CYBER SECURITY FOR GSM DATA PROTECTION

CYBER SECURITY FOR GSM DATA PROTECTION

  • The Complete Research Material is averagely 152 pages long and it is in Ms Word Format, it has 1-5 Chapters.
  • Major Attributes are Abstract, All Chapters, Figures, Appendix, References.
  • Study Level: MTech, MSc or PhD.
  • Full Access Fee: ₦8,000

Get the complete project » Instant Download Active

ABSTRACT

With the increasing use of extensive IT and Telecommunication systems for sensitive or safety-critical applications, the matter of IT and Telecommunication security is becoming more important. For the computer system, and its related applications, including data, to be trustworthy, it must be secured. This project covers all aspects of Computer System security. This project equally understudied the security of data as it affects mobile systems vis-à-vis Global System for Mobile Telecommunications (GSM). The existing security algorithms in the GSM network were understudied and critical flaws found in them that cannot guarantee the security and confidentiality of user’s data during communication session. This poses a great threat in sensitive and safety-critical environments such as financial institutions, Military, Educational, or even in espionage establishments such as State Secret Services (SSS) and security establishments. This Masters project finally proffered solution to these flaws found in GSM security system by adopting a software-based approach. A computer-based program was written in JAVA programming language to provide end-to-end data (SMS only) encryption in two-way communication using compatible MIDP mobile phones or other portable communication devices.


CHAPTER ONE

INTRODUCTION

1.0         Background to the Study

The term security lacks meaning until one has defined what is to be secured and for whom. Likewise, security is difficult to comprehend without a potential threat. Mobile phones for third-generation mobile systems (3G) have several security stakeholders for which the mobile platform must provide security services. Moreover, the potential threats may differ from stakeholder to stakeholder.

The first class of security stakeholders, users, expects that mobile phones will offer secure and reliable communication – that is, they assume their phones can be trusted to handle sensitive tasks, such as e-commerce transactions. The main threats to this class of stakeholders are malicious software, such as viruses and Trojans, or weak or misbehaving security mechanisms. The second class of stakeholders, mobile network operators, relies on phone network identification mechanisms (related to billing capability) and network-related software.

Criminal-minded users or hostile software must not be allowed to circumvent these mechanisms.

Operators thus require that the integrity of software can be guaranteed when the mobile phone is in operation. They also want to be certain that users cannot break SIM lock mechanisms.

A third class of security stakeholders, content providers, wants to be paid for the content (music, pictures, videos and software) that users download. It also wants to know that


1


users cannot (mis)use their phones to illegally copy or distribute content. This is where digital rights management (DRM) functions come into play. However, DRM mechanisms alone cannot provide all necessary security. To provide a DRM solution that meets content provider requirements, the mobile phone platform must contain security functions that guarantee secure execution and code integrity.

Security is usually measured in terms of a set of basic aspects [1]:

-                      confidentiality,

-                      integrity,

-                      authentication and

-                      authorization.

-                      Non-repudiation

Confidentiality is ensuring that the data is hidden from those that are not supposed to see it.

Confidentiality of data is achieved by cryptographically transforming original data, often called, plaintext, into cipher text, which hides the content of plaintext. This operation is realized as a parameterized transformation that keeps the controlling parameter secret. The controlling parameter is often called a key. The transformation is called encryption. With a key it is easy to perform the inverse transform or decryption. Without the key, decryption would be difficult.

Integrity is about ensuring that data has not been replaced or modified without authorization during transport or storage. This is achieved using cryptographic transforms and a key. Additional information must also be added to the plaintext to verify its integrity.


2


Authentication is the procedure by which a unit (the claimant) convinces another unit (the verifier) of its (correct) identity. Authentication is different from authorization, which is the process of giving a person or entity permission to do or have access to something.

Non-repudiation is ensuring that someone who sent a message does not deny that he is the one that sent it by using security processes such as digital signature.

There are two major classes of cryptographic mechanisms: symmetric and asymmetric. In symmetric mechanisms, the same key is used for encryption and decryption. Examples of symmetric confidentiality mechanisms are

•  block ciphers, such as DES and AES; and

•  stream ciphers, such as the GSM A1, A2 and A3 algorithms.

Integrity is often protected using symmetric mechanisms. Integrity-protection algorithms are also called message authentication codes (MAC). The most popular MAC is the HMAC algorithm. Because the key in symmetric mechanisms can be used to decrypt content, it must be kept secret from all but legitimate users of the encryption scheme.

Asymmetric mechanisms use separate pairs of keys for encryption transform and decryption transform. The public key can be made publicly available, but the private key must never be revealed. Asymmetric mechanisms are typically used for distributing keys (for example, a symmetric key) or for digital signing purposes. A public key can be used to encrypt a symmetric key, which in turn, can only be decrypted by the legitimate


You either get what you want or your money back. T&C Apply





Share a Comment


You can find more project topics easily, just search

Quick Project Topic Search