CYBER SECURITY FOR GSM DATA PROTECTION
Need help with a related project topic or New topic? Send Us Your Topic
DOWNLOAD THE COMPLETE PROJECT MATERIAL
CYBER SECURITY FOR GSM DATA PROTECTION
Chapter One: Introduction
1.0 Background for the Study
Defining what needs to be guarded and for whom is crucial for understanding the concept of security. Similarly, security is impossible to understand without a potential danger.
Mobile phones with third-generation (3G) systems require security services from the mobile platform to protect several stakeholders. Furthermore, potential hazards may differ among stakeholders.
Users expect mobile phones to provide secure and dependable communication, including for sensitive tasks like e-commerce transactions.
Malicious software, such as viruses and Trojans, and weak or malfunctioning security systems pose the most significant hazards to this group of stakeholders. Mobile network operators rely on phone network identification mechanisms (for billing) and network-related software.
Allowing malicious users or software to bypass these measures is not acceptable.
Operators require software integrity to be assured during mobile phone operation. They also want to ensure that consumers cannot bypass SIM lock methods.
Content providers, a third class of security stakeholders, seek payment for user-downloaded content like as music, images, movies, and software. Additionally, users must not use their phones to duplicate or distribute unauthorised content.
This is where DRM functions come into play. However, DRM technologies alone cannot ensure complete security. For a DRM solution that meets content provider criteria, the mobile phone platform must have safe execution and code integrity.
Security is typically measured based on four key aspects: confidentiality, integrity, authentication, and authorization [1].
– Nonrepudiation
Confidentiality ensures that data is shielded from those who should not have access to it.
To ensure data confidentiality, plaintext is cryptographically transformed into cypher text that conceals the original content. This operation uses a parameterized transformation to keep the controlling parameter private.
The controlling parameter is often referred to as a key. The transition is known as encryption.
The inverse transform or decryption can be easily performed using a key. Without the key, decryption is difficult.
Integrity refers to preventing unauthorised data changes during transport or storage. This is accomplished by cryptographic transformations and a key. To ensure the plaintext’s integrity, more information is required.
Authentication involves a claimant convincing a verifier of their correct identification. Authentication differs from authorization, which grants permission or access to something.
Non-repudiation involves employing security techniques like digital signatures to ensure that the sender of a message does not deny their identity.
There are two main types of cryptography mechanisms: symmetric and asymmetric. Symmetric techniques employ the same key for both encryption and decryption. Examples of symmetric confidentiality techniques are:
• Block cyphers like DES and AES; • Stream cyphers like GSM A1, A2, and A3.
Integrity is frequently safeguarded by symmetric procedures. Integrity-protection methods are sometimes known as message authentication codes (MAC). HMAC is the most prevalent MAC algorithm. Symmetric encryption keys must be kept hidden from non-legitimate users to prevent decryption.
Asymmetric techniques use distinct pairs of keys for encryption and decryption processes. The public key can be made public, but the secret key should never be shared. Asymmetric techniques are used to distribute keys, such as symmetric keys, or for digital signing.
A public key encrypts a symmetric key, which can only be decrypted by the legitimate receiver using the private key. A private key can be used to digitally sign data. Anyone who knows the public key can verify the signature. The RSA technique is a well-known example of an asymmetric cryptographic algorithm.
Numerous studies have shown that GSM providers’ security algorithms have been compromised. GSM phones’ smart-cards and SIM cards can be copied, necessitating additional study to safeguard sensitive data while using GSM technologies.
Need help with a related project topic or New topic? Send Us Your Topic