Home > News > Industry News > Security in the GSM system
Industry News
Company News
Latest News

What is an infrared sensor

What is an infrared sensor Infrared sensing system is used for the infrared measurement system for the medium, according to the function can be divi...

The difference between the scope and application of UPS and EPS power

The difference between the scope and application of UPS and EPS power UPS working principle and classification UPS working principle is to use the...

How the Magnetic contact sensor works

How the Magnetic contact sensor works? Magnetic contacts are the most common sensing devices for sensing opening and closing of doors and windows. The...

Active infrared and passive infrared alarm features, differences and application

Active infrared and passive infrared alarm features, differences and application Works for the infrared emission of infrared emission tube infrared...

Security in the GSM system

Security in the GSM system As a result of recent mainstream controversy involving David Beckham’s alleged text messages, some articles have been publ...

Emergency resettable alarm button

Emergency resettable alarm button       Emergency resettable alarm button,it can be installed in the fire hydrant box as...

How to install the access control system?

     How to install the access control system? There are a number of responsibilities which come with the owning and operating of a business. Wit...

How to buy a home burglar alarm products

[Abstract] home burglar alarm product is the use of various types of peripheralfunctions detectors, space, environment and people's overall housing te...

SMQT's Access Control Products Passed ISO Certification

SMQT's Access Control Products Passed ISO Certification On March 27th, 2018, SMQT passed the strict inspection, test and evaluation of the company...

How to choose Standalone control Keypad

  Quality and performance advantages anddisadvantages of Standalone Access control keypaddirectly affects the stability of the accesscontrol system,...
Contact Us
Address:Room 211, 2nd Floor, Zhongzhi NEXone,  Qingquan Road and, Longhua District, Shenzhen, China
Postal Code: 518109
Phone: 86-755-82838361 / 62/63
Email: sales@eiseis.com
Contact Now

Security in the GSM system

Security in the GSM system

Helen Li SMQT 2016-06-06 14:33:51
Security in the GSM system

As a result of recent mainstream controversy involving David Beckham’s alleged text messages, some articles have been published criticizing GSM’s security, even though it is highly unlikely in this case that any messages were in fact intercepted over the radio link (if at all).   As a result of some of these articles, I have decided to publish a technical article dealing with only the facts of how security measures are implemented in the GSM system, the world’s most commonly used mobile telephony system. There is also a section  summarizing the known flaws in these measures, and what has been done in subsequent revisions of the standard (i.e. by 3GPP) to resolve them.   

Security features offered by GSM    

GSM specification 02.09 identifies three areas of security that are addressed by GSM.   - Authentication of a user – this deals with the ability for a mobile phone to prove  that it has access to a particular account with the operator  - Data and signaling confidentiality – this requires that all signaling and user data (such as text messages and speech) are protected against interception by means of ciphering  - Confidentiality of a user – this deals with the fact that when the network needs to address a particular subscriber, or during the authentication process, the unique IMSI (international mobile subscriber identity) should not be disclosed in  plaintext (unciphered). This means someone intercepting communications should not be able to learn if a particular mobile user is in the area.   These 3 areas are covered in detail below.


Authentication is needed in a cellular system to prohibit an unauthorized user from logging into the network claiming to be a mobile subscriber. If this were possible, it would be easily possible to “hijack” someone’s account and impersonate that person (or  simply making that person pay for the services). In fact, this was possible in some earlier cellular systems.   In order to solve this problem, some sort of challenge needs to be issued by the network which the mobile phone (MS) must respond to correctly.   

The SIM card    

Many users of GSM will be familiar with the SIM (Subscriber Identity Module) – the small smartcard which is inserted into a GSM phone. On its own, the phone has no association with any particular network. The appropriate account with a network is selected by inserting the SIM into the phone.   Therefore the SIM card contains all of the details necessary to obtain access to a particular account. These details come down to just 2 items of information.   - The IMSI – International Mobile Subscriber Identity – a unique number for every subscriber in the world. It includes information about the home network of the subscriber and the country of issue. This information can be read from the SIM provided there is local access to the SIM (normally protected by a simple PIN code). The IMSI is a sequence of up to 15 decimal digits, the first 5 or 6 of which specify the network and country (i.e. 50501 for Telstra, Australia)  - The Ki – the root encryption key. This is a randomly generated 128-bit number allocated to a particular subscriber that seeds the generation of all keys and challenges used in the GSM system. The Ki is highly protected, and is only known in the SIM and the network’s AuC (Authentication Centre). The phone itself never learns of the Ki, and simply feeds the SIM the information it needs to know to perform the authentication or generate ciphering keys. Authentication and key generation is performed in the SIM, which is possible because the SIM is an intelligent device with a microprocessor. 

Additional local security in the SIM    

The SIM itself is protected by an optional PIN, much like an ATM PIN protects your ATM card. The PIN is entered on the phone’s keypad, and passed to the SIM for  verification. If the code does not match with the PIN stored by the SIM, the SIM informs the user (via the phone) that code was invalid, and refuses to perform authentication functions until the correct PIN is entered.   To further enhance security, the SIM normally “locks out” the PIN after a number of invalid attempts (normally 3). After this, a PUK (PIN UnlocK) code is required to be entered, which must be obtained from the operator. If the PUK is entered incorrectly a number of times (normally 10), the SIM refuses local access to privileged information (and authentication functions) permanently, rendering the SIM useless.   The A3 algorithm and authentication procedure     

Now that we have established that there is a ‘secret’ Ki known only in the SIM and the network, the authentication procedure simply has to involve the SIM (via the phone) proving knowledge of the Ki. Of course, we could simply submit the Ki to the network for comparison when the network asks for it, but this is highly insecure, since the Ki could be intercepted.   Instead, the network generates a 128-bit random number, known as the RAND, which it then uses the A3 algorithm (see figure) to mathematically generate an authentication token known as the SRES. It then sends the RAND to the phone for the phone to do the same. The SIM generates the 32-bit SRES, which is returned to the network for  comparison. If the received SRES matches the network’s generated SRES, then the Ki’s  Kc (64-bit)  Ki (128-bit) must be the same (to a high mathematical probability), and the phone has proved knowledge of the Ki and is thus authenticated.   

The RAND must obviously be different every time. Otherwise, if it were the same, an attacker could impersonate the user by sending the same SRES.