StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

GSM Phone Security - Coursework Example

Cite this document
Summary
The writer of the paper “GSM Phone Security” states that there are specific attacks that can be done on the GSM phone. There are however countermeasures that can as well be taken to try and prevent these attacks or at least limit the attacks for that matter…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.4% of users find it useful
GSM Phone Security
Read Text Preview

Extract of sample "GSM Phone Security"

GSM PHONE SECURITY Table of Contents Table of Contents 2 Executive Summary 3 Introduction 4 Wireless Networks Security Features 4 GSM Networks Security Mechanisms 6 Recent Research on GSM Attacks 7 Risks and Threats 9 Countermeasures 10 Conclusion 11 References 13 Executive Summary Recently, there have been cases reported of eavesdropping on cell conversations. These stories have made it to the news as a result of research that was published in the late 2009. The research paper showed that it was possible for one to crack the encryption on a GSM cell phone. Today, GSM technology is the most popular as well as the most deployed. Just as the CEO is a GSM cell phone user, so are 80% of all cell phone users. There are four different types of encryption that is deployed on the GSM phones: A5/1, A5/3 as well as the A5/2. The most common of these is the A5/1. The A5/3 is the most recent standard and has proven to better than the previous standards in terms of security but has its loopholes too. The perceived weakness of the GSM cell phone is basically because of the encryption being deployed by the model. This is a loop hole that can be a security threat to the company as the CEO uses the phone for all her conversations as well as email communication. The phone can be hacked into and all the data can be accessed. The loss of data concerning future inventions and innovations that the organization is working on can be quite catastrophic on the organizations future as well as image. There are specific attacks that can be done on the GSM phone. There are however countermeasures that can as well be taken to try and prevent these attacks or limit the attacks for that matter. Since the organization is migrating to another communication method, this paper seeks to help the CEO understand the threats that the use of her GSM phone pose as well as the countermeasures. However these are only temporary solutions as to allow for the organization to migrate to another technology within three months without incidences. The paper also includes an action plan for the smooth migration. Introduction Global Communications Enterprises (GCE), might be a small technology company but has a bright and great future ahead. However, this future can prove to be dim if the right steps and paths are not followed. One such path is the communication methods that are employed at the organization. The CEO of GCE uses GSM (Global System for Mobile Communication) which is the most popular mobile phone technology being use by majority of mobile phone users in the whole world. The CEO uses the GSM phone for all her communication. The emails that she sends to fellow workers as well as employees are sent from her GSM phone, these include confidential emails concerning the organizations future technology plans. This is her only communication gadget. With the kind of encryption that is employed by the GSM phone, it would be and honest opinion to state that the company is at risk. The risk would be posed by the use of the GSM phone to communicate confidential information. There are several risks that are posed by the use of the GSM phone. The conversation can be eavesdropped upon by a third party when one uses the GSM phone. This is possible due to the fact that GSM encryption can be hacked (Nohl, 2009). There are other risks that a GSM phone user is prone to. Wireless Networks Security Features Security in the wireless networks is a key element in these networks as the users tend to store personal information in these phones. The users have a tendency to store mission critical and even organizational information on these phones. The weaknesses in the security of these networks originate from both the security protocol flaws as well as multiple security schemes that are incompatible. The user then makes a mistake of trusting the entire system and tends to convey personal or confidential information on it. There are many security issues that are posed by the wireless environment like, integrity, authentication, non-repetition as well as accessibility. Convenience of use as well as speed might also be an issue (Varshney U., 2003). Therefore, the type of data being transmitted will determine the type of security strategy to be employed. The estimated loss in the case of eavesdropping should also be considered (Figure 1). If denial of service occurs, then it is only right to assume the worst that another attack is on the way. Figure 1: Wireless Network Security Issues For best results, and end-to-end application of the security strategy is required i.e. from the data source to its destination. A good example is in WAP where encryption is between the wap gateway and the mobile device (Ghosh & Swaminatha, 2001). GSM Networks Security Mechanisms Confidentiality and security in the GSM network helped create an influence and perception that it was the most superior to other communication systems. Its success influenced the development of other innovations like the Personal Handy Phone System (PHS), Code Division Multiple Access (CDMA) as well as the Digital Enhanced Cordless Telecommunications (DECT). With the large number of users, GSM is always a potential target for attacks. These attacks are due to different reasons and types like; call forwarding, roaming fraud, bogus registration details as well as terminal theft. There are fraud management systems that have a variety of indicators which they use to monitor phone numbers to try and determine fraud. They check indicators like, large and indefinite variations in phone use, variations of call times as well as large variations of payment being made by a user (Emmanuel G., 2001). The GSM system has known security issues: When there is connection to fixed network, signaling and communication traffic are not usually protected. It therefore is as secure as the network it is connecting to. Active attacks such as camping on false BTS as well as identity cashing are not addressed by the GSM infrastructure (Steve L., 2003). Lawful interception of was not a forethought. The authentication and cryptographic mechanism in GSM is quite hard to upgrade (Niels F., Bruce S., 2003). There are five known and acknowledged attacker capabilities that affect the GSM networks security (Table 1). The easiest to do is the first while the last capability is the hardest and requires more investment in hardware as well as skill to be able to do (Emmanuel G., 2001). Table 1: Attacker Capabilities Easier Most difficult Eavesdropping This is the ability of an intruder to intercept signaling information as well as traffic associated to others. One requires a modified cell phone. User impersonation In this case, the hacker sends rogue data to the network. This data is made to appear as from another user. The equipment used is a modified cell phone. Network impersonation In this case, the hacker sends rogue data to the network. This data is made to appear as from another network. The equipment used is a modified cell phone. Man in the middle (MITM) In this case, the attackers place themselves between the genuine user and the network and access all communication between the two. The equipment used is a modified cell phone as well as a modified BTS. Compromise of a Network authentication The attacker creates a compromised authentication vector (integrity keys, cipher keys, challenge response pairs etc.). Recent Research on GSM Attacks There are security researches that have been conducted that show that the GSM phone has weaknesses on its encryption. The attacks have been categorized as passive as well as active. According to research, active research is done using a gadget called an ‘IMSI Catcher” which is also referred to as a VBTS (virtual base transmission station) (Frick, 2000). This device emulates a mobile phone base station. The gadget exploits the requirement that it is the GSM phone that supposedly authenticates to the network and it is not the other way around. The device acts by intercepting the communication from the middle by listening in on the conversation as it passes to be communicated to the required mobile phone. In passive scanning, the encryption of the GSM phone is broken into using a laptop and programmable antennae. The hacker acts by sniffing into the communication channels and grabs different traffic that is passing accessing a data file. The data is saved and taken offline where it is decrypted and the data can be accessed when it is raw. Weaknesses have been shown in the GSM phone in the past although it was considered to be almost impractical to carry out an attack on the mobile phones. In the years 2008 and 2009, practical methods that can be used to crack the GSM phone were presented in researches. This specifically targeted the GSM A5/1 encryption (William S., 2003). At Schmoo con, Hulton presented research that claimed that there was a possibility that GSM encryption could be cracked (Houlton, 2008). IN the research, FBGA (field programmable gate arrays) are used in the reduction of the computation time. He said that the encryption could be broken and cracked within 30 minutes and more so in 30 seconds if a multi-node cluster was deployed. There was a follow up on this research in the year 2009 where it was stated that open source components could be used to carry out interception (Nohl, 2009). Previously complicated hardware was used to set up stations. The pre-computed tables have been used to carry out attacks on the A5/1 algorithm. According to the Nohl research, the tables were calculated by the use of optimized algorithms on the GPUs (graphical processing units) and PlayStations as well. Researchers have proved that practical attacks carried out against the GSM A5/3 are also possible. Nohl proposed in his paper a semi-active attack using the A5/3 and A5/1 traffic (Nohl, 2009). Dunkelman on the other hand published a research stating the use of a “sandwich attack” to attack the block cipher in A5/3 (Dunkelman, 2010). Finally, the cell phone networks providers are obligated by their government’s regulations to provide the government agencies with access to their networks for the purpose of court ordered eavesdropping on cell phone conversations. Thereby, as much as the provider network might be secure, they are required to have a built in loop hole to allow for permitted or legalized eavesdropping. Risks and Threats There is a risk on the use of the GSM phone by the organizations CEO. This is due to one risk: snooping. This kind of risk is evaluated by taking a critical look at what the attackers would require as well as the likelihood that an attack will be carried out. For the attackers, the latest and most common types of attacks are the passive attacks. These are more popular as the past types where there was the use of rogue base stations were easily detected. The more recent passive attacks allow for attack without possible detection. The risks involved in this type of attack are therefore minimal. There is a premeditated code book that is used in these types of passive attacks. This book makes it easy to carry out attacks as well as reduce the risks of being detected. However, according to the author, a ‘Non-trivial RF setup’ (Nohl, 2009) is required. It is quite difficult to state all the possible threats to the GSM phone. However, the profile of an attacker can be identified. First of all, the hardware used to carry out the attack is quite expensive; thereby not anyone can afford the hardware. These persons would also have to hire personnel to manage the interceptor system. The persons would also be willing to break the law knowingly as hacking is illegal. With these kinds of characteristics, we are sure that the persons doing the hacking cannot be opportunist but people who are serious with what they are doing as well as have the resources to do it. So it would practically take an organization or group of persons to try and hack the CEO’s GSM phone and the organizations communication system. According to CellCrypt’s Simon Bransfield-Garth, it would take a well-funded criminal organization to carry out call interception (O’brien, 2009). As the CEO does her rounds in the facility and uses her GSM phone, she could be in danger of an attack as this is a static place that the attackers can stage the hack. The attackers would also need to know the phone numbers of the executives. These can be acquired from public places, social engineering as well as from other staff working at the organization. The organization should consider itself at risk of being attacked and should take counter measure to make sure that this does not take place. Overall this risk is rated as being a moderate risk though very possible. Countermeasures With regard to corporations such as GCE as well as individual users like the CEO, the greatest risk remains to be the capture and decryption of the wireless mobile phone signal. There are risks that are associated with the loss of data contained in the cell phones or that is transferred through the cell phones like through the email messaging system. There are several technical as well as non-technical steps to take: The organization should formulate a mobile phone usage policy that will prohibit the use of the GSM in the communication of confidential or organization information. A mobile phone security awareness training should be conducted to educate the staff on things such as: to always assume that the mobile phone conversations that take place are insecure just as the email and are susceptible to interception as well as eavesdropping, the text messages should be treated like the email, always use a complex password that has mixed digits as well as symbols, secure the messages as well as the conversations that are in the phone as much as possible, always make sure that your phone is attended to as the hacker would only need few minutes with your phone to install a malicious software or hardware or to even steal it. The mobile phone users should also be advised to always turn off the Bluetooth wireless of their phone unless in use. The Bluetooth headsets are not to be used at all when carrying out conversations that are sensitive. These Bluetooth devices can be sniffed. This attack would not even require the attacker to bypass any encryption. If an employee needs to carry out a conversation over the mobile phone, then they should go to a location where they cannot be overhead. As in the case of the CEO, she should not carry on conversations that are confidential in the factory by probably within the doors of her office. She should also use code words to communicate certain messages to the second party so that she can confuse anyone who might try to eavesdrop on her conversations. The coding should also apply to the email that she sends using her phone. She should at least ascertain that her phone uses the A5/3 standards which is more secure that the other two i.e. A5/1 and A5/2. It would also be better to use smartphones for more secure conversations and communication. An end to end voice encryption can also be employed (e.g. Rohde & Schwartz or CellCrypt). Conclusion Dealing with the security issues of the wireless technology is quite complex. Whereas in the wired network technology tapping is usually done though the accessing of the communication links physically, in the case of the wireless networks the relayed information is conveyed over radio waves. This makes the wireless technology more susceptible to eavesdropping. We have discussed the different security loop holes of the GSM mobile phone as well as the countermeasures that can be employed to minimize the risk. However, these are not enough as the technology is not secure enough to be used by the CEO for the communication of the company business especially at this time when at the verge of giving birth to a new innovation. I would advise and advocate for the application of these counter measures as we await the change within the coming three months. References Dunkelman, Orr. (2010). A Practical-time attack on the a5/3. Retrieved from http://eprint.iacr.org/2010/013.pdf Emmanuel Gadaix, “GSM and 3G Security”, Black Hat Conference Singapore, April 2001. Frick, J. (2000, November 8). Method for identifying a mobile phone user or for eavesdropping on outgoing calls. Retrieved from http://v3.espacenet.com/publicationDetails/biblio?CC=EP&NR=1051053&KC=&FT=E Ghosh and Swaminatha, (2001).“M-commerce Security”, Communications of the ACM. Hulton, D. (2008, February). Intercepting gsm traffic. Retrieved from http://blog.washingtonpost.com/securityfix/shmoocon-May8-gsm.pdf Niels Ferguson, Bruce Schneier, Practical Cryptography, Wiley Publishing, Inc., 2003 Alcatel University, Introduction to the Alcatel GSM Network, 2003 Nohl, K. (2009). Gsm srsly?. Retrieved from http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Noh l.GSM.pdf OBrien, K. (2009). Cellphone encryption code is divulged. Retrieved from http://www.nytimes.com/2014/05/8/technology/29hack.html?_r=3&pagewanted=1 Steve Lord, “Bugwatch: GSM security flaws exposed”, VNU Business Publications Limited, 2003, http://www.vnunet.com/vnunet/news/2121449/bugwatchgsm-security-flaws-exposed Upkar Varshney, (2003). “Network access and security issues in ubiquitous computing”, Workshop on Ubiquitous Computing Environment, Cleveland, Valer Bocan, (2004). “Developments in DOS research and mitigating technologies”, Periodica Politehnica, Transactions on Automatic Control and Computer Science, Vol. 49 (63), William Stallings, Cryptography and Network Security, Principles and Practices, Third Edition, Prentice Hall,2003 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(GSM Phone Security Coursework Example | Topics and Well Written Essays - 2500 words, n.d.)
GSM Phone Security Coursework Example | Topics and Well Written Essays - 2500 words. https://studentshare.org/information-technology/1825408-information-security-assignment
(GSM Phone Security Coursework Example | Topics and Well Written Essays - 2500 Words)
GSM Phone Security Coursework Example | Topics and Well Written Essays - 2500 Words. https://studentshare.org/information-technology/1825408-information-security-assignment.
“GSM Phone Security Coursework Example | Topics and Well Written Essays - 2500 Words”. https://studentshare.org/information-technology/1825408-information-security-assignment.
  • Cited: 0 times

CHECK THESE SAMPLES OF GSM Phone Security

Anxiety and Depression

They have not mentioned the role of social security system, need for a strong family network, role of police in allying any fears to life from antisocial elements.... This journal is an attempt by the authors to chronicle the events related with depression, its causation, its natural history, and its predisposing factors....
2 Pages (500 words) Essay

T-Moblie - Nature of Business

The corporate social responsibility programs of the T-Mobile ensure the implications of security and safety guidelines to the society as well as the employees of the company.... On the global level, the International subsidiaries of T-Mobile possess total subscribers which are roughly 150 million in number, which makes it the twelfth-largest service provider of mobile phone in the entire world in terms of subscribers.... The company is originally based in Bonn, Germany, and its subsidiaries function for the UMTS and gsm-based networks of cellular technology in United States, Europe, US Virgin Islands and the Puerto Rico....
2 Pages (500 words) Essay

ESD ( Emergency shout down) tool (chemical engneering)

Emergency Shutdown Tools (ESD) are primarily designed to minimize casualties in an event of emergency, these casualties may vary in nature, from unexpected system flooding, escaping poisonous gases or fire outbreak in areas containing hydrocarbons or any other material that is… Traditionally, they are used in high safety levels, often SIL 2 and 3. The system is made up of an array of sensors capable to detect different incoming signals, alarm system, valves, relays and logic processing units, which in With all the components functioning properly, ESD can process an incoming input from the sensors and sends an output signal to initiate a response that handles the emergency....
4 Pages (1000 words) Essay

Mobile Computing using Mobile Phones

This paper explains how mobilе tеchnology hаs oftеn contributеd to visions of morе pеrsonаlisеd concеptions of cybеrspаcе, whеrе usеrs will cаrry dаtа аround with thеm аnd intеrfаcе with othеr nеtworks viа а smаll dеvicе.... And how mobilе phonеs аrе gеnеrаlly much еаsiеr to usе thаn computеrs....
11 Pages (2750 words) Term Paper

New Ventures are All Around Us

By giving the customers what they want, the company also could have enticed them to return to the company when they desire an upgraded phone, which would, of course, cost the more.... A third missed opportunity for this company is that it did not put enough focus on its mobile phone division, as it was too concerned with breaking into new markets....
12 Pages (3000 words) Assignment

What Is Telecommunication

Take the case of a mobile phone as an innovation which seems to have rendered obsolete the landline communication systems, their connected telephone poles, switchboards and even those who worked for the telephone industry.... This paper outlines that it becomes all the more challenging when, in view of the nature of technology itself, the sole motive that gears these service providers happens to be that “whoever captures the market first gets away with the biggest share of the stake”....
7 Pages (1750 words) Article

Design and Validation of a General Security Model with the Alloy Analyzer

This study "Design and Validation of a General security Model with the Alloy Analyzer" looks at the system and its weakness when alloy modeling is not in place and then later on we take a look at how alloy modeling has influenced the security level of the system.... hellip; Our main reason for the study is to find how the architecture of a system is affected when security is to be included in the general architecture.... We are very interested in the way that this will affect the security of the flight control system....
9 Pages (2250 words) Case Study

Development of a Program for Control of a Home Alarm System

This term paper "Development of a Program for Control of a Home Alarm System" discusses the design of an alarm system for homes that will use PIC18f2520 that has 3 ports that are used for LCD and the alarm system.... The switches and PIC18f2520 will be the interface and the switches.... hellip; Along the way we encountered many problems, learning that programming code must be perfect to run properly....
7 Pages (1750 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us