Retrofitting mutual authentication to GSM using RAND hijacking
This addresses security vulnerabilities in GSM for mobile users and networks, offering a transparent and incremental enhancement.
The paper tackled the lack of mutual authentication in GSM, which enables various attacks, by proposing a modification to SIMs and authentication centers that adds mutual authentication without altering existing mobile infrastructure, achieving this with only necessary changes to these components.
As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal for enhancing GSM authentication that possesses such transparency properties.