Last updated June 2008.
Papers on mobile security
Some of my papers...
Many years ago (in 1994) I wrote an article
on GSM Security describing the algorithms and general
Here are information documents on Smart Card cloning, available as:
Here are other papers:
GPRS Security, available as:
An ETSI (see below) co-authored security white paper about ETSI activities can be got from:
3G mobile security
I have been asked a few times where
to get security information on 3G:
- Interception links available on an old page.
Includes links to standards and some legal sites.
- The Global LI Industry Forum is an independent non-profit trade association whose mission is to promote the worldwide awareness, responsible development, and marketplace growth for Lawful Interception (LI) products and services www.gliif.org.
- portal.etsi.org to find the ETSI LI information (Click on the LI link in the index).
- A French Company specialising
in mobile security and lawful interception is www.aqsacom.com. See also Verint and ECTEL below.
Security tips for PCs at meetings
- How to on measures you can take to protect
you PC at meetings.
Mobile Telecom and Security links
General GSM Related Sites
- The GSM world site at www.gsmworld.com contains all the roaming and
carrier information you might need.
- The GSM Suppliers Association
(GSA) at www.gsacom.com is an organization representing the
suppliers of GSM equipment.
- OMTP is an operator-sponsored forum - it has some good downloads on trusted mobile, see www.omtp.org.
- The Open Mobile Alliance Ltd. has been established by the consolidation of the WAP Forum and the Open Mobile Architecture Initiative, see www.openmobilealliance.org.
- If you need data about
mobile networks world wide you should try the EMC
World Cellular Database on www.e-searchwireless.com. They also have a pay-as-you-go
service on these pages.
- And if you want to find out
what is happening, the evolving GSM standards are
on the 3GPP pages on www.3gpp.org. Also see the ETSI pages on www.etsi.org
Other mobile standards
- For Bluetooth go to www.bluetooth.com. Bluetooth is a short-range radio
link at 2.45 GHz used for linking devices. It has
some good security features.
- For Tetra, the trunked radio
system go to www.tetramou.com. Tetra is a devlopment of GSM in
terms of security, and offers features such as
end-to-end security. www.tetrapol.com is a system based on TETRA using
many of the same standards.
Security Related GSM Sites
M and E-Commerce
- An organization looking at
trust, identity and security on mobiles is Liberty Alliance www.projectliberty.org
- An organization looking at and
m-commerce on mobiles consisting of some major
Banks and Manufacturers is www.mobeyforum.org
- Another organization looking
at security and m-commerce on mobiles is www.mobiforum.org
- Sonera Smarttrust also has e-commerce
on mobiles and security information on www.smarttrust.com
- For latest security stories on GSM and the security world
- The original hacking web site
is at www.2600.com
- For the algorithms a good description on how to
exploit the old A3 authentication algorithm
attack (hardware and software) is available from
the Chaos Computer Club www.ccc.de, see also Dejan's site on users.net.yu/~dejan for Simscan and other smart card hacking tools.
- BT Counterpane has a useful
digest that has mentioned GSM and includes a lot
of good references on electronic security issues www.counterpane.com
- There are many other sites
dedicated to changing IMEIs and SP locks etc.
Many move around rapidly.
- Need to know about the Session Initiation Protocol being used in GPRS and 3G ? - www.sipcenter.com is a good place to start and includes the IETF references.
- NTRU, a fast implentation of
PKC is on www.ntru.com
- CERTICOM work on security
solutions including elliptic curve techniques,
details on www.certicom.com.
- For the internet security in
IPv6 protocols which we will see encrypting 3G
infrastructure see www.ipv6forum.com
- The BABT issue IMEI blocks to
manufacturers of GSM at www.babt.com.
- Fraud Management Ltd at www.fmlsolutions.com offer consultancy, training and
- Praesidium at www.praesidium.com offer similar consultancy, training
- TRMG provides advice and designs for business in the areas of online security, communications fraud, internal fraud and theft, and revenue assurance. www.trmg.org.
- "Risk Management and Dependency Modelling" at www.dependency.com offer consultancy, training and
Future Mobile Security Sites
- The UMTS Forum site at www.umts-forum.org has some excellent booklets you can
download from their site, which serve as a good
introduction to 3rd Generation.
- Whilst the latest Third
Generation mobile standards are on www.3gpp.org All documents are open, the
security is in SA Working Group 3 - there are
also discussion lists you can subscribe to, see 3G
at the top of this page.
- The Internet Engineering Task
Force (IETF) have security and mobility standards
used in mobile internet work at www.ietf.org
- Open Mobile Alliance (OMA) have examples of WAP
and internet content and phone based browsers at www.openmobilealliance.org
- The EU IST (Information
Societies Technologies programme) 5th Framework
programme takes ACTS, Esprit and Telematics
Programmes together and has 3.6 Billion ECU
available for projects including mobile projects www.cordis.lu.
- TISPAN (part of ETSI) are setting standards
on multimedia via IP and have a mobility element
and are on www.tispan.org.
- The International
Telecommunications Union (they selecting
standards for 3rd Generation known as IMT2000) at
Financial Clearing House &
- The Global Billing
Association (now part of the Telecom Managemant Forum) on www.billing.org. Use this site for your billing
- Mach clearing house (now part of Cibernet - see below) on www.mach.com.
- Cibernet clearing house on www.cibernet.com.
- There is also a Middle East
clearing house - Emirates Data Clearing House- on
- Comverse systems on www.comverse.com.
Smart Card Sites
Note that many of these systems use smart cards compatible with GSM, so you can effectively roam.
Fraud Detection equipment suppliers
Mobile Related Organization Sites
- CTIA (based in USA) on www.wow-com.com. The CTIA has a good mobile daily
news site you can subscribe to.
- Communication Fraud
Association (based in USA) on www.cfca.org.
- For mobile related news see www.wired.com
- For the European Conference of
Postal and Telecommunications operators (CEPT)
- For the International
Standards Organisation (ISO) see www.iso.ch.
- The European Industry Association look at draft regulations and directives in the EU, for Information Systems, Communication Technologies and Consumer Electronics. See www.eicta.org.
- Yahoo has a UK site for WAP on