International Journal of Computer Applications (0975 – 8887) Volume 177 – No. 29, January 2020 36 Security in GSM Networks Masum Bakaul Department of CSE Britannia University, Cumilla, Bangladesh Md. Ashikul Islam Department of CSE Britannia University, Cumilla, Bangladesh H. M. Abdul Ahad Department of CSE Britannia University, Cumilla, Bangladesh Shayma Rahman Department of CSE Britannia University Cumilla, Bangladesh ABSTRACT Wireless medium is open to all. Hence it is always acceptable to threats and attacks. GSM being a wireless network is always prone to the unauthorized access to the network and entrustment to the privacy and confidentiality of the users. Therefore, the GSM provides security measures to ensure the privacy and confidentiality of the users to ensure that only registered and authorized users get the access to the network. This paper briefly presents the security measures of GSM technology. The study is enriched with a general overview of GSM protection and the algorithms that are mainly used in A3, A5 and A8. Author’s also discussed the authentication and encryption methods provided by GSM. A3 for MS authentication algorithm. A5 for powerful over wind voice privacy algorithms. A8 for voice privacy key generation algorithm. Keywords GSM Security, Algorithm, Anonymity, Authentication, Encryption 1. INTRODUCTION The most secure system available today for cellular telecommunications. GSM ensures user’s security by protecting the GSM subscribers call privacy and anonymity. In order to protect user’s privacy a temporary identification number is given to the subscriber’s number. Temporary identification numbers are assigned to the subscriber's number to maintain the privacy of the user. GSM uses narrowband and TDMA for giving voice and context base administration over cell phones. The 1st GSM network was deployed in Finland in Dec 1993. At the starting of 2007, the worldwide number of mobile users reached to 2.83 billion people where 2.28 billion users out of them (i.e. 80.5%) were using the GSM [4]. GSM 900 / GSM1800 MHz are mostly used in country like Europe, Australia, Asia, Middle East and Africa whereas the GSM 850 / GSM 1900 MHz are used in the United States, Canada, Mexico and most countries of South America. GSM uses wireless medium, encrypted communication between user phone and the cellular telephone base station. User’s voice is decrypted at base station and sent over the telephone network. A suitably motivated attacker can crack A5 algorithm which is known as encryption algorithm in GSM. GSM system provides security controls [2]. Since GSM is a wireless medium always acceptable to attacks. GSM offers different security services using confidential information stored in the SIM and AUC [2]. To provide GSM securities at first ensure two sided security such as one in subscriber side and other in operator side. At the subscriber side, the security measures need to be promising and precise. Its aim at maintaining privacy and anonymity and mechanism’s for strong access control so that only authorized users should be able to access the network. At operator side, it follows mechanisms to avoid fraud and service protection from threats and attacks. GSM security controls achieved using the four primary security mechanisms which provides strict security measures to ensure the privacy and confidentiality of the users as well as to ensure that only authorized and registered users are capable to access the network. Goals of the security features of GSM is security namely access control, anonymity authentication and encryption mechanism offered by GSM via A3, A5, A8 algorithm [3]. Strong algorithm and encryption techniques were introduced in GSM for protecting user’s security. 2. LITERATURE REVIEW In 2003, J. H. Schiller published the book “Mobile communications”; where author described the fundamental concepts of GSM security used to protect all mobile systems during data transmission [3]. M. Toorani and A. Beheshti researched on Solutions to the GSM Security Weaknesses and published The Second International Conference on Next Generation Mobile Applications, Services and Technologies in September 2008[4]. In 2001, Suraj Srinivas published the paper “The GSM Standard (An overview of its security)” from the SANS Institute Information Security Reading Room site [6]. In 2005, Thomas Stockinger focused on basic mechanisms of the GSM network to protect security and privacy based on A5 stream cipher with a short introduction of the A8 cipher and the similar A3 cipher [1]. Yong LI, Yin CHEN and Tie-Jun MA., reviews the existing limitation and problems with GSM security; also describe some possible improvements for the next GSM network [5]. In 2004, Jeremy Quirke published the updated edition of the paper “Security in the GSM system” where authors explore the security features offered by GSM [7]. Chengyuan Peng published “GSM and GPRS Security” in Tik- 110.501 Seminar on Network Security where author gives an overview of the security features provided in a GSM PLMN and GPRS network and also discusses the SIM module, which plays an important role in GSM security [2]. Ihtesham ul Haq, Zia Ur Rahman, Shahid Ali and Muhammad Faisal published “GSM Technology: Architecture, Security and Future Challenges” on International Journal of Science Engineering and Advance Technology where author’s reviews the whole GSM system and its security [8]. Giuseppe Cattane, Giancarlo De Maio and Umberto Ferraro Petrillo researched on Security Issues and Attacks on the GSM Standard: a Review1 and published Journal of Universal Computer Science in October 2013[9]. In 2011, Christian Kröger published the paper “GSM security” where author gives an overview of GSM security and the practicality of an attack on the A5/1 algorithm used for encrypting 2G GSM communication [10]. In November 2012, Opu Narcisse published the paper “Security in the Global System for Mobile Communications (GSM)” where author reviews the security features and architecture of GSM [11]. In 2000, Juha Mynttinen published “'End-to-end security of mobile data in GSM” in Tik-110.501 Seminar on Network Security where author discusses Security requirements for end-to-end security of mobile data in GSM [12].