Retrofitting Mutual Authentication to GSM Using RAND Hijacking

  • Mohammed Shafiul Alam KhanEmail author
  • Chris J. Mitchell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)


As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.


GSM Mutual authentication SIM application toolkit RAND 



We thank Fabian van den Broek and the anonymous reviewers for their thoughtful feedback and suggestions which have improved the paper.


  1. 1.
    SIM Toolkit Accessed 31 May 2016
  2. 2.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_35 CrossRefGoogle Scholar
  3. 3.
    Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 129–148. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28641-4_8 Google Scholar
  4. 4.
    van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 340–351. ACM (2015)Google Scholar
  5. 5.
    Choudhury, H., Choudhury, B.R., Saikia, D.K.: Enhancing user identity privacy in LTE. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 949–957. IEEE (2012)Google Scholar
  6. 6.
    Dupré, M.: Process to control a Subscriber Identity Module (SIM) inmobile phone system. US Patent Office (February 2004), US Patent 6,690,930, 25 May 1999Google Scholar
  7. 7.
    Ericsson: Enhancements to GSM/UMTS AKA. 3GPP TSG SA WG3 Security, S3-030542, Povoa de Varzim, Portugal, 6–10 October 2003Google Scholar
  8. 8.
    Ericsson: On the introduction and use of UMTS AKA in GSM. 3GPP TSG SA WG3Security, S3-040534, Acapulco, Mexico, 6–9 July 2004Google Scholar
  9. 9.
    European Telecommunications Standards Institute (ETSI): ETSI TS 101 267V8.18.0 (2007-06): Technical Specification; Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit (SAT) for the Subscriber Identity Module–Mobile Equipment (SIM–ME)interface (3GPP TS 11.14 version 8.18.0 Release 1999)Google Scholar
  10. 10.
    European Telecommunications Standards Institute (ETSI): ETSI-GSM Technical Specification; European digital cellular telecommunication system (phase 1); Security-related network functions (GSM 03.20), February 1992Google Scholar
  11. 11.
    European Telecommunications Standards Institute (ETSI): GSM 11.14: TechnicalSpecification; Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber IdentityModule–Mobile Equipment (SIM–ME) interface, December 1996Google Scholar
  12. 12.
    European Telecommunications Standards Institute (ETSI): GSM TechnicalSpecification; Digital cellular telecommunication system (phase 2+); Mobile radio interface layer 3 specification (GSM 04.08), July 1996Google Scholar
  13. 13.
    European Telecommunications Standards Institute (ETSI): GSM TechnicalSpecification; Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module–Mobile Equipment (SIM–ME)interface; (GSM 11.11), July 1996Google Scholar
  14. 14.
    European Telecommunications Standards Institute (ETSI): ETSI TS 102 223 Version11.1.0; Smart Cards; Card Application Toolkit (CAT) (2012)Google Scholar
  15. 15.
    International Organization for Standardization, Genève, Switzerland:ISO/IEC 9798–4: 1999, Information technology — Security techniques— Entity authentication — Part 4: Mechanisms using a cryptographiccheck function 2nd (edn.) (1999)Google Scholar
  16. 16.
    International Organization for Standardization: ISO/IEC 7816–3; Identificationcards—Integrated circuit cards; Part 3: Cards with contacts—Electricalinterface and transmission protocols, November 2006Google Scholar
  17. 17.
    International Organization for Standardization, Genève, Switzerland:ISO/IEC 9798–4: 1999/Cor 1:2009, Technical Corrigendum 1 (2009)Google Scholar
  18. 18.
    Khan, M.S.A., Mitchell, C.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-27152-1_9 CrossRefGoogle Scholar
  19. 19.
    Kumar, K.P., Shailaja, G., Kavitha, A., Saxena, A.: Mutual authentication and key agreement for GSM. In: 2006 International Conference on Mobile Business (ICMB 2006), Copenhagen, Denmark, 26–27 June 2006, p. 25. IEEE ComputerSociety (2006)Google Scholar
  20. 20.
    Mitchell, C.J.: Making serial number based authentication robust against loss of state. ACM Operating Syst. Rev. 34(3), 56–59 (2000)CrossRefGoogle Scholar
  21. 21.
    Mitchell, C.J.: The security of the GSM air interface protocol. Technical report RHUL-MA-2001-3, Mathematics Department, Royal Holloway, University of London, Egham, Surrey TW20 0EX, UK, August 2001.
  22. 22.
    Pagliusi, P.S.: A contemporary foreword on GSM security. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 129–144. Springer, Heidelberg (2002). doi: 10.1007/3-540-45831-X_10 CrossRefGoogle Scholar
  23. 23.
    Vodafone: Cipher key separation for A/Gb security enhancements. 3GPP TSG SAWG3 Security, S3-030463, San Francisco, USA, 15–18 July 2003Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Mohammed Shafiul Alam Khan
    • 1
    Email author
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEgham, SurreyUK

Personalised recommendations