The invention relates to providing wireless security.
The development of mobile radio communications technology has made the world more accessible. The first generation of mobile phone systems (analogue systems like TACS in the UK and AMPS in the USA) were designed without paying much attention to security. Thus they are susceptible to a number of security breaches, including eavesdropping by using low cost scanners and cloning of terminal identities (impersonation). Although limited securities were employed in the enhanced standards, they are difficult to manage. User authentication and frequency hopping (changing of communication frequency) are used to improve security. Modern digital mobile phone systems such as GSM developed various methods for security enhancement, including the use of a smart card called a Subscriber Identity Module (SIM) and the use of cryptography.
When a mobile station (cellular phone) tries to establish a new call, it is required to provide its Temporary Mobile Subscriber Identity (TMSI). TMSI is different for every new call and is uniquely matched to an International Mobile Subscriber Identity (IMSI), which is always the same for a given subscriber. A Visitor Location Register (VLR), a data base which contains subscription information and current locations of its subscribers, sends the IMSI to the Authentication Centre. A random number is generated and is used with the identification key as inputs to an encryption algorithm which then gives an output. The same random number is sent to the mobile station which contains the same encryption algorithm. If the identification key stored in SIM is the same as the one in the Authentication Centre, they should produce the same output. The VLR then compares the outputs and establish the subscriber's identity. The same mechanism is employed to obtain a traffic encryption key which is then used to bulk encrypt all communication traffic. All the signals within the network are encrypted and the identification key is never transmitted through the air to ensure network and data security.
The identification key stored in the SIM is never transmitted through the air interface. Thus it is much more difficult to obtain the key. Party Anonymity is maintained—IMSI is replaced by TMSI which is different for every call. Thus it is extremely difficult to find out a mobile station's identity. Location Confidentiality is maintained due to party anonymity and that only VLR and the mobile station know its location. Fraud detection can be achieved by using some inherent properties of the mobile phone network. If two cellular phones which have the same TMSI are activated at the same time, an impersonation is taking place. If a cellular phone is detected to be switched off at one area and reactivated at another place in an unreasonably short time, impersonation can be also be deduced. For example, if a mobile phone is detected to switch off in one city and reactivated in another city within minutes of each other, one can easily deduce two handsets with the same TMSI are in use. The operators can then be alerted and appropriate actions may be taken.