As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.
|Title of host publication||Security and Trust Management|
|Subtitle of host publication||12th International Workshop, STM 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings|
|Editors||Gilles Barthe, Evangelos Markatos, Pierangela Samarati|
|Number of pages||15|
|Publication status||Published - 17 Sept 2016|
|Name||Lecture Notes in Computer Science|