Introduction

The Global System for Mobile Communications (GSM) is the most popular standard for mobile phones in the world today. The biggest benefit offered by GSM today is the international roaming for its subscribers. Origins of GSM lie in Europe in 1982 when it was introduced as an improvement over the analog First Generation wireless systems. The most important design shift incorporated in GSM was the shift from analog system to digital system.

GSM Components

The GSM structure is primarily composed of three parts:

·         Mobile Station (MS): e.g. mobile handset, MS contains Subscriber Identity Module (SIM). Each subscriber is given a unique identity, called International Mobile Subscriber Identity (IMSI). During authentication procedures MS is identified by a Temporary Mobile Subscriber Identity (TMSI).

·         Base station subsystem: primarily composed of Base Transceiver Stations (BTS) and Base Station Controllers (BSC)

·         Network subsystem: primarily composed of Mobile Switching Centers (MSC) and databases like Home Location Register (HLR), Visitor Location Register (VLR).

GSM Security: Current Plan

With its widespread application across the world, the GSM technology has introduced many new security features against fraudulent access. The security philosophy of GSM is driven by the concerns to ensure the following:

·         Confidentiality of subscriber’s identity: Subscriber’s identity, which is a unique number IMSI, is not sent through over-the-air channel in clear (without encryption), for this a temporary identity TMSI is used through which network retrieves IMSI. IMSI is always sent through a secure channel.

·         Authentication of subscriber’s identity: authentication of the subscriber is done through challenge response mechanism.

·         Confidentiality of user and signaling data: in the current GSM scheme a secret key between user and network is established to communicate through over-the-air insecure channel which ensures confidentiality of user and signaling data.

GSM Security: The Future

Today the scope of mobile communication spans many more facilities than mere voice communication. The level of sophistication in the recent mobile applications is incredible.  Mobile communication systems can be used in applications such as banking, cash debit and credit, entertainment etc. Needless to say, such advancement in the functionality has also exposed the users to much greater security risks. In such applications where higher level of security is needed, conventional model of GSM security through secret key cryptography can not sufficiently fulfill the security needs. Asymmetric key cryptography gives greater means of authentication, integrity and non repudiation and thus can be applied in such applications.

In asymmetric key cryptography two different keys namely public key and private key are used for encryption and decryption. A public private key pair are mathematically related but cannot be retrieved by one another. Public key of a particular user is known to everyone. If some party wants to send some message to the user, the party uses user’s public key to encrypt the message, now the message can only be decrypted using private key of the corresponding public key.

When a user sends some message, he should be unable to deny his act. This is called non-repudiation. In asymmetric key cryptography non repudiation can be guaranteed if user digitally signs some message with his private key as only corresponding public key of that user can decrypt it.