- Authenticate of mobile user for the network: KI(Individual Subscriber Authentication Key) is a random 128-bits number for authenticating mobile subscriber to the network. It's strictly protected and is stored in SIM and AuC.
- Provide anonymity of subscriber identity: Replacing IMSI with a 32-bit Temporary Mobile Subscriber Identity (TMSI). It prevents eavesdropper to track a particular subscriber.
- Using SIM as a security module: It's a cryptographic smart card that contains some security attribute. IMSI (International Mobile Subscriber Identity) and KI (Individual Subscriber Authentication Key) are stored on every SIM. IMSI provide a 15 digits uniquely provided to every mobile subscriber.KI is a random 128-bits number for authenticating mobile subscriber to the network. PIN (Personal Identification Number) and PUK (PIN Unlock) is an option to protect the SIM.
THREATS :
- Anyone with a receiver is able to passively monitor the airwaves: Sending challenges over the air to the SIM and analyzing the response but it may take several hours to do so.
- SIM card cloning: COMP128 algorithm help to extract KI in 8 hours by sending many challenges to the SIM. Besides that, partitioning attack makes attacker capable of extracting KI if they could access the subscriber SIM for just a minute.
- Vulnerability of replay attacks: The attacker can misuse the previously exchanged messages between the subscriber and network in order to perform the attack
- Absence of integrity protection: No provision for any integrity protection of information. Thus, recipient can't verify whether a message has been tampered with,
SOLUTION:
- Using secure algorithms for A3/A8 implementations: This can counter the SIM card cloning but a new SIM card must be distributed and modifying the software of HLR must be done.
- Using secure ciphering algorithms: Operators can use new and more secure algorithm such as A5/3 but upgrading this alone won't be enough as attacker can impersonate the real network and force the MS to deactivate the chipering mode.
- Securing the backbone traffic: Encrypting the traffic between the network components can prevent attacker to eavesdrop or modify the transmitted data.
add in some pictures for GSM and GPRS to briefly explain the technology how it work or video that will introduce the technology. But good effort for providing so much information and this will guide the people the knowledge of the GSM and GPRS. If able to provide any of the diagram or photo it will be pretty good as it show both knowledge and visual. Give more example of the solution so that people can able to use the solution to overcome any of the threat and attack from the network. Anyway you have good key point have there.
ReplyDeletenadhirah mok
1006230E
HELLLOOOOOOOOO!
ReplyDeleteThe post is too simple but there is a video there for the readers to see. Not bad. However, maybe you can put in some images and write the definition in it too. Try to cut down on the words for each point. If not, it would seem like a paragraph instead. Other than that, the points that you have gave are on the right track! Not bad. :)
Done By Xue Yi
Hi Zammerul,
ReplyDeletefor this blog post, there are many things that you can enhance on, like for example, adding some more pictures to explain to readers about what is GSM and GPRS all about, instead of putting words. However, at least there is a video to explain to readers about the technology, not forgetting that the video is rather informative.I believe that there are more things that you can talk about the technologies as well. Overall, I find it quite okay and with the video, it is quite informative.
Koh Kaijie Derrick
1004000D
i believe your information can be better if you explain what the short abbreviations (HLR) means along with more pictures which illustrates the process of the solution. You should also give a brief introduction of what GSM actually means and is mainly used for instead of jumping straight to the features and threats.
ReplyDeleteOther than the above few points that i have mentioned i feel that your post on GSM features and threats along with the solution are informative and keeps other informed about the types of benefits GSM has to offer
Loh Jia Jun, 1002904I
Hi zam
ReplyDeleteyour post is great, nicely written in point form. I find it very easy for readers to read and understand, however you should describe more on some of the words that not commonly seen, such as ki. Besides that, you have provided many useful information, very summerised. One more things, the video you posted is very interesting, it helps readers to understand more of what you are trying to bring across.
lim jun de
1004471G
Hi Zam
ReplyDeleteYour post is relevant and i find it easy to understand. The video helps me to understand about the topic and i find this useful.
Firdaus
0907078J
This comment has been removed by the author.
ReplyDeleteHello there zam, i like the structure of your post and most of it is relevant. There is a video too in your post. Simple and straight forward. Good job.
ReplyDeleteIkhtiari
1000858I
To add on zam, security threat and security solution is done nicely. From your well structured post i could understand and read it easily. The points helped me understand what i am searching for. Good job again.
ReplyDeleteIkhtiari
1000858I
I think it was a very detailed article. I enjoy reading your article because it was well organised and each points were supported with sufficient explaination. This let me understand more about the various security feature as well as how was it link to the threats you have written. Also the solution finalized my understand about how important the security of the mobile network is. Finally an improvement I would make on this article was to add more diagram/picture to simplify the explainations.
ReplyDeleteThian Wen An
(1004543C)