Enhanced privacy and authentication for the global system for mobile communications

The Global System for Mobile Communications (GSM) is widely recognized as the modern digital mobile network architecture. Increasing market demands point toward the relevancy of security‐related issues in communications. The security requirements of mobile communications for the mobile users include: (1) the authentication of the mobile user and Visitor Location Register/Home Location Register; (2) the data confidentiality between mobile station and Visitor Location Register, and the data confidentiality between Visitor Location Register and Visitor Location Register/Home Location Register (VLR/HLR); (3) the location privacy of mobile user. However, GSM does not provide enough security functions to meet these requirements. We propose three improved methods to enhance the security, to reduce the storage space, to eliminate the sensitive information stored in VLR, and consequently to improve the performance of the system. Proposed methods include an improved authentication protocol for the mobile station, a data confidentiality protocol, and a location privacy protocol. The merit of the proposed methods is to improve but not to alter the existing architecture of the system. Furthermore, this study also performs computational and capacity analyses to evaluate the original GSM system and proposed approaches on a comparative basis.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[3]  Thomas Haug,et al.  The GSM System for Mobile Communications , 1992 .

[4]  Tzonelih Hwang Scheme for Secure Digital Mobile Communications Based on Symmetric Key Cryptography , 1993, Inf. Process. Lett..

[5]  M. Rahnema,et al.  Overview of the GSM system and protocol architecture , 1993, IEEE Communications Magazine.

[6]  Yacov Yacobi,et al.  Privacy and Authentication on a Portable Communications System , 1993, IEEE J. Sel. Areas Commun..

[7]  G. Tsudik,et al.  Authentication of mobile users , 1994, IEEE Network.

[8]  Vaduvur Bharghavan Secure wireless LANs , 1994, CCS '94.

[9]  Ashar Aziz,et al.  Privacy and authentication for wireless local area networks , 1994, IEEE Personal Communications.

[10]  Ulf Carlsen Optimal privacy and authentication on a portable communications system , 1994, OPSR.

[11]  Joseph E. Wilkes,et al.  Privacy and authentication needs of PCS , 1995, IEEE Wirel. Commun..

[12]  Wei-Pang Yang,et al.  Conference Key Distribution Schemes for Secure Digital Mobile Communications , 1995, IEEE J. Sel. Areas Commun..

[13]  Wei-Pang Yang,et al.  Clone terminator: an authentication service for advanced mobile phone system , 1995, 1995 IEEE 45th Vehicular Technology Conference. Countdown to the Wireless Twenty-First Century.

[14]  Dan Brown,et al.  Techniques for privacy and authentication in personal communication systems , 1995, IEEE Wirel. Commun..

[15]  Hugo Krawczyk,et al.  Security issues in a CDPD wireless network , 1995, IEEE Wirel. Commun..

[16]  Shiuh-Pyng Shieh,et al.  Secure Communication in Global Systems for Mobile Telecommunications , 1995 .

[17]  I. Nurkic Difficulties in Achieving Security in Mobile Comminocations , 1996, IFIP World Conference on Mobile Communications.

[18]  Wei-Pang Yang,et al.  Phone Card Application and Authentication in Wireless Communications , 1996, IFIP World Conference on Mobile Communications.

[19]  Min-Shiang Hwang,et al.  Authenticated key-exchange in a mobile radio network , 1997, Eur. Trans. Telecommun..

[20]  Yi-Bing Lin,et al.  Introduction to mobile network management , 1997 .