EE 6208 :

Wireless and
Mobile
Communications
Dr. C.K.W. Seneviratne

Department of Electrical and Information Engineering

University of Ruhuna
GSM
Transmission
and
Reception
GSM
Transmissi
on and
Reception
Speech (Voice) Coding

• Sampling at 8 kHz
• The purpose of speech • Sample size of 13 bits in
coders is to compress the size
speech signal before its • 8kHz*13b = 104kbps
transmission, reducing
the number of bits needed
in its digital
representation while
keeping an acceptable
quality of the decoded
output.
Channel Coding

• Use to detect and correct

errors in a received bit
stream
• Capable of handling single
or short error sequences
• 260 bits input – 456 bits Adds extra bits to the data flow. This
output way redundancy is introduced into the
• The last 78 bits are not data flow, increasing its rate by
protected adding information calculated from the
source data, to allow detection or
even correction of bit errors that
might be introduced during
transmission.
Interleaving

• Interleaving is systematically
dispersing the bits of a data
burst over multiple bursts.

The benefit of this technique: when a data burst is lost (due

to a burst error in the radio interface ) it does not mean a
100% loss of a single burst but rather a partial loss of many
bursts.
Interleaving
 Security in GSM
• The purpose of security for GSM systems is to make the system as secure
as the public switched telephone network and to prevent phone cloning.

• The use of air interfaces in the transmission media allows for several
potential threats.
 Types of Attacks (1)
• Denial-of-Service Attacks : A Denial-of-Service (DoS) attack is an
attack meant to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by
flooding the target with traffic or sending it information that
triggers a crash.

• Man-In-The-Middle (MITM) Attacks: With MITM attacks, the criminal

positions themselves between your device and the server. They
eavesdrop on, intercept, and manipulate communication between two
parties.
 • A Denial-of-Service (DoS) attack is meant to
Denial-of- shut down a machine or network, making it
inaccessible to its intended users. DoS
Service (DoS) attacks accomplish this by flooding the
target with traffic or sending it information
Attack that triggers a crash.
Man-In-The- • With MITM attacks, the criminal positions
themselves between your device and the
Middle (MITM) server. They eavesdrop on, intercept, and
manipulate communication between two
attacks parties.
 Types of Attacks (2)
Brute-force Attacks : In brute-force security attacks, hackers often
use dictionary software to repeatedly and systematically attempt
password combinations until they find one that works.

Eavesdropping Attacks: In an eavesdropping attack, the attacker

passively listens to network communications to gain access to private
information, such as node identification numbers, routing updates, or
application-sensitive data.
Security Terms

• Plaintext – information that

can be directly read by
humans or a machine
• Ciphertext – the encrypted
data
• Encryption – the process of
converting plaintext to
ciphertext
• Decryption – the process of
reverting ciphertext to
plaintext
Subscriber Identity
Confidentiality
Purpose: to avoid an interceptor of the mobile traffic being able to
identify which subscriber is using a given resource on the air
interface.

When a MS attempts to access with a PLMN with which it is not presently

registered, the MS uses its IMSI to identify itself. The IMSI is then
authenticated by the PLMN, which results in sharing a cipher key. The
VLR generates a Temporary Mobile Subscriber Identity (TMSI) to the MS,
storing the association of TMSI and IMSI in its database.
 Subscriber Identity
Confidentiality

The TMSI is then sent to MS, encrypted with a cipher key. The next time
MS attempts access in that PLMN, it uses the TMSI previously allocated
by the VLR instead of its IMSI.

It is frequently updated the TMSI so that an MS cannot be previously

identified and followed around.
 • Purpose: The authentication is used to identify
the MS to the PLMN operator
Authentication • Facilitates communication initialization between the
mobile station and the network
in GSM • Operation: Individual subscriber authentication
key (Ki)
Authentication • The individual subscriber authentication key(Ki)
is never transmitted over the radio channel, as it
in GSM is present in the subscriber's SIM, as well as the
AUC, HLR, and VLR databases.
 Authentication
Operation:
Authentication is performed by a challenge and response mechanism.
Ki in the PLMN is held in the AuC.

A random challenge (RAND) is generated by the AuC and issued to the MS.
The MS encrypts RAND using Ki and the authentication algorithm A3
implemented within the SIM, and send a signed response (SRES) back to
the PLMN.

AuC performs the same process with RAND to compute the expected
response (SRES), which is sent to the PLMN.

Eavesdropping of the radio channel should reveal no useful information,

as the next time a new RAND will be used.
 A5 Algorithm
• A5 is the encryption algorithm. It works on a bit-by-bit basis.
• A5 is stored on hardware as it has to encrypt and decrypt data during
transmission and reception of information, which must be fast enough.
• A5 takes a 64-bit cipher key and 22-bit function key as input and
114-bit plain text to generate 114-bit cipher text.
• The encryption-decryption processes are performed both at BS and MS.