Satyendra Kr Pandit
Recently, in every parts of world mobile handsets are used by a vast majority. Human beings are not in position to think their life apart from the mobile technology. The GSM network with greatest world wide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generation, there are still many users using 2G system.
At the beginning of 2007, 2.83 billion people are using mobile in which 2.28 billion people are using GLOBAL SERVICE OF MOBILE SYSTEM(GSM).GSM system and its building blocks are depicted in figure (1).
The GSM study group aimed to provide the followings through the GSM:
- (ISDN) and other telephone company improved spectrum efficiency.
- International roaming
- Low-cost mobile sets and base stations (BS).
- High-quality speech.
- Compatibility with Integrated Services Digital Network
The security architecture of GSM was originally intended to provide security services such as anonymity, authentication, and confidentiality of user data and signaling information. The security goals of GSM are as follows:
- Authentication of mobile users for the network.
- Confidentiality of user data and signaling information.
- Anonymity of subscriber’s identity.
WE USES SIM CARD AS SECURITY MODULE. HOW?
The mobile station consists of Mobile equipment (ME) and SIM CARD. The SIM CARD is specific cryptographic smart card in which GSM applications are loaded. As a smart card it has some inherent security functions specified to smart cards. Its operating system and chip hardware’s have several security attributes. SIM includes all necessary information to access subscriber’s account. IMSI and Ki are stored on every SIM. IMSI is the International Mobile Subscriber Identity with at most 15 digits uniquely devoted to every mobile subscriber in the world. Ki (Individual subscriber authentication Key) is a random 128-bits number that is the root cryptographic key used for generating session keys, and authenticating the mobile users to the network. Ki is strictly protected and is stored on the subscriber’s SIM, and AuC. The SIM is itself protected by an optional Personal Identification Number (PIN).Each user is requested to enter the PIN unless this feature is deactivated by the user. After a number of invalid attempts that is usually 3 times, the SIM locks out the PIN, and the PUK (PIN Unlock) is then requested. If the PUK is also incorrectly entered for a number of times that is usually 10 times, the SIM refuses local accesses to its privileged information and authentication functions, and makes itself uselessAuthentication and confidentiality of user data are in deposit of the secrecy of IMSI and Ki. With disclosure of such numbers, anyone can impersonate a legitimate user. A3 and A8 algorithms are also implemented on every SIM. This means that each operator can determine and change such algorithms independent of other operators and hardware manufacturers. Therefore, the authentication will work when a user is roaming on other countries or operators since the local network will query the HLR of the home network for the results and does not need to know the A3/A8 algorithm of the home network. A3 is mainly used for authenticating users to the network while A8 is used for generating the session key of encryption Kc. The network sends a random challenge to the user so that SIM produces Kc and SRES. After user authentication, the network can order the phone to start the encryption by using the generated session key Kc.
WHAT ARE THE CHALLENGES OF GSM?
1. Unilateral authentication and vulnerability to the man-in-the-middle attack:
This is the network that authenticates users. The user does not authenticate network so the attacker can use a false BTS with the same mobile network code as the subscriber’s legitimate network to impersonate himself and perform a man-in-the-middle attack. The attacker can then perform several scenarios to modify or fabricate the exchanged data.
2. Over the air cracking: It is feasible to misuse the vulnerability of COMP128 for extracting the Ki of the target user without any physical access to the SIM. This can be accomplished by sending several challenges over the air to the SIM and analyzing the responses. However, this approach may take several hours. The attacker can also extract IMSI using an approach that will be explained later. After finding Ki and IMSI of the target subscriber, the attacker can clone the SIM and make and receive calls and other services such as SMS in the name of the victim subscriber. However, the attacker will encounter with a slight problem. The GSM network allows only one SIM to access to the network at any given time so if the attacker and the victim subscriber try to access from different locations, the network will realize existence of duplicated cards and disables the affected account.
3.SIM Cloning: SIM-Cloning is an attack, which is known for over 20 years and which stands for copying a SIM-card to a blank card, where data, which are not directly necessary for authentication and services (like contacts, messages, etc.) will be ignored.
For this attack the attacker needs a programmer (Super sim, Sim Max,…) to fulfill the hardware technical requirements for reading the SIM. Also a blank SIM is necessary, on which the elected data will be written. Such blanks could be ’Silver SIM Wafer Cards’. On software-side is a program required, which can readout the keys like Ki, IMSI and ICCID (ID of the SIM-card). This process takes several hours, up to one day, and can be executed by programs like ’Woran Scan’ or ’Sim Max Multi sim’. Further software is required for generating the data for the EEPROM. This work can be done with programs like ’Sim Emu’. Depending on the programmer the blank will be recorded. It depends on the used program,if the card can be directly used. In some cases some settings are necessary such as entering the read keys like Ki. The attack goes like this
(1) Read out the original SIM, (2) Extract the keys (3) Generate necessary EEPROM data (4) Write the data to the blank SIM and (5) Post-processing.
If the PIN is not known, there are a few attacks against the operating system of the mobile device, the specific SIM-card or the mobile device. One of these attacks concerns Apple iOS. On smartphones with the operating system iOS, the PIN is saved into the keychain. The keychain contains encrypted sensible data like passwords, certificates and so on. The basic problem is, that the PIN is saved in the Always This Device Only-class, which means, that the PIN can always been read out, also if the user is not logged into the phone . By jail breaking, an attacker or user can gain access on the keychain, if he has direct access to the device. Since iOS4, it is possible to encrypt the keychain with an additional user key. If the user encrypts the keychain he essentially defeats the attack, because the attack requires the passphrase to be successful. SIM Cloning is easy to realize, because the costs for programmer are not expensive. Practically it can be said that SIM cloning is not too hard task if attacker is able to know the PIN.
Writer is founder & CEO of Bookcuriosity.com. He is Managing editor of “saarthak”