The Global System for Mobile Communication (GSM) is a popular mobile communication standard. GSM networks collect personal communication information required for the billing of its subscribers. These communication records, known as Call Data Records (CDRs), may infringe on basic subscriber privacy principles as personal details of performed network events are managed and stored by the serving GSM operator. The dilemma exists, how to achieve subscriber network operator privacy that is accountable, while retaining access to subscriber activities for a forensic investigation without the need for a search warrant. To balance the requirements of protection and forensics against those for privacy, one promising direction is to investigate methods that facilitate key escrow techniques where CDRs are concerned. This paper discusses, from a technical perspective, the network components involved when conducting a mobile forensic analysis, and how these aspects are influenced by a forensic investigation in a GSM network. It finally shows how a balance is reached between security, privacy and forensics in a GSM network through the release of, by our definition, “privacy accurate” CDR information in a sequential manner. Access to the individual elements that comprise the private CDR information, is based on prior knowledge and proof of defined hypotheses at the outset of the investigation. Our approach focuses on an accountable CDR Forensic Anonymity Model combined with the theory of compatible keys, forms an integral part of our requirement for the release of privacy accurate CDR information during a GSM mobile forensic investigation.
[1]
M. Rahnema,et al.
Overview of the GSM system and protocol architecture
,
1993,
IEEE Communications Magazine.
[2]
Yvo Desmedt,et al.
Security or Privacy , Must We Choose ?
,
2001
.
[3]
Yun Wang,et al.
Foundations of computer forensics: A technology for the fight against computer crime
,
2005,
Comput. Law Secur. Rev..
[4]
Hank Wolfe.
Evidence analysis
,
2003,
Comput. Secur..
[5]
A. J. Goode.
Forensic extraction of electronic evidence from GSM mobile phones
,
2003
.
[6]
Svein Yngvar Willassen.
Forensics and the GSM Mobile Telephone System
,
2003,
Int. J. Digit. EVid..
[7]
Eoghan Casey.
Error, Uncertainty and Loss in Digital Evidence
,
2002,
Int. J. Digit. EVid..
[8]
Adi Shamir,et al.
A method for obtaining digital signatures and public-key cryptosystems
,
1978,
CACM.
[9]
Richard P. Ayers,et al.
Guidelines on PDA Forensics
,
2004
.
[10]
Ronald L. Rivest,et al.
The MD5 Message-Digest Algorithm
,
1992,
RFC.