精品论文Security Analysis and Improvements of GSM AirInterface ProtocolQijie Tang*, Xu LiKey Lab. of Universal Wireless Communications, Ministry of EducationBeijing University of Posts and TelecommunicationsBeijing, P. R. China 100876tqjshmilygmail.comAbstractThis paper presents an overview of the most widely used communications network-Global System of Mobile Communications (GSM) and investigates the current situation of the security feature. In the paper, we analyze the security structure and mechanisms in three aspects, then several attacks against the protocol including Denial of Service (DOS) attack and Man-in-the-Middle (MitM) attack are described. Last part of the paper focuses on countermeasures. Pre-authentication procedure and mutual authentication are considered to be effective ways to mitigate these threats.Keywords: GSM security, Dos, Man-in-the-middle1Introduction Before Second Generation Mobile Communications came up, AMPS and TACS has prevailed for many years. However, its cellular drop rate, interference/interception rate and general fraud was extensive. Its easy for someone who is simply special communication tool supported to tune in and eavesdrop mobile conversations because of lack of encryption of the voice and user data transmitted over the network. To prevent such flaws in mobile communication and make mobile phone traffic more reliable, GSM became a better solution. GSM platform was formed in 1982, It indeed provides a far more secure and confidential method of communication.Nowadays, thousands of millions of people use GSM for communication at any time and anywhere, for business and convenience. Undoubtedly the GSM network is a hugely successful wireless technology and an unprecedented invention of global achievement. GSM network incorporates security mechanisms. Network operators and their customers rely on these mechanisms for the privacy of their calls and for the integrity of the cellular network. The security mechanisms protect the network by authenticating customers to the network, and provide privacy for the customers by encrypting the conversations while transmitted over the air. But in recent years, researchers have been investigating on the vulnerabilities of the protocol and system proving it unsafe actually.Since Encryption methods have been adopted by the network, researches of cracking them are ongoing simultaneously. Alex Biryukov, Adi Shamir and David Wagner showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation 1.Ian Goldberg and David Wagner of the University of California at Berkeley published an analysis of the weaker A5/2 algorithm showing a work factor of 216, or approximately 10 milliseconds.Elad Barkhan, Eli Biham and Nathan Keller of Technion, the Israel Institute of Technology, have shown a ciphertext-only attack against A5/2 that requires only a few dozen milliseconds of encrypted off-the-air traffic. They also described new attacks against A5/1 and A5/3 2.At a later time, Ian Goldberg and David Wagner demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The A8 algorithm takes-1-a 64-bit key, but ten key bits were set to zero. The attack on the A8 algorithm takes just 219 queries to the GSM SIM (Subscriber Identity Module), which takes roughly 8 hours.Josyula R. Rao, Pankaj Rohatgi and Helmut Scherzer of IBM and Stephane Tinguely of the Swiss Federal Institute of Technology have shows a method by which COMP128 can be broken in less than a minute 3.All above researches are based on the vulnerability of the encryption, which will not be included in this paper. If necessary, readers can download them for research of their own. This paper is mainly concerned about flaws in the protocol and their related attacks.The paper is structured as followed: In the second part, we take a look at the mechanisms of GSM that how it works to ensure its security. Section 3 will be the classic attacks to the network. Next part presents some effective measurements against threats. Conclusion will be made in the Section 5.2Security Analysis of GSM Security in wireless networks is an important issue since users are more and more likely to put personal, important or mission-critical data over an infrastructure that is not truly secure. The GSM system indeed provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. In the following, we put every aspect in detail.2. 1Subscriber identity c o n f identi ality The purpose of this function is to avoid an interceptor of the mobile traffi