User:Sarthakagrawal1997/sandbox

Security has become an issue of utmost importance due to the unprecedented growth of users in the mobile industry. It is well known that GSM (Global System for Mobile Communications) is a widely used cellular standard across the globe. Hence it suffers from several security vulnerabilities. These flaws have been identified previously and a lot of work has gone into securing GSM. The most important algorithms used for security purposes are A3, A5 and A8 algorithms. It is mainly used for authentication, encryption and generation of cipher key respectively. A subscriber needs to be authenticated before he/she can use any service provided by the GSM network. This process is based on the SIM (Subscriber Identity Module), which keeps the authentication key Ki, the user identification IMSI (International Mobile Subscriber Identity), and the algorithm, in this case A3. Mobile Communications has proved to be of great importance as it is that facility through which people can communicate with each other in-spite of geographical constraints. GSM signifies a successful technology and bearer for mobile communication system for second generation cellular technology. It is the most trusted and successful digital mobile telecommunication system in the world as it spans over 71% of the digital wireless market, offering digitised voice. The ubiquitous infrastructure, while dramatically increasing the functionality levels, has posed significant security concerns on cellular mobile networks. The openness of the mobile communication is responsible for several security threats and leak of sensitive information. The base level protection for such security breaches would be cryptography. But anybody who manages to get access to the radio receiver would be able to access GSM signal or dat. Hence with the advancements in cryptographic attacks, a more meaningful solution is required which will cease such loopholes. Security in GSM starts with authentication of a valid user for the SIM. SIM is responsible for storing all user- specific data, relevant to GSM. Genarally a PIN (Personal Identification Number) is required to access the SIM. Then comes the subscriber authentication. It is based upon the challenge response scheme. Finally there’s encryption and cipher key generation. A3 mainly deal with authentication, the process to ensure whether the person is who he really claims to be. Authentication involves two functional entities: the SIM card and the Authentication Centre (AuC). The A3 algorithm is present on the SIM and in the AuC and may also be proprietary. The algorithm isn’t the strongest and is also vulnerable to danger. To overcome such issues, at times, the encryption is incorporated in this phase itself. The generated signed response (SRES) as the result of the A3 algorithm is encrypted on the SIM or the mobile station (MS) and it is decrypted at the mobile services switching centre (MSC). Then, if the SRES generated at the MSC is same as the SRES generated at the mobile station and encrypted by the MSC, the user is authenticated. A general procedure for the working of A3 in the authentication phase is by challenge-response mechanism. The mobile station (MS) first signs into the network. A random number RAND is generated by access control (AC). The SIM responds with the SRES (Signed Response) within the MS. The AuC is responsible for generating the RAND, the SRES, and the cipher key Kc. The obtained information is stored in the HLR (Home Location Register), from where the VLR (Visitor Location register) requests it for the information. The VLR then sends the RAND value to the SIM. On either sides, the network and the subscriber module, the same operation is performed. SRES of 32 bit is generated on both the sides. MS sends the SRES generated by the SIM to the VLR where both the SRES’s are compared. If they are the same then the user is positively authenticated otherwise rejected.