12.033GPPSecurity ManagementTS

The radio communications aspect of the GSM system makes it particularly sensitive to unauthorized use. For this reason, security mechanisms are defined for the GSM system:

– Subscriber identity (IMSI) confidentiality.

– Subscriber identity (IMSI) authentication.

– Data confidentiality over the air interface.

– Mobile equipment security.

The use of these security features, is at the discretion of operators for non-roaming subscribers. For roaming subscribers however, the use of these security features is mandatory, unless otherwise agreed by all the affected PLMN operators (GSM 02.09 [1]).

A number of security parameters have been defined in the core specifications to support these security features. The IMSI is used to uniquely identify subscribers and the TMSI to provide subscriber identity confidentiality. The authentication vectors (Kc,RAND,SRES) are used in the authentication process and the ciphering key (Kc) is used to encrypt signaling and user data over the air interface. Finally the IMEI can be used to establish whether a piece of mobile equipment is suitable to be used on the network, i.e., approved and neither stolen nor faulty.

Formal definitions of these security mechanisms and their technical realization can be found in recommendations GSM 02.09 [2] and GSM 03.20 [3] respectively. The relevant messaging and procedures can be found in recommendations GSM 04.08 [4], GSM 08.08 [22], GSM 08.58 [23], and
GSM 09.02 [5].

It is the objective of the present document to provide a standard mechanism for the management of the aforementioned security features and parameters.