Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Stragglers of the herd get eaten: security concerns for GSM mobile banking applications
Paik M.  HotMobile 2010 (Proceedings of the 11th Workshop on Mobile Computing Systems & Applications, Annapolis, MD, Feb 22-23, 2010)54-59.2010.Type:Proceedings
Date Reviewed: Jun 8 2010

Paik highlights in this paper several scenarios where the weaknesses of the global system for mobile communications (GSM) second-generation (2G) standard can be exploited by an adversary for malicious purposes.

Specifically, he elaborates on three categories of attacks. Message replay attacks are conducted by an attacker by capturing messages in transit and then replaying them after a certain period of time. Paik mentions that the GSM 2G standard for encryption (A 5/1) is rarely used--especially in developing countries, due to certain existing laws--and therefore, the protection of messages through encryption and integrity checks is not implemented all the time. The second type of attack is spoofing, where the subscriber identity module (SIM) card of a GSM handset can be cloned, or spoofed. This is possible due to the absence of a mechanism to verify the authenticity of a SIM card in developing countries such as India, where the Information Technology (IT) Act of 2000 mandates that no encryption must be used anywhere in the country. The third type of attack, denial of service (DoS), may be achieved by using a fictitious carrier for the GSM network, with all GSM handsets being associated with it, rather than the actual GSM network.

All of the above-mentioned attacks are based on the assumption that the attackers are well organized and sophisticated enough to possess the hardware and software resources needed to successfully launch the attacks. With the introduction of the GSM third-generation (3G) standard, and with possible enforcement of authentication and encryption laws in third-world countries, mobile applications deemed critical, such as mobile banking, can operate in a more secure environment.

The paper can be thought of as a wake-up call for countries that still rely heavily on the GSM 2G standard. In addition, the need to enforce encryption and authentication, particularly for sensitive applications such as banking and e-commerce, needs to be addressed through laws that can be implemented for such communication standards.
Reviewer:  Zubair Baig Review #: CR138080 (1010-1038)
Bookmark and Share
  Reviewer Selected
  
 
Data Encryption (E.3 )
 
 
Security (K.4.4 ... )
 
 
Wireless Communication (C.2.1 ... )
 
 
Electronic Commerce (K.4.4 )
 
 
Network Architecture And Design (C.2.1 )
 
Would you recommend this review?
yes
no
Other reviews under "Data Encryption": Date
ESA/390 integrated cryptographic facility
Yeh P., Ronald M. S. IBM Systems Journal 30(2): 192-205, 1991. Type: Article		 Feb 1 1992
Design and implementation of an RSA cryptosystem using multiple DSP chips
Er M., Wong D., Sethu A., Ngeow K. Microprocessors & Microsystems 15(7): 369-378, 1991. Type: Article		 Nov 1 1993
An introduction to cryptography
Diffie W. (ed), Hellman M., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471262336)		 Feb 1 1986
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy