headers
Nguyen Thi Mai Trang | 27 Jun 2005 13:32
Picon

IMSI

Hello,

I am trying to understand the mechanisme of confidentiality of 
subscriber identity in GSM. As far as I know, the technique used is not 
to send the IMSI frequently in the air interface. A temporary identity, 
the TMS is rather used. However, I think that the IMSI must be sent in 
clear at least once at the begining to the network because it is 
neccessary for locating the authentication key Ki and then, the Kc for 
delivering a TMSI. Is it true? Is the fact of sending the IMSI in clear 
implies some problems of security in GSM?
Thank you very much.

Mai Trang
Permalink | Reply | 2 comments |
headers
Marc Witteman | 27 Jun 2005 15:12
Favicon

RE: IMSI

Yes you are right. Your identity IMSI is occasionally sent over the air.
This happens at first use, but also when a subscriber roams to another
network and there is no exchange of the temporary identity TMSI between the
two networks. The security impact is quite limited though, as new TMSIs are
assigned frequently and exchanged over an encrypted channel. In practice
this means that a fanatic eavesdropper could see your IMSI if he's lucky,
but he would loose track of you rather soon because he should not be able to
decipher your next TMSI.

Marc

Marc Witteman

Mob: +31624595408
Tel: +31152139942
Fax: +31152139943
Web: www.riscure.com

> -----Original Message-----
> From: gsmsecurity-bounces <at> gsm-security.net 
> [mailto:gsmsecurity-bounces <at> gsm-security.net] On Behalf Of 
> Nguyen Thi Mai Trang
> Sent: Monday, June 27, 2005 1:33 PM
> To: gsmsecurity <at> gsm-security.net
> Subject: [GSMSecurity] IMSI
> 
> Hello,
> 
> I am trying to understand the mechanisme of confidentiality 
> of subscriber identity in GSM. As far as I know, the
(Continue reading)

Permalink | Reply | 1 comment |
headers
Mohammed Ali Al Fayezi | 28 Jun 2005 08:19
Picon
Favicon

SMS Security

Hello,

            As far as I understand that the SMS is encrypted in the air interface(between the MS and BTS).is this true?

If so what is the encryption algorithm used?

And is it broken?

 

Regards,

 

Eng. Mohammed Al Fayezi

Al Jawal - IT Security Dep.

Tel :4635636

Mobile :0503819237

 

Disclaimer: The information in this email and in any files transmitted with it,
is intended only for the addressee and may contain confidential and/or privileged material.
Access to this email by anyone else is unauthorized. If you receive this in error,
please contact the sender immediately and delete the material from any computer.
If you are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it, is strictly prohibited.
Statement and opinions expressed in this e-mail are those of the sender, and do not
necessarily reflect those of STC.
<div>

<div class="Section1">

<p class="MsoNormal"><span>Hello,<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; As
far as I understand that the SMS is encrypted in the air interface(between the MS
and BTS).is this true?<p></p></span></p>

<p class="MsoNormal"><span>If so what is
the encryption algorithm used?<p></p></span></p>

<p class="MsoNormal"><span>And is it broken?
<p></p></span></p>

<p class="MsoNormal" dir="RTL"><span dir="LTR"><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span>Regards,</span><p></p></p>

<p class="MsoNormal"><span>&nbsp;<p></p></span></p>

<p class="MsoNormal"><span>Eng.</span><span> Mohammed Al
Fayezi</span><p></p></p>

<p class="MsoNormal"><span>Al Jawal -
IT Security Dep.</span><p></p></p>

<p class="MsoNormal"><span>Tel :4635636</span><p></p></p>

<p class="MsoNormal"><span>Mobile</span><span> :0503819237</span><p></p></p>

<p class="MsoNormal" dir="RTL"><span dir="LTR"><p>&nbsp;</p></span></p>

</div>

<table><tr><td bgcolor="#ffffff">Disclaimer: The information in this email and in any files transmitted with it,<br>
is intended only for the addressee and may contain confidential and/or privileged material.<br>
Access to this email by anyone else is unauthorized. If you receive this in error,<br>
please contact the sender immediately and delete the material from any computer.<br>
If you are not the intended recipient, any disclosure, copying, distribution or<br>
any action taken or omitted to be taken in reliance on it, is strictly prohibited.<br>
Statement and opinions expressed in this e-mail are those of the sender, and do not<br>
necessarily reflect those of STC.<br>
</td></tr></table>
</div>
Permalink | Reply | 0 comments |

Gmane