly susceptible to
cloning. A cloned phone could then be used by an attacker at the expense of the
genuine user. Eavesdropping on calls was also straightforward.
This situation was clearly unacceptable for everyone involved. It raised privacy
concerns formobile phone customers, as well as the considerable inconvenience of
dealing with the aftermath of a phone cloning incident. More significantly, mobile
telecommunications operators faced loss of revenue and reputation through
incidents of fraud.
The shift from analogue to digital communications brought with it the
opportunity to use cryptographic techniques to provide security. In doing so, the
development of the
Global System for Mobile Communication
(GSM) standard
by the
European Telecommunications Standards Institute
(ETSI) brought security
to mobile telecommunications. We will look in some detail at the cryptographic
aspects of GSMsecurity. Third generation, or 3G, mobile phones are characterised
by higher data transmission rates and a much richer range of services. We will
briefly discuss the enhanced security of GSM's successor for 3G phones, the
Universal Mobile Telecommunications System
(UMTS).
The basic architecture of a mobile telecommunications network is shown in
Figure 12.6. The network is divided into a large number of geographic
cells
, each
of which is controlled by a
base station
. A mobile phone first connects with its
nearest base station, which directs communications either to the home network
of the mobile phone user or to other networks in order to transfer call data.
12.3.2
GSM security requirements
One of the main drivers behind GSM's security mechanisms was revenue
protection. Mobile telecommunications is big business and mobile operators pay
substantial sums for the frequency ranges that they use. It is very important to
mobile operators that they charge the right customers for the services that these
customers have genuinely used. However, because mobile telecommunications is
a business, the security provided by GSM must be cost-effective and limited to
that which is strictly necessary.
The overarching design guideline for GSM was that the resulting system
should be
as secure as the Public Switched Telephone Network
(PSTN). This is very
