How does it communicate to the network in a secure manner? What kind of encryption it uses? What happens when you turn on your cell phone? The phone receives a list of frequencies supported on the neighbouring cells either by the SIM or from the network. It camps on a cell depending upon the power level and the mobile provider. After that, It performs a location update process to the network where the authentication happens.
The below screenshots are from the osmocom mobile application which simulates a mobile phone working on a PC. Objective We would capture gsm data in wireshark through osmocom-bb and analyse how the entire process of gsm authentication and encryption happens. We will also see how the location update process happens. We have already talked in detail about osmocom-bb and call setup process in our last blog.
We would be skipping that part in this blogpost. Just for the sake of completeness. It is one of seven algorithms which were specified for GSM use. It was initially kept secret, but became public knowledge through leaks and reverse engineering.
A number of serious weaknesses in the cipher have been identified. It is one of seven A5 ciphering algorithms which have been defined for GSM use. There are some others also but the above mentioned are used in majority. How gsm authentication and encryption happens? It is capable of storing personal phone numbers and short messages. It also stores security related information such as the A3 authentication algorithm, the A8 ciphering key generating algorithm, the authentication key KI and IMSI.
The mobile station stores the A5 ciphering algorithm. The network authenticates the subscriber through the use of a challenge-response method. First, a bit random number RAND is transmitted to the mobile station over the air interface. The output of the A3 algorithm, the signed response SRES is transmitted via the air interface from the mobile station back to the network.
If the two values of SRES match, authentication is successful and the subscriber joins the network. The IMSI is rarely transmitted after this point unless it is absolutely necessary. The user continues to use the same TMSI, depending on the how often, location updates occur. Every time a location update occurs, the network assigns a new TMSI to the mobile phone. The mobile station uses the TMSI to report to the network or during call initiation.
Similarly, the network uses the TMSI, to communicate with the mobile station. Encryption and decryption of data GSM makes use of a ciphering key to protect both user data and signaling on the vulnerable air interface. The A8 algorithm is stored on the SIM card. The KC created by the A8 algorithm, is then used with the A5 ciphering algorithm to encipher or decipher the data.
The A5 algorithm is implemented in the hardware of the mobile phone, as it has to encrypt and decrypt data on the fly. The Ki is the individual subscriber authentication key. If it matches, it successfully authorizes the MS.
Location update process 1. When you turn on your cellphone, it first tells the network that yes I am here and I want to register to the network. Note that the IMSI could have been obtained from the mobile. If both matches then the location update is successful.
Since the TMSI assignment is being sent after ciphering is enabled, the relationship between TMSI and the subscriber cannot be obtained by unauthorized users. We can clearly see the random value that the network sent to the mobile. We can clearly see the SRES value here. Ciphering has already been enabled, so this message is transmitted with ciphering.
We can also see the Ciphering mode complete packet below. Radio channel release — The allocated radio channel is released by the MS. Sometimes, there are issues in the configuration of the authentication process which can be used by an attacker to bypass the complete authentication. GSM Security is a huge unexplored field where a lot has still to be explored and done. Now, when you know how to analyze the gsm data upto the lowest level, you can read, analyze and modify the code of osmocom in order to send arbitrary frames to the network or from the network to the phone.
You can start fuzzing gsm level protocols in order to find out if you can actually crash any network device. There is a lot to do but that would require a very deep understanding of the gsm networks and also about the legal aspects around this. I would suggest you to create your own gsm network and run your tests on that if you want to go ahead with this.
We will be posting more blog posts on gsm.