A “Best Current Practice” for 3GPP-based cellular system security

This paper is an attempt at formulating a Best Current Practice (BCP) for access security and a baseline for core network security in the 3GPP-based systems. This encompasses the 2G circuit-switched GSM system, the 2.5G packet-switched GPRS system, the 3G UMTS system and the 4G LTE/LTE-A system. The 3GPP have defined several security standards, but many measures are optional and there are several areas deliberately not covered by the 3GPP standards. The present document is therefore an attempt at pointing out the best available options and providing advice on how to achieve an overall system hardening, which is badly needed as the cellular systems have undoubtedly become one of the most critical of all critical infrastructures in our modern society.

[1]  Maria Kalenderi,et al.  Breaking the GSM A5/1 cryptography algorithm with rainbow tables and high-end FPGAS , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[2]  Karsten Nohl Attacking phone privacy , 2010 .

[3]  Nicolas Williams,et al.  A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism , 2016, RFC.

[4]  Jean-Pierre Seifert,et al.  Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks , 2013, USENIX Security Symposium.

[5]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.

[6]  Sonal Mohite A Survey on mobile malware: War without end , 2014 .

[7]  Georges Gardarin,et al.  Network Architecture , 2011, Encyclopedia of Parallel Computing.

[8]  G.M. Koien,et al.  An introduction to access security in UMTS , 2004, IEEE Wireless Communications.

[9]  Yajin Zhou,et al.  A Survey of Android Malware , 2013 .

[10]  Geir M. Kien Entity Authentication and Personal Privacy in Future Cellular Systems , 2009 .

[11]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[12]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[13]  Dionisios N. Pnevmatikatos,et al.  Fast, FPGA-based Rainbow Table creation for attacking encrypted mobile communications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.