International Journal of Security and Its Applications Vol. 10, No. 6 (2016) pp.229-240 http://dx.doi.org/10.14257/ijsia.2016.10.6.22 ISSN: 1738-9976 IJSIA Copyright ⓒ 2016 SERSC EEE-GSM: End-to-End Encryption Scheme over GSM System Mohammed Ramadan 1, 2 , Guohong Du 2 , Fagen Li 1 and Chun Xiang Xu 1 1 School of Computer Science and Engineering, University of Electronic Science and Technology of China, Gaoxin West Zone, Chengdu 611731, P.R.China 2 School of Electronic Engineering, Chengdu University of Information Technology, Xuefu Road, Chengdu 610225, P.R.China nopatia@gmail.com Abstract GSM system is widely used by hundreds of millions of people. In fact there is no encryption scheme provides the reasonable security level (user-to-user encryption), it’s just provide the Air-interface encryption i.e. between the mobile station and the base station. Furthermore, there are other wireless links are vulnerable to attacks. It is therefore of great importance to provide reasonable security techniques to ensure the privacy of the mobile users especially circuit switching-based services, as well as prevent unauthorized use of the service. In this paper, a new approach is proposed to provide end-to-end encryption for the GSM system (EEE-GSM). This is achieved by using CL-PKC with some modifications and follow some assumptions in GSM system architecture in order to make the scheme compliant to the GSM cellular system. However, the proposed scheme not only efficient due to end-to-end security, but can also provide a secure system against IMSI catcher, man-in-the-middle, and replay attacks. Keywords: End-to-end security, GSM Security, GSM Encryption, Certificateless Public Key Cryptography 1. Introduction The name GSM first came from a group called (Group Special Mobile), and then became the short term for (Global System for Mobile communication) which was formed in 1982 for European countries. Security has become a crucial topic in current mobile and wireless networks, and the security procedures for such networks elevates as well as the techniques used to attack the wirless networks. Wireless communication security is therefore the measures or techniques used to protect the wirless communication between certain entities [1]. GSM system needs more security to protect the entities from any third party attacks, such as revealing a particular identity, data modification, data-hijacking, eavesdropping, and impersonation, and hence protection mechanisms are used. Devoted technologies for securing data and communication are mandatory in wireless networks, and they vary according to the category of wireless technology deployed. In mobile networks, security handles a diversity of issues, from user authentication, to data integrity and encryption [2]. Among the digital communication systems, the security process is very easy to be realized for GSM. In GSM systems, the security processes consists of four parts: authentication, encryption, TMSI reallocation, and equipment identification. However, there are some possible vulnerability issues which are a concern among many researchers. Most of them are the weakness in the basic algorithms used for authentication such as COMP128, and the algorithms used for encryption such as A5/1, A5/2. In the past, these algorithms were considered to be secure, but nowadays the advancement of technology has made these algorithms vulnerable to attacks. Recently, countermeasure against these vulnerabilities has been considered and under implementation. A5/3 and MILENAGE