Cryptography Reference
In-Depth Information
for encryption and MACs are derived from
K
i
. The use of a SIM also makes key
change relatively straightforward.
12.3.6
GSM and UMTS security issues
GSM broke new ground for the mass use of cryptography. It provided, and to an
extent still provides, good security for a rapidly expanding mobile phone network.
GSM was, by and large, well designed and the basic security architecture of GSM
is preserved in UMTS, which tightens up on the security offered by GSM.
It is worth remembering, however, that GSM and UMTS are deliberately not
designed to provide end-to-end security. The design goal of being 'as secure as the
PSTN' means that, just like a conventional telephone call, a mobile telephone
call may still be intercepted after it has been switched into the conventional
PSTN infrastructure.
12.3.7
GSM and UMTS design issues
The main design issues emerging from our study of GSM and UMTS are the
following:
Use of symmetric cryptography
. The closed nature of the application environ-
ment lends itself to adoption of a fully symmetric solution. The properties of
stream ciphers are highly suited to mobile telecommunications.
Adaptation to evolving constraints
. GSM was designed under several con-
straints, including cryptographic export restrictions and the apparent lack of
a need for mobile operator authentication. As the environment determining
these constraints evolved, the redesigned security mechanisms of UMTS took
these into account.
Shift from proprietary to publicly known algorithms
. Mobile telecommu-
nications provide a plausible environment for the adoption of proprietary
cryptographic algorithms. However, subsequent weaknesses in some of the
original GSM algorithms may well have influenced the use of publicly known
algorithms in UMTS.
Flexibility, but only when appropriate
. Just as we saw for WLAN security
in Section 12.2, GSM and UMTS only prescribe particular cryptographic
algorithms when this is essential, leaving a degree of flexibility to mobile
operators. That said, in UMTS mobile operators are strongly encouraged to
follow central recommendations.
Financial sector organisations are the most established commercial users of
cryptography. They oversee global networks that use cryptographic services to
provide security for financial transactions. We will demonstrate some of the ways
