1 research outputs found
Retrofitting Mutual Authentication to GSM Using RAND Hijacking
As has been widely discussed, the GSM mobile telephony system only offers
unilateral authentication of the mobile phone to the network; this limitation
permits a range of attacks. While adding support for mutual authentication
would be highly beneficial, changing the way GSM serving networks operate is
not practical. This paper proposes a novel modification to the relationship
between a Subscriber Identity Module (SIM) and its home network which allows
mutual authentication without changing any of the existing mobile
infrastructure, including the phones; the only necessary changes are to the
authentication centres and the SIMs. This enhancement, which could be deployed
piecemeal in a completely transparent way, not only addresses a number of
serious vulnerabilities in GSM but is also the first proposal for enhancing GSM
authentication that possesses such transparency properties.Comment: 17 pages, 2 figure