3.9 UMTS Security
Like GSM, UMTS has strong security measures to prevent unauthorized use and eavesdropping on user data traffic and conversations. UMTS also includes enhancements to overcome a number of weaknesses that have been found, over the years, in the way GSM protects networks and users. The following are the main weaknesses:
- The GSM circuit-switched part does not protect the link between the base station and the BSC. In many cases microwave links are used, which are vulnerable to third party monitoring.
- GSM allows man-in-the-middle attacks with equipment that masquerades as a GSM base station.
- The CK length used in GSM is 64 bits. Although secure when GSM was first developed in the early 1990s, the length is considered insufficient today.
- A number of weaknesses with the A5/1 stream cipher have been detected, as described in Chapter 1, which allow decryption of a voice conversation with the appropriate equipment.
UMTS addresses these weaknesses in a number of ways. Like in GSM, a one-pass authentication and key agreement (AKA) procedure is used with immediate activation of ciphering after successful authentication. The general principle is described in Chapter 1. When a mobile device attaches to the network after power-up, it tries to register with the network by initiating location and routing area update procedures. At the beginning of the message exchange the mobile device transmits its identity (IMSI or TMSI and PTMSI), which it retrieved from the SIM. If the subscriber ...
Get From GSM to LTE: An Introduction to Mobile Networks and Mobile Broadband now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
