TY - GEN
T1 - Retrofitting Mutual Authentication to GSM Using RAND Hijacking
AU - Khan, Mohammed
AU - Mitchell, Christopher J
PY - 2016/9/17
Y1 - 2016/9/17
N2 - As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.
AB - As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.
UR - http://arxiv.org/abs/1607.00729
UR - http://www.chrismitchell.net/Papers/rmatgu2.pdf
U2 - 10.1007/978-3-319-46598-2_2
DO - 10.1007/978-3-319-46598-2_2
M3 - Conference contribution
SN - 978-3-319-46597-5
T3 - Lecture Notes in Computer Science
SP - 17
EP - 31
BT - Security and Trust Management
A2 - Barthe, Gilles
A2 - Markatos, Evangelos
A2 - Samarati, Pierangela
PB - Springer-Verlag
ER -