Malicious Actions Against the GPRS Technology Christos Xenakis xenakis@di.uoa.gr Computer Network Laboratory, Department of Informatics and Telecommunications University of Athens, 15784 Athens, Greece. tel: + 30 210 7275418, fax: + 30 210 7275601. Abstract This paper presents the malicious actions (attacks), which threaten the GPRS network, the GPRS mobile users, and the data that either reside at the network or are transferred through it. These attacks may be performed by malicious third parties, mobile users, network operators or network operator personnel, which exploit the security weaknesses of the GPRS security architecture. Moreover, the attackers take advantage of the lack of adequate security measures that should protect certain parts of the GPRS architecture. The possible attacks against GPRS targets the equipment of mobile users, the radio access network, the GPRS backbone network, and the interfaces that connect the latter to other GPRS networks or the public Internet. The results of these attacks might be the com- promise of end-users security, the users over billing, the disclosure or alteration of critical information, the services unavailability, the network breakdown, etc. The analyzed attacks and their consequences increase the risks associated with the usage of GPRS, and, thus, in- fluence its deployment that realizes the concept mobile Internet. In order to defeat certain attacks and enhance the level of security provided by GPRS, specific security measures are proposed. Keywords: GRPS, security architecture, security weaknesses, security attacks, security measures 1 Introduction The General Packet Radio Services (GPRS) [1] is a service that provides packet radio access for Global System for Mobile Communications (GSM) users. It enables the provision of a variety of packet-oriented multimedia applications and services to mobile users, realizing the concept mobile Internet. For the successful implementation of these applications and services over GPRS, security is considered as a vital factor. In order to meet security objectives, GPRS 1