Security issues in mobile computing

There are four basic security services provided by GSM. Anonymity: TMSI assignment; Authentication; Signaling data and voice protection against eavesdropping: encryption; User's SIM module and ME ID.

 Anonymity is the use of a temporary identifier for the MS user. A user's IMSI has to be protected over the air interface. GSM does this by temporarily assigning a user an ID that is known as a TMSI. Both the permanent and temporary IDS are stored in the SIM. When a mobile first switches on his radio set in a new MSCIVLR area, the real identity (IMSI) is used and a temporary identification (TMSI) is issued. From then on the TMSI is used for all communication between mobile and the system.

Authentication is used to identify the network operator. A simple representation of authentication is shown in Figure.

 A random number is generated by the network and sent to the mobile. The mobile uses the random number as the input to the plain text for encryption and, using a secret key unique to the mobile, transforms this into an output (cipher text) that is sent back to the network. The network can check that the mobile really has the right secret key by performing the same process and comparing the responses. In this process a series of bits are transformed by mathematical or logical functions into another series of bits.

The number of transformations is determined by the key so that an exhaustive search of all the possible keys must be made.

 In encryption process the input is Plaintext and the output is Ciphertext. Both authentication and user confidentiality processes involve the use of encipherment algorithms. The following algorithms are used in GSM. A3: Used for subscriber authentication; A5: Used for ciphering/deciphering. This algorithm is standardized throughout all GSM networks; A8: Used for cipher key generation. This algorithm is defined by the PLMN.

 These security features are either implemented as supplementary services that can be selected by the subscriber or as network functions involved in the provision of one or several telecommunication services.

 To a large extent, the use of these three algorithms is interrelated. The GSM encipherment algorithms are not available for general distribution, except to those companies directly involved in its implementation. The use of encipherment is one of several important contributions of GSM. The objective of this chapter is to clearly outline the security features adopted in GSM, which include: (1) TMSI instead of its permanently attached number, called IMSI; (2) authentication; (3) ciphering; and (4) an equipment ID (EID), which assures that no stolen or unauthorized ME is used in the system.