Securing USIM-based Mobile Communications from Interoperation of SIMbased Communications

Abstract

Mobile networks security is constantly evolving and adapting to meet the needs of users and network operators. It is a requirement that there be interoperation of legacy security frameworks into modern mobile networks. Mobile networks originally had no real security which proved to be a deployment that was attacked constantly and the providers were defrauded of millions of dollars. To address the issues the SIM authentication protocols were developed to secure the resources of the network providers. The original SIM security framework developed in GSM networks had weaknesses brought about by the one way authentication protocol as well as weaknesses in the algorithms used to secure the communication. The evolution of authentication in mobile networks to address the problems in the SIM framework brought about the creation of the USIM protocols used in UMTS, LTE and WiMAX to secure the network from the SIM framework security issues. The integration of those two SIM and USIM frameworks brought forward the major weaknesses first found in the SIM framework. This paper proposes simple and effective solutions to reduce the possible attacks on the USIM protocols due to the above integration. First we propose a subtle modification to the SIM based GSM security protocols as a stand-alone solution, and then a modification to the USIM based UMTS security protocols is proposed as a second solution. Wireless communication allows for easy connectivity of devices without the expensive requirements of laying a physical network. One of the main difficulties in deploying wireless networks is the ability to secure information and resources on a medium that by its very nature broadcasts all information. A key aspect of securing wireless communication is the authentication protocol used to allow access to the network. The two major types of wireless networks are the stationary networks generally defined by the IEEE 802.11 standards and the mobile networks defined as 2G, 3G and 4G networks. As security requirements have changed the protocols for authentication have adapted with those changes. Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. The traditional method of authentication in computing is the challenge-response mechanism. There is a shared secret between the two parties that is used in an algorithm so that one party poses a question as a challenge and the other party must reply with a correct answer as a response. Both of these network types have faced significant security problems that have needed to be addressed with stronger protocols and more secure cryptographic algorithms. When creating the new more powerful algorithms and protocols the older hardware cannot implement them due to the more strenuous requirements. The demands on mobile communication and networks have been constantly increasing. Originally the need was simply to have a phone system that could meet most of the requirements of the standard plain old telephone service (POTS) in most homes. The original first generation (1G) systems, such as the advanced mobile phone system (AMPS), were analog cellular networks which met this need without considering the inherent issues that arise due to using a wireless medium as opposed to a wired one. Security was a major issue that was not properly addressed when developing the 1G systems and therefore the phones were susceptible to cloning. This was due to the phones broadcasting their identities without encryption or integrity when phone calls are placed. Attackers could then take this information and apply it to their own phone to then use it to connect to the provider network allowing them to call anywhere without having a legitimate account with the provider. The cloning defrauded many providers of large amounts of money while inappropriately making unauthorized use of their resources. There are many benefits and International Journal for Information Security Research (IJISR), Volume 3, Issue 3, September 2013 Copyright © 2013, Infonomics Society 313