NEW YORK-If unaccompanied by rigorous precautions, the new add-on features personal communications services carriers are rushing to provide could pierce the elaborate security veil built into Global System for Mobile communications technology.
Over-the-air activation, prepaid calling and multifunctional handsets all pose potential security as well as service problems to GSM providers, even as they offer the lure of increased subscriber revenues.
This was the cautionary tale offered by Mark D. Ferdinands, telecommunications product manager for Giesecke & Devrient USA, Reston, Va., a subscriber identity module manufacturer. Ferdinands, who edited the SIM portion of the American PCS-1900 standard, an upbanded version of GSM, spoke at a conference sponsored by IBC Technical Services, London.
GSM PCS has lived up to its billing as secure against cloning types of subscriber fraud that are committed against analog cellular customers by thieves who monitor and exploit information they pick up over the airwaves. Ferdinands said he knows of “no specific statistics regarding comparative security” advantage of GSM PCS over analog cellular.
“Anecdotally from regulators in different countries, most major elements of subscriber fraud have been eliminated,” Ferdinands said. “But that doesn’t include technical fraud-inside jobs by disgruntled employees or sloppy handling. The subscriber is always the weakest link in the chain.”
A disabled personal identification number will allow access to the network merely by possession of the removable SIM card that holds the handset’s intelligence in a GSM system. Therefore, he urged carriers to “consider carefully whether you want to enable the PIN to be disabled inside the SIM.”
He also suggested carriers review carefully the security systems in place at the SIM card manufacturers they use, as well as in the transport of these cards to the carriers’ network data centers, and at the network data centers themselves.
“Over-the-air activation downloads information parameters into the SIM,” Ferdinands said. “Increasingly, operators like to change service profiles, and this involves going into what has been historically a closed system from a security standpoint.”
Additionally, the encryption aspects of security control can be compromised through “sloppy pre-personalization due to bad handling of data, which is out in plain text, and this can cause problems close to the point of sale or in over-the-air activations.”
Because the SIM interface with the GSM handset isn’t secure, “theoretically, you can neutralize and default execution of certain commands, including activation of certain prepaid services.” Standards-setting groups are exploring ways to improve the security of sender validation to minimize the possibility of this undesirable occurrence.
Improperly chosen or used algorithms in the encryption process also can cause glitches in implementing enhanced offerings like roaming and multifunctional services. “Look at your choice of algorithms. If bad ones are chosen, other network operators won’t roam with you … and airlines and credit card companies won’t be able to use them.”
The problem, however, is that SIM cards, like other smart cards, were developed without facility for interoperability.
“Once it gets its power, a SIM now kicks into its routine without waiting to be prompted to do a specific application,” Ferdinands said. “Work is ongoing but slow. It would involve changes to the SIM standard, which raises the problem of backward compatibility with existing SIMs. For the time being, multiple applications in the GSM context are done with a SIM tool kit.”
