Security in mobile phone systems

In this paper, we discuss security issues associated with mobile telephone networks and focus on the unique issues that appear due to the mobility of the user. We provide an overview of how some of these issues are addressed in the second-generation mobile network GSM and consider some of the possible shortcomings of that network. We then compare security features in GSM with those implemented in UMTS, a third-generation mobile telephone network, whose security measures aimed to build on the success of GSM and provide protection against actual and perceived vulnerabilities of GSM, as well as against new attacks that have appeared in more recent years. Introduction and history When the so-called first generation of mobile telephone systems became popular starting in the mid 1980’s, mobile fraud and abuse followed very shortly after. The most common abuses of the early mobile systems included eavesdropping on the analogue radio signal, thus listening to other people’s calls, as well as cloning, an example of identity theft where the attacker reprogrammed the identity of a mobile phone so that the calls made on it were charged to another customer. It was mainly with an eye on these flaws that research began into creating a mobile network that provided a certain level of security. The second generation mobile network GSM (Global System for Mobile communications) was designed and released in the early 1990’s and was the first widely used mobile system to provide security features ensuring some levels of authentication, confidentiality, and anonymity. GMS proved to be very successful and has become widespread throughout the world in the 1990’s. Over the course of that decade, work began on the third generation of mobile phone systems, the best known of which is the Universal Mobile Telecommunications System, or UMTS. The first UMTS specifications were released in 1999, and showed that UMTS security built on the success of GSM and provided new security features to protect against new types of attack or to address certain weaknesses of GSM, specifically its lack of protection against so-called ”false base station attacks”, where an attacked pretends to be a GSM network. In this paper, we will talk about various security features implemented in GSM and then compare them with the new and improved security provided by UMTS.