Papers on mobile security

• an HTML version gsmdoc.htm,
• a word document with better diagrams gsmdoc.doc,
• best of all in PDF Acrobat gsmdoc.pdf.

• a PDF description document on cloning clone.pdf
• a PDF presentation on how to do it cardclone.pdf

• a PDF version gprs.pdf

• www.etsi.org/website/technologies/whitepapers.aspx

3G mobile security

I have been asked a few times where to get security information on 3G:

• The 3GPP Group on security have all their documents on www.3gpp.org/TB/SA/SA3/SA3.htm
• All the other useful links, such as the email exploder and Specifications are best navigated through the home page of www.3gpp.org.
• You should also look at the 3GPP2 web site on www.3gpp2.org.

Algorithms

• The www.3gpp.org/TB/Other/algorithms.htm page gives details of the 3G algorithms Kasumi (for encryption) and Milenage (authentication, based on AES Rijndael).
• See the GSM Association pages for A5/3, GEA3 and G Milenage and other algorithms www.gsmworld.com/using/algorithms/. See also the www.gsmworld.com/news/press_2002/press_15.shtml for the A5/3 (and GEA3) press release.
• At David Wagner's site www.isaac.cs.berkeley.edu/isaac/gsm.html useful text on the background and issues of GSM alogorithms.
• The GPRS (GEA1 & GEA2), TETRA and similar ETSI algorithms are available, see ETSI on portal.etsi.org/dvbandca/home.asp
• Elad Barkan, Eli Biham and Nathan Keller of Technion in Haifa, Israel, "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications" a very good paper on this issue (breaking GSM A5/2), and how to lever other attacks using this (presented at Crypto 2003).

Interception

• Interception links available on an old page. Includes links to standards and some legal sites.
• The Global LI Industry Forum is an independent non-profit trade association whose mission is to promote the worldwide awareness, responsible development, and marketplace growth for Lawful Interception (LI) products and services www.gliif.org.
• portal.etsi.org to find the ETSI LI information (Click on the LI link in the index).
• A French Company specialising in mobile security and lawful interception is www.aqsacom.com. See also Verint and ECTEL below.

Security tips for PCs at meetings

• How to on measures you can take to protect you PC at meetings.

Mobile Telecom and Security links

General GSM Related Sites

GSM

• The GSM world site at www.gsmworld.com contains all the roaming and carrier information you might need.
• The GSM Suppliers Association (GSA) at www.gsacom.com is an organization representing the suppliers of GSM equipment.
• OMTP is an operator-sponsored forum - it has some good downloads on trusted mobile, see www.omtp.org.
• The Open Mobile Alliance Ltd. has been established by the consolidation of the WAP Forum and the Open Mobile Architecture Initiative, see www.openmobilealliance.org.
• If you need data about mobile networks world wide you should try the EMC World Cellular Database on www.e-searchwireless.com. They also have a pay-as-you-go service on these pages.
• And if you want to find out what is happening, the evolving GSM standards are on the 3GPP pages on www.3gpp.org. Also see the ETSI pages on www.etsi.org

Other mobile standards

• For Bluetooth go to www.bluetooth.com. Bluetooth is a short-range radio link at 2.45 GHz used for linking devices. It has some good security features.
• For Tetra, the trunked radio system go to www.tetramou.com. Tetra is a devlopment of GSM in terms of security, and offers features such as end-to-end security. www.tetrapol.com is a system based on TETRA using many of the same standards.

Security Related GSM Sites

M and E-Commerce

• An organization looking at trust, identity and security on mobiles is Liberty Alliance www.projectliberty.org
• An organization looking at and m-commerce on mobiles consisting of some major Banks and Manufacturers is www.mobeyforum.org
• Another organization looking at security and m-commerce on mobiles is www.mobiforum.org
• Sonera Smarttrust also has e-commerce on mobiles and security information on www.smarttrust.com

Location

• A Company specialising location on mobiles are (for example) www.trueposition.com.

Information

• For latest security stories on GSM and the security world try www.cryptome.org.
• The original hacking web site is at www.2600.com
• For the algorithms a good description on how to exploit the old A3 authentication algorithm attack (hardware and software) is available from the Chaos Computer Club www.ccc.de, see also Dejan's site on users.net.yu/~dejan for Simscan and other smart card hacking tools.
• BT Counterpane has a useful digest that has mentioned GSM and includes a lot of good references on electronic security issues www.counterpane.com
• There are many other sites dedicated to changing IMEIs and SP locks etc. Many move around rapidly.

Protocols

• Need to know about the Session Initiation Protocol being used in GPRS and 3G ? - www.sipcenter.com is a good place to start and includes the IETF references.
• NTRU, a fast implentation of PKC is on www.ntru.com
• CERTICOM work on security solutions including elliptic curve techniques, details on www.certicom.com.
• For the internet security in IPv6 protocols which we will see encrypting 3G infrastructure see www.ipv6forum.com
• The BABT issue IMEI blocks to manufacturers of GSM at www.babt.com.

Telecommunication Security Consultants

• Fraud Management Ltd at www.fmlsolutions.com offer consultancy, training and advice.
• Praesidium at www.praesidium.com offer similar consultancy, training and advice.
• TRMG provides advice and designs for business in the areas of online security, communications fraud, internal fraud and theft, and revenue assurance. www.trmg.org.
• "Risk Management and Dependency Modelling" at www.dependency.com offer consultancy, training and advice.

Future Mobile Security Sites

• The UMTS Forum site at www.umts-forum.org has some excellent booklets you can download from their site, which serve as a good introduction to 3rd Generation.
• Whilst the latest Third Generation mobile standards are on www.3gpp.org All documents are open, the security is in SA Working Group 3 - there are also discussion lists you can subscribe to, see 3G at the top of this page.
• The Internet Engineering Task Force (IETF) have security and mobility standards used in mobile internet work at www.ietf.org
• Open Mobile Alliance (OMA) have examples of WAP and internet content and phone based browsers at www.openmobilealliance.org
• The EU IST (Information Societies Technologies programme) 5th Framework programme takes ACTS, Esprit and Telematics Programmes together and has 3.6 Billion ECU available for projects including mobile projects www.cordis.lu.
• TISPAN (part of ETSI) are setting standards on multimedia via IP and have a mobility element and are on www.tispan.org.
• The International Telecommunications Union (they selecting standards for 3rd Generation known as IMT2000) at www.itu.int

Manufacturer Sites

• SAGEM has end to end encrypting mobiles on www.sagem.com
• SECTRA also has end to end encrypting mobiles on www.sectra.se
• Nokia on www.nokia.com.
• Ericsson on www.ericsson.com.
• Panasonic on www.panasonic.com.
• Ascom on www.ascom.com.
• Siemens on www.siemens.com. They also produce an end to end encrypting mobile.
• Alcatel on www.alcatel.com.
• Motorola on www.motorola.com.
• Lucent on www.lucent.com.
• Benefon(Now TWIG) on www.benefon.com. See the combined GSM dual band, GPS and map display for gadget freaks!
• Samsung on www.samsung.com.
• Nortel on www.nortelnetworks.com.
• For Symbian and the Psion EPOC, which is a joint venture developing operating systems for mobile phones go to www.symbian.com.

Financial Clearing House & Billing Sites

• The Global Billing Association (now part of the Telecom Managemant Forum) on www.billing.org. Use this site for your billing links
• Mach clearing house (now part of Cibernet - see below) on www.mach.com.
• Cibernet clearing house on www.cibernet.com.
• There is also a Middle East clearing house - Emirates Data Clearing House- on www.edch.com.
• Comverse systems on www.comverse.com.

Smart Card Sites

• Gemalto on www.gemalto.com.
• Sagem Orga on www.sagem-orga.com.
• Giesecker & Devrient on www.gi-de.de.
• Bluefish on www.bluefish-tech.com.
• See the GSM Security Accreditation Scheme - SAS - to verify the security of smart card manufacturing, on www.gsmworld.com/using/sas/index.shtml.

Satellite Operators

• Iridium on www.iridium.com Note:.
• ICO on www.ico.com.
• Thuraya (Middle East) on www.thuraya.com.
• ACeS (Far East) on www.acesinternational.com (Link seems dead).
• Globalstar on www.globalstar.com.
• Inmarsat have a BGAN (Broadband GPRS network) on www.inmarsat.com.

Fraud Detection equipment suppliers

• Revector: the 3G & GSM gateway detection specialists www.revector.com.
• Neural Technologies on www.neuralt.com.
• AMDOCS on www.amodocs.com.
• ECTel on www.ectel.com.
• Verint on www.verintsystems.com.
• ASCOM on www.ascom.com.

Mobile Related Organization Sites

• CTIA (based in USA) on www.wow-com.com. The CTIA has a good mobile daily news site you can subscribe to.
• Communication Fraud Association (based in USA) on www.cfca.org.
• For mobile related news see www.wired.com
• For the European Conference of Postal and Telecommunications operators (CEPT) see www.cept.org.
• For the International Standards Organisation (ISO) see www.iso.ch.
• The European Industry Association look at draft regulations and directives in the EU, for Information Systems, Communication Technologies and Consumer Electronics. See www.eicta.org.
• Yahoo has a UK site for WAP on uk.mobile.yahoo.com.

Standards Bodies

• ANSI (American National Standards Institute)
• ARIB (Association of Radio Industries and Businesses)
• CEN(European Committee for Standardization)
• CENELEC (European Committee for Electrotechnical Standardization)
• CWTS (China Wireless Telecommunication Standard Group)
• ECMA (Standardizing Information and Communication Systems)
• ERO (European Radiocommunications Office)
• eEurope Smart Card Charter
• ETSI (European Telecommunications Standards Institute)
• European Commission
• ICTSB (Information and Communications Technologies Standards Board)
• IEC (International Electrotechnical Commission)
• IEEE (Institute of Electrical and Electronics Engineers)
• IETF (Internet Engineering Task Force)
• ITU (International Telecommunications Union)
• New approach (New Approach standardization in the internal market)
• OMG (Object Management Group)
• T1 (Standards Committee T1 - Telecommunications)
• TIA (Telecommunications Industry Association)
• TTA (Telecommunications Technology Association)
• TTC (Telecommunication Technology Committee)

Personal sites

• Kevin Holley, best site for practical SMS for the PALM at www.btinternet.com/~mrbush/index.html.
• Kingston Public Relations www.kingstonpr.com - PR services, Telecoms and high tech subjects a speciality. .