Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Phreaking Cellular - Misc. :: gsmsec.txt

GSM Security and Encryption

                        GSM Security and Encryption

                 by David Margrave, George Mason University

1.0 Introduction

The motivations for security in cellular telecommunications systems are to
secure conversations and signaling data from interception as well as to
prevent cellular telephone fraud. With the older analog-based cellular
telephone systems such as the Advanced Mobile Phone System (AMPS) and the
Total Access Communication System (TACS), it is a relatively simple matter
for the radio hobbyist to intercept cellular telephone conversations with a
police scanner. A well-publicized case involved a potentially embarrassing
cellular telephone conversation with a member of the British royal family
being recorded and released to the media. Another security consideration
with cellular telecommunications systems involves identification
credentials such as the Electronic Serial Number (ESN), which are
transmitted "in the clear" in analog systems. With more complicated
equipment, it is possible to receive the ESN and use it to commit cellular
telephone fraud by "cloning" another cellular phone and placing calls with
it. Estimates for cellular fraud in the U.S. in 1993 are as high as $500
million. The procedure wherein the Mobile Station (MS) registers its
location with the system is also vulnerable to interception and permits the
subscriber’s location to be monitored even when a call is not in progress,
as evidenced by the recent highly-publicized police pursuit of a famous
U.S. athlete.

The security and authentication mechanisms incorporated in GSM make it the
most secure mobile communication standard currently available, particularly
in comparison to the analog systems described above. Part of the enhanced
security of GSM is due to the fact that it is a digital system utilizing a
speech coding algorithm, Gaussian Minimum Shift Keying (GMSK) digital
modulation, slow frequency hopping, and Time Division Multiple Access
(TDMA) time slot architecture. To intercept and reconstruct this signal
would require more highly specialized and expensive equipment than a police
scanner to perform the reception, synchronization, and decoding of the
signal. In addition, the authentication and encryption capabilities
discussed in this paper ensure the security of GSM cellular telephone
conversations and subscriber identification credentials against even the
determined eavesdropper.

2.0 Overview of GSM

GSM (group special mobile or general system for mobile communications) is
the Pan-European standard for digital cellular communications. The Group
Special Mobile was established in 1982 within the European Conference of
Post and Telecommunication Administrations (CEPT). A Further important step
in the history of GSM as a standard for a digital mobile cellular
communications was the signing of a GSM Memorandum of Understanding (MoU)
in 1987 in which 18 nations committed themselves to implement cellular
networks based on the GSM specifications. In 1991 the first GSM based
networks commenced operations. GSM provides enhanced features over older
analog-based systems, which are summarized below:

   * Total Mobility: The subscriber has the advantage of a Pan-European
     system allowing him to communicate from everywhere and to be called in
     any area served by a GSM cellular network using the same assigned
     telephone number, even outside his home location. The calling party
     does not need to be informed about the called person's location
     because the GSM networks are responsible for the location tasks. With
     his personal chipcard he can use a telephone in a rental car, for
     example, even outside his home location. This mobility feature is
     preferred by many business people who constantly need to be in touch
     with their headquarters.

   * High Capacity and Optimal Spectrum Allocation: The former analog-based
     cellular networks had to combat capacity problems, particularly in
     metropolitan areas. Through a more efficient utilization of the
     assigned frequency bandwidth and smaller cell sizes, the GSM System is
     capable of serving a greater number of subscribers. The optimal use of
     the available spectrum is achieved through the application Frequency
     Division Multiple Access (FDMA), Time Division Multiple Access (TDMA),
     efficient half-rate and full-rate speech coding, and the Gaussian
     Minimum Shift Keying (GMSK) modulation scheme.

   * Security: The security methods standardized for the GSM System make it
     the most secure cellular telecommunications standard currently
     available. Although the confidentiality of a call and anonymity of the
     GSM subscriber is only guaranteed on the radio channel, this is a
     major step in achieving end-to- end security. The subscriber’s
     anonymity is ensured through the use of temporary identification
     numbers. The confidentiality of the communication itself on the radio
     link is performed by the application of encryption algorithms and
     frequency hopping which could only be realized using digital systems
     and signaling.

   * Services: The list of services available to GSM subscribers typically
     includes the following: voice communication, facsimile, voice mail,
     short message transmission, data transmission and supplemental
     services such as call forwarding.

2.1 GSM Radio Channel

The GSM standard specifies the frequency bands of 890 to 915 MHz for the
uplink band, and 935 to 960 MHz for the downlink band, with each band
divided up into 200 kHz channels. Other features of the radio channel
interface include adaptive time alignment, GMSK modulation, discontinuous
transmission and reception, and slow frequency hopping. Adaptive time
alignment enables the MS to correct its transmit timeslot for propagation
delay. GMSK modulation provides the spectral efficiency and low out-of-band
interference required in the GSM system. Discontinuous transmission and
reception refers to the MS powering down during idle periods and serves the
dual purpose of reducing co-channel interference and extending the portable
unit's battery life. Slow frequency hopping is an additional feature of the
GSM radio channel interface which helps to counter the effects of Rayleigh
fading and co-channel interference.

2.2 TDMA Frame Structures, Channel Types, and Burst Types

The 200 kHz channels in each band are further subdivided into 577 ms
timeslots, with 8 timeslots comprising a TDMA frame of 4.6 ms. Either 26 or
51 TDMA frames are grouped into multiframes (120 or 235 ms), depending on
whether the channel is for traffic or control data. Either 51 or 26 of the
multiframes (again depending on the channel type) make up one superframe
(6.12 s). A hyperframe is composed of 2048 superframes, for a total
duration of 3 hours, 28 minutes, 53 seconds, and 760 ms. The TDMA frame
structure has an associated 22-bit sequence number which uniquely
identifies a TDMA frame within a given hyperframe. Figure 1 illustrates the
various TDMA frame structures.


                       Figure 1 TDMA Frame Structures

The various logical channels which are mapped onto the TDMA frame structure
may be grouped into traffic channels (TCHs) used to carry voice or user
data, and control channels (CCHs) used to carry signaling and
synchronization data. Control channels are further divided into broadcast
control channels, common control channels, and dedicated control channels.

Each timeslot within a TDMA frame contains modulated data referred to as a
"burst". There are five burst types (normal, frequency correction,
synchronization, dummy, and access bursts), with the normal burst being
discussed in detail here. The bit rate of the radio channel is 270.833
kbit/sec, which corresponds to a timeslot duration of 156.25 bits. The
normal burst is composed of a 3-bit start sequence, 116 bits of payload, a
26-bit training sequence used to help counter the effects of multipath
interference, a 3-bit stop sequence required by the channel coder, and a
guard period (8.25 bit durations) which is a "cushion" to allow for
different arrival times of bursts in adjacent timeslots from geographically
disperse MSs. Two bits from the 116-bit payload are used by the Fast
Associated Control Channel (FACCH) to signal that a given burst has been
borrowed, leaving a total of 114 bits of payload. Figure 2 illustrates the
structure of the normal burst.


                      Figure 2 Normal Burst Structure

2.3 Speech Coding, Channel Coding, and Interleaving

The speech coding algorithm used in GSM is based on a rectangular pulse
excited linear predictive coder with long-term prediction (RPE-LTP). The
speech coder produces samples at 20 ms intervals at a 13 kbps bit rate,
producing 260 bits per sample or frame. These 260 bits are divided into 182
class 1 and 78 class 2 bits based on a subjective evaluation of their
sensitivity to bit errors, with the class 1 bits being the most sensitive.
Channel coding involves the addition of parity check bits and half-rate
convolutional coding of the 260-bit output of the speech coder. The output
of the channel coder is a 456-bit frame, which is divided into eight 57-bit
components and interleaved over eight consecutive 114-bit TDMA frames. Each
TDMA frame correspondingly consists of two sets of 57 bits from two
separate 456-bit channel coder frames. The result of channel coding and
interleaving is to counter the effects of fading channel interference and
other sources of bit errors.

3.0 Overview of Cryptography

This section provides a brief overview of cryptography, with an emphasis on
the features that appear in the GSM system.

3.1 Symmetric Algorithms

Symmetric algorithms are algorithms in which the encryption and decryption
use the same key. For example, if the plaintext is denoted by the variable
P, the ciphertext by C, the encryption with key x by the function Ex( ),
and the decryption with key x by Dx( ), then the symmetric algorithms are
functionally described as follows:


For a good encryption algorithm, the security of the data rests with the
security of the key, which introduces the problem of key management for
symmetric algorithms. The most widely-known example of a symmetric
algorithm is the Data Encryption Standard (DES). Symmetric encryption
algorithms may be further divided into block ciphers and stream ciphers.

3.1.1 Block Ciphers

As the name suggests, block ciphers encrypt or decrypt data in blocks or
groups of bits. DES uses a 56-bit key and processes data in 64- bit blocks,
producing 64-bits of encrypted data for 64-bits of input, and vice-versa.
Block algorithms are further characterized by their mode of operation, such
as electronic code book (ECB), cipher block chaining (CBC) and cipher
feedback (CFB). CBC and CFB are examples of modes of operation where the
encryption of successive blocks is dependent on the output of one or more
previous encryptions. These modes are desirable because they break up the
one-to-one correspondence between ciphertext blocks and plaintext blocks
(as in ECB mode). Block ciphers may even be implemented as a component of a
stream cipher.

3.1.2 Stream Ciphers

Stream ciphers operate on a bit-by-bit basis, producing a single encrypted
bit for a single plaintext bit. Stream ciphers are commonly implemented as
the exclusive-or (XOR) of the data stream with the keystream. The security
of a stream cipher is determined by the properties of the keystream. A
completely random keystream would effectively implement an unbreakable
one-time pad encryption, and a deterministic keystream with a short period
would provide very little security.

Linear Feedback Shift Registers (LFSRs) are a key component of many stream
ciphers. LFSRs are implemented as a shift register where the vacant bit
created by the shifting is a function of the previous states. With the
correct choice of feedback taps, LFSRs can function as pseudo-random number
generators. The statistical properties of LFSRs, such as the
autocorrelation function and power spectral density, make them useful for
other applications such as pseudo-noise (PN) sequence generators in direct
sequence spread spectrum communications, and for distance measurement in
systems such as the Global Positioning System (GPS). LFSRs have the
additional advantage of being easily implemented in hardware.

The maximal length sequence (or m-sequence) is equal to 2n-1 where n is the
degree of the shift register. An example of a maximal length LFSR is shown
below in Figure 3. This LFSR will generate the periodic m-sequence
consisting of the following states (1111, 0111, 1011, 0101, 1010, 1101,
0110, 0011, 1001, 0100, 0010, 0001, 1000, 1100, 1110).


             Figure 3 Four-Stage Linear Feedback Shift Register

In order to form an m-sequence, the feedback taps of an LFSR must
correspond to a primitive polynomial modulo 2 of degree n. A number of
stream cipher designs consist of multiple LFSRs with various
interconnections and clocking schemes. The GSM A5 algorithm, used to
encrypt voice and signaling data in GSM is a stream cipher based on three
clock-controlled LFSRs.

3.2 Public Key Algorithms

Public key algorithms are characterized by two keys, a public and private
key, which perform complementary functions. Public and private keys exist
in pairs and ideally have the property that the private key may not be
deduced from the public key, which allows the public key to be openly
distributed. Data encrypted with a given public key may only be decrypted
with the corresponding private key, and vice versa. This is functionally
expressed as follows:

  C=Epub(P), P=Dpriv(C)
  C=Epriv(P), P=Dpub(C)

Public key cryptography simplifies the problem of key management in that
two parties may exchange encrypted data without having exchanged any
sensitive key information. Digital Signatures also make use of public key
cryptography, and commonly consist of the output of a one-way hash function
for a message (discussed in Section 3.3) with a private key. This enables
security features such as authentication and non- repudiation. The most
common example of a public key algorithm is RSA, named after its inventors
Rivest, Shamir, and Adleman. The security features of GSM, however, do not
make use of any type of public key cryptography.

3.3 One-Way Hash Functions

Generally, one-way hash functions produce a fixed-length output given an
arbitrary input. Secure one-way hash functions are designed such that it is
computationally unfeasible to determine the input given the hash value, or
to determine two unique inputs that hash to the same value. Examples of
one-way hash functions include MD5 developed by Ron Rivest, which produces
a 128-bit hash value, and the Secure Hash Algorithm (SHA) developed by the
National Institutes of Standards and Technology (NIST), which produces a
160-bit output.

A typical application of a one-way hash function is to compute a "message
digest" which enables the receiver to verify the authenticity of the data
by duplicating the computation and comparing the results. A hash function
output encrypted with a public key algorithm forms the basis for digital
signatures, such as NIST's Digital Signature Algorithm (DSA).

A key-dependent one-way hash function requires a key to compute and verify
the hash value. This is useful for authentication purposes, where a sender
and receiver may use a key-dependent hash function in a challenge-response
scheme. A key-dependent one-way hash function may be implemented by simply
appending the key to the message and computing the hash value. Another
approach is to use a block cipher in cipher feedback (CFB) mode, with the
output being the last encrypted block (recall that in CFB mode a given
block's output is dependent on the output of previous blocks). The A3 and
A8 algorithms of GSM are key- dependent one-way hash functions. The GSM A3
and A8 algorithms are similar in functionality and are commonly implemented
as a single algorithm called COMP128.

4.0 Description of GSM Security Features

The security aspects of GSM are detailed in GSM Recommendations 02.09,
"Security Aspects," 02.17, "Subscriber Identity Modules," 03.20, "Security
Related Network Functions," and 03.21, "Security Related Algorithms".
Security in GSM consists of the following aspects: subscriber identity
authentication, subscriber identity confidentiality, signaling data
confidentiality, and user data confidentiality. The subscriber is uniquely
identified by the International Mobile Subscriber Identity (IMSI). This
information, along with the individual subscriber authentication key (Ki),
constitutes sensitive identification credentials analogous to the
Electronic Serial Number (ESN) in analog systems such as AMPS and TACS. The
design of the GSM authentication and encryption schemes is such that this
sensitive information is never transmitted over the radio channel. Rather,
a challenge-response mechanism is used to perform authentication. The
actual conversations are encrypted using a temporary, randomly generated
ciphering key (Kc). The MS identifies itself by means of the Temporary
Mobile Subscriber Identity (TMSI), which is issued by the network and may
be changed periodically (i.e. during hand-offs) for additional security.

The security mechanisms of GSM are implemented in three different system
elements; the Subscriber Identity Module (SIM), the GSM handset or MS, and
the GSM network. The SIM contains the IMSI, the individual subscriber
authentication key (Ki), the ciphering key generating algorithm (A8), the
authentication algorithm (A3), as well as a Personal Identification Number
(PIN). The GSM handset contains the ciphering algorithm (A5). The
encryption algorithms (A3, A5, A8) are present in the GSM network as well.
The Authentication Center (AUC), part of the Operation and Maintenance
Subsystem (OMS) of the GSM network, consists of a database of
identification and authentication information for subscribers. This
information consists of the IMSI, the TMSI, the Location Area Identity
(LAI), and the individual subscriber authentication key (Ki) for each user.
In order for the authentication and security mechanisms to function, all
three elements (SIM, handset, and GSM network) are required. This
distribution of security credentials and encryption algorithms provides an
additional measure of security both in ensuring the privacy of cellular
telephone conversations and in the prevention of cellular telephone fraud.

Figure 4 demonstrates the distribution of security information among the
three system elements, the SIM, the MS, and the GSM network. Within the GSM
network, the security information is further distributed among the
authentication center (AUC), the home location register (HLR) and the
visitor location register (VLR). The AUC is responsible for generating the
sets of RAND, SRES, and Kc which are stored in the HLR and VLR for
subsequent use in the authentication and encryption processes.


       Figure 4 Distribution of Security Features in the GSM Network

4.1 Authentication

The GSM network authenticates the identity of the subscriber through the
use of a challenge-response mechanism. A 128-bit random number (RAND) is
sent to the MS. The MS computes the 32-bit signed response (SRES) based on
the encryption of the random number (RAND) with the authentication
algorithm (A3) using the individual subscriber authentication key (Ki).
Upon receiving the signed response (SRES) from the subscriber, the GSM
network repeats the calculation to verify the identity of the subscriber.
Note that the individual subscriber authentication key (Ki) is never
transmitted over the radio channel. It is present in the subscriber's SIM,
as well as the AUC, HLR, and VLR databases as previously described. If the
received SRES agrees with the calculated value, the MS has been
successfully authenticated and may continue. If the values do not match,
the connection is terminated and an authentication failure indicated to the
MS. Figure 5 shown below illustrates the authentication mechanism.


                   Figure 5 GSM Authentication Mechanism

The calculation of the signed response is processed within the SIM. This
provides enhanced security, because the confidential subscriber information
such as the IMSI or the individual subscriber authentication key (Ki) is
never released from the SIM during the authentication process.

4.2 Signaling and Data Confidentiality

The SIM contains the ciphering key generating algorithm (A8) which is used
to produce the 64-bit ciphering key (Kc). The ciphering key is computed by
applying the same random number (RAND) used in the authentication process
to the ciphering key generating algorithm (A8) with the individual
subscriber authentication key (Ki). As will be shown in later sections, the
ciphering key (Kc) is used to encrypt and decrypt the data between the MS
and BS. An additional level of security is provided by having the means to
change the ciphering key, making the system more resistant to
eavesdropping. The ciphering key may be changed at regular intervals as
required by network design and security considerations. Figure 6 below
shows the calculation of the ciphering key (Kc).


                Figure 6 Ciphering Key Generation Mechanism

In a similar manner to the authentication process, the computation of the
ciphering key (Kc) takes place internally within the SIM. Therefore
sensitive information such as the individual subscriber authentication key
(Ki) is never revealed by the SIM.

Encrypted voice and data communications between the MS and the network is
accomplished through use of the ciphering algorithm A5. Encrypted
communication is initiated by a ciphering mode request command from the GSM
network. Upon receipt of this command, the mobile station begins encryption
and decryption of data using the ciphering algorithm (A5) and the ciphering
key (Kc). Figure 7 below demonstrates the encryption mechanism.


                Figure 7 Ciphering Mode Initiation Mechanism

4.3 Subscriber Identity Confidentiality

To ensure subscriber identity confidentiality, the Temporary Mobile
Subscriber Identity (TMSI) is used. The TMSI is sent to the mobile station
after the authentication and encryption procedures have taken place. The
mobile station responds by confirming reception of the TMSI. The TMSI is
valid in the location area in which it was issued. For communications
outside the location area, the Location Area Identification (LAI) is
necessary in addition to the TMSI. The TMSI allocation/reallocation process
is shown in Figure 8 below.


                    Figure 8 TMSK Reallocation Mechanism

5.0 Discussion

This section evaluates and expands on the information presented in previous
sections. Additional considerations such as export controls on crypography
are discussed as well.

5.1 GSM Encryption Algorithms

A partial source code implementation of the GSM A5 algorithm was leaked to
the Internet in June, 1994. More recently there have been rumors that this
implementation was an early design and bears little resemblance to the A5
algorithm currently deployed. Nevertheless, insight into the underlying
design theory can be gained by analyzing the available information. The
details of this implementation, as well as some documented facts about A5,
are summarized below:

   * A5 is a stream cipher consisting of three clock-controlled LFSRs of
     degree 19, 22, and 23.
   * The clock control is a threshold function of the middle bits of each
     of the three shift registers.
   * The sum of the degrees of the three shift registers is 64. The 64-bit
     session key is used to initialize the contents of the shift registers.
   * The 22-bit TDMA frame number is fed into the shift registers.
   * Two 114-bit keystreams are produced for each TDMA frame, which are
     XOR-ed with the uplink and downlink traffic channels.
   * It is rumored that the A5 algorithm has an "effective" key length of
     40 bits.

5.2 Key Length

This section focuses on key length as a figure of merit of an encryption
algorithm. Assuming a brute-force search of every possible key is the most
efficient method of cracking an encrypted message (a big assumption), Table
1 shown below summarizes how long it would take to decrypt a message with a
given key length, assuming a cracking machine capable of one million
encryptions per second.

         Table 1 Brute-force key search times for various key sizes

 Key length in bits   32        40      56        64          128
   Time required to
  test all possible   1.19      12.7    2,291     584,542     10.8 x 10^24
        keys          hours     days    years     years       years

The time required for a 128-bit key is extremely large; as a basis for
comparison the age of the Universe is believed to be 1.6x10^10 years. An
example of an algorithm with a 128-bit key is the International Data
Encryption Algorithm (IDEA). The key length may alternately be examined by
determining the number of hypothetical cracking machines required to
decrypt a message in a given period of time.

            Table 2 Number of machines required to search a key
                           space in a given time

           Key length in bits    1 day     1 week      1 year
                   40          13         2          -
                   56          836,788    119,132    2,291
                   64          2.14x10^8  3.04x10^6  584,542
                   128         3.9x10^27  5.6x10^26  10.8x10^24

A machine capable of testing one million keys per second is possible by
today’s standards. In considering the strength of an encryption algorithm,
the value of the information being protected should be taken into account.
It is generally accepted that DES with its 56-bit key will have reached the
end of its useful lifetime by the turn of the century for protecting data
such as banking transactions. Assuming that the A5 algorithm has an
effective key length of 40 bits (instead of 64), it currently provides
adequate protection for information with a short lifetime. A common
observation is that the "tactical lifetime" of cellular telephone
conversations is on the order of weeks.

5.3 Export Restrictions on Encryption Technology

The goal of the GSM recommendations is to provide a pan- European standard
for digital cellular telecommunications. A consequence of this is that
export restrictions and other legal restrictions on encryption have come
into play. This is a hotly debated, highly political issue which involves
the privacy rights of the individual, the ability of law enforcement
agencies to conduct surveillance, and the business interests of
corporations manufacturing cellular hardware for export.

The technical details of the encryption algorithms used in GSM are closely
held secrets. The algorithms were developed in Britain, and cellular
telephone manufacturers desiring to implement the encryption technology
must agree to non-disclosure and obtain special licenses from the British
government. Law enforcement and Intelligence agencies from the U.S.,
Britain, France, the Netherlands, and other nations are very concerned
about the export of encryption technology because of the potential for
military application by hostile nations. An additional concern is that the
widespread use of encryption technology for cellular telephone
communications will interfere with the ability of law enforcement agencies
to conduct surveillance on terrorists or organized criminal activity.

A disagreement between cellular telephone manufacturers and the British
government centering around export permits for the encryption technology in
GSM was settled by a compromise in 1993. Western European nations and a few
other specialized markets such as Hong Kong would be allowed to have the
GSM encryption technology, in particular the A5/1 algorithm. A weaker
version of the algorithm (A5/2) was approved for export to most other
countries, including central and eastern European nations. Under the
agreement, designated countries such as Russia would not be allowed to
receive any functional encryption technology in their GSM systems. Future
developments will likely lead to some relaxation of the export
restrictions, allowing countries who currently have no GSM cryptographic
technology to receive the A5/2 algorithm.

6.0 Conclusion

The security mechanisms specified in the GSM standard make it the most
secure cellular telecommunications system available. The use of
authentication, encryption, and temporary identification numbers ensures
the privacy and anonymity of the system's users, as well as safeguarding
the system against fraudulent use. Even GSM systems with the A5/2
encryption algorithm, or even with no encryption are inherently more secure
than analog systems due to their use of speech coding, digital modulation,
and TDMA channel access.

7.0 Acronyms

     Authentication Algorithm
     Ciphering Algorithm
     Ciphering Key Generating Algorithm
     Advanced Mobile Phone System
     Authentication Center
     Base Station
     Cipher Block Chaining
     European Conference of Post and Telecommunication Administrations
     Cipher Feedback
     Ciphering Key Sequence Number
     Data Encryption Standard
     Digital Signature Algorithm
     Electronic Code Book
     European Telecommunications Standards Institute
     Gaussian Minimum Shift Keying
     Group Special Mobile
     Home Location Register
     International Mobile Subscriber Identity
     Ciphering Key
     Individual Subscriber Authentication Key
     Location Area Identity
     Linear Feedback Shift Register
     Memorandum of Understanding
     Mobile Station
     Mobile Switching Center
     National Institute of Standards and Technology1
     Operation and Maintenance Subsystem
     Random Number
     Rivest, Shamir, Adleman
     Secure Hash Algorithm
     Signed Response
     Total Access Communications System
     Temporary Mobile Subscriber Identity
     Visitor Location Register


  1. Van der Arend, P. J. C., "Security Aspects and the Implementation in
     the GSM System," Proceedings of the Digital Cellular Radio Conference,
     Hagen, Westphalia, Germany, October, 1988.
  2. Biala, J., "Mobilfunk und Intelligente Netze," Friedr., Vieweg & Sohn
     Verlagsgesellschaft, 1994.
  3. Cooke, J.C.; Brewster, R.L., "Cyptographic Security Techniques for
     Digital Mobile Telephones," Proceedings of the IEEE International
     Conference on Selected Topics in Wireless Communications, Vancouver,
     B.C., Canada, 1992.
  4. European Telecommunications Standards Institute, Recommendation GSM
     02.09, "Security Aspects".
  5. European Telecommunications Standards Institute, Recommendation GSM
     02.17, "Subscriber Identity Module".
  6. European Telecommunications Standards Institute, Recommendation GSM
     03.20, "Security Related Network Functions".
  7. Hodges, M.R.L., "The GSM Radio Interface," British Telecom Technology
     Journal, Vol. 8, No. 1, January 1990, pp. 31-43.
  8. Hudson, R.L., "Snooping versus Secrecy," Wall Street Journal, February
     11, 1994, p. R14
  9. Schneier, B., "Applied Cryptography," J. Wiley & Sons, 1994.
 10. Williamson, J., "GSM Bids for Global Recognition in a Crowded Cellular
     World," Telephony, vol. 333, no. 14, April 1992, pp. 36-40.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH