Abstract: Various security vulnerabilities exist in modern secure communications, such as wireless eavesdropping, identity fraud, data tampering, and repudiation of services. This article discusses the characteristics of these vulnerabilities from two aspects: security factors in mobile communication networks and security technologies used in mobile communication networks.
Keywords: mobile phone; communication system; frequency division multiplexing mode; mobile communication network; time division multiple access; third-generation buddy system;
I. History of Security Mobile Communication Networks Security mobile communication networks are an important field and component of radio communication technology. The development and application of this technology began in the 1920s, initially primarily used for in-vehicle mobile communication services between police headquarters and patrol cars, and quickly adopted by police departments. In 1946, AT&T developed wireless telephone technology that could connect mobile and fixed-line users. Based on this technology, AT&T further developed a security mobile communication system called Mobile Telephone Service (MTS). Its improved version, I;MTS, became the only mobile communication network covering the entire United States in 1969. In 1968, Bell Labs of AT&T invented "cellular" technology, which could divide the coverage area of a security mobile communication network into many cell-like cells, allowing distant cells to use the same radio frequency. The application of cellular technology greatly increased the capacity of security mobile communication networks and enabled cell base stations to use low-power transmission, avoiding interference caused by high-power transmission. The invention of cellular technology was a glorious milestone in the history of security mobile communications, and its widespread application marked the entry of security mobile communications into cellular mobile communications.
In the late 1970s and early 1980s, the first generation of cellular security mobile communication networks was widely used in many countries, including Japan, Sweden, the United Kingdom, the United States, Germany, and France. Based on analog communication technology, these first-generation cellular mobile communication networks employed Frequency Division Multiplexing (FDMA) mode, and their network capacity was generally sufficient to meet the needs of mobile communication users.
By the late 1980s, the first generation of analog cellular security mobile communication networks had become obsolete. Advances in integrated circuit technology spurred the application of digital communication technologies in second-generation security cellular mobile communication networks. These included advanced digital voice coding technology, which significantly reduced bandwidth requirements and improved network frequency band utilization while maintaining voice quality; error control technology enhanced the network's anti-interference capabilities—base stations could transmit at low power; digital encryption technology protected digitized user voice, data, and network commands; and ID card technology verified mobile user identities, effectively preventing identity fraud. Therefore, second-generation security cellular mobile communication networks were not only superior in performance but also more secure than the first generation.
In 1990, the Pan-European Digital Security Cellular Mobile Communication Network (GSM, Global Security Mobile Communication) was first launched in Western European countries, freeing Europe from the predicament of numerous incompatible first-generation cellular security mobile communication networks. The GSM network, based on Frequency Division Multiplexing (FDMA), also employed Time Division Multiple Access (TDMA) to increase network capacity. Subsequently, Australia and some Middle Eastern countries adopted GSM networks, making it the world's most extensive security mobile communication network.
In the late 1990s, with the convergence of the Internet and secure mobile communication networks, low-speed data transmission services could no longer meet the needs of mobile users. The demand for high-speed data transmission services drove secure mobile communication networks towards the third generation. To this end, the International Telecommunication Union (ITU) advocated for the development of a globally unified standard for third-generation cellular secure mobile communication networks—the future public terrestrial mobile telecommunications network. In October 1998, telecommunications standards organizations from Europe, China, Japan, South Korea, and the United States jointly established the 3rd Generation Partnership Project (3GPP) to develop a third-generation secure mobile communication network standard, CDMA2000, based on the IS-95 core network.
Third-generation security mobile communication networks began to be used at the beginning of this century, with Japan's DoCoMo company being the first to operate a third-generation security mobile communication network on October 1, 2001. With technological advancements and the increasing demand for mobile communication services, mobile communication networks will continue to evolve, further perfecting the communication service needs of a broad range of security mobile communication users.
2. Security Factors in Secure Mobile Communication Networks Various security factors exist in radio communication networks, such as wireless eavesdropping, identity impersonation, data tampering, and repudiation of services. As a type of radio communication network, secure mobile communication networks also suffer from these security factors. Due to their unique characteristics, secure mobile communication networks also exhibit other types of security risks. The following will discuss the security factors in three parts of the mobile communication network: the interface, the network end, and the mobile end, as well as their specific manifestations and hazards in secure mobile communication networks.
2.1 Security Insecurity Factors in Wireless Interfaces In secure mobile communication networks, all communication between the mobile station and the fixed network terminal is transmitted through the wireless interface. However, the wireless interface is open, allowing perpetrators to eavesdrop on the channel and obtain transmitted information. They can even modify, insert, delete, or retransmit messages within the wireless interface to impersonate mobile users and deceive network terminals. Depending on the attack type, attacks can be categorized into three types: unauthorized data access, unauthorized access to network services, and threats to data integrity.
2.1.1 Unauthorized Access to Data Attacks The main purpose of unauthorized access to data attacks is to obtain user data or signaling data transmitted through the wireless interface. These attacks include the following:
(1) Eavesdropping on user data – obtaining user information
(2) Eavesdropping on signaling data—obtaining network management information and other information that is conducive to proactive attacks;
(3) Wireless tracking – Obtaining the identity and location information of mobile users to achieve wireless tracking;
(4) Passive transport stream analysis – guessing the content and purpose of user communication;
(5) Active transport flow analysis – obtaining access information.
2.1.2 Unauthorized Access to Network Services Attacks In unauthorized access to network services attacks, attackers impersonate legitimate mobile users to deceive the network, gain authorization to access network services, and evade payment. The impersonated mobile user then pays the attacker's fees.
2.1.3 Threat to Data Integrity Attacks Threat to data integrity attacks target user data streams and signaling data streams in the wireless interface. Attackers modify, insert, delete, or retransmit these data streams to deceive the data receiver and accomplish a specific attack.
2.2 Security Insecurity Factors at the Network End In secure mobile communication networks, the network end is quite complex. It not only contains many functional units, but the communication media between different units are also different. Therefore, the secure mobile communication network end also has some security risks that cannot be ignored, such as wiretapping, identity impersonation, data tampering, and repudiation after service delivery. These can be divided into four categories according to the different attack types.
2.2.1 Unauthorized Access to Data Attacks The main purpose of unauthorized access to data attacks is to obtain user data and signaling data transmitted between network terminals. Specific methods are as follows:
(1) Eavesdropping on user data – obtaining user communication content;
(2) Eavesdropping on signaling data – obtaining security management data and other information that is conducive to proactive attacks;
(3) Impersonating the communication receiver—obtaining user data, signaling data, and other information that is conducive to proactive attacks;
(4) Passive transport stream analysis – obtaining access information;
(5) Unauthorized access to system-stored data – obtaining data stored in the system, such as authentication parameters of legitimate users.
2.2.2 Unauthorized Access to Network Services Attacks The main purpose of unauthorized access to network services attacks is to access the network and evade payment. Specific manifestations are as follows:
(1) Impersonating a legitimate user – obtaining authorization to access network services;
(2) Impersonating service networks – accessing network services;
(3) Impersonating the home network—obtaining authentication parameters that can impersonate legitimate users;
(4) Abuse of user rights - enjoying network services without paying;
(5) Abuse of network service authority to obtain illegal profits.
2.2.3 Threats to Data Integrity Threats to data integrity at the security mobile communication network end include not only those attacks on the wireless interface (because the communication interface between the BSS and MSC may also be a wireless interface), but also those on the wired communication network, specifically as follows:
(1) Manipulating user data streams—gaining access to network services or intentionally interfering with communications;
(2) Manipulating signaling data streams—obtaining access to network services or intentionally interfering with communications;
(3) Impersonating a communication participant – obtaining access to network services or intentionally interfering with communication;
(4) Manipulating downloadable applications—interfering with the normal operation of mobile terminals;
(5) Manipulating the mobile terminal – interfering with the normal operation of the mobile terminal;
(6) Manipulating data stored in network units—obtaining access to network services or intentionally interfering with communications.
2.4 Post-Service Repudiation Attacks Post-service repudiation attacks deny that a communication ever occurred after the fact, thereby evading payment or liability. Specific manifestations are as follows:
(1) Payment denial – refusing to pay;
(2) The sender denies – unwilling to assume liability for paying for the message service sent;
(3) Recipient denial – unwilling to pay for the received message service.
2.3 Security Risks of Mobile Terminals The mobile terminals of a mobile communication network consist of mobile stations. A mobile station is not only a communication tool for mobile users to access the mobile communication network, but it also stores the mobile user's personal information, such as the International Mobile Equipment Identity (IMEI), the International Mobile User Identity (IMI), and the mobile user authentication key. The IMEI represents a unique mobile phone, and the IIM and authentication key also correspond to a unique and legitimate user. Because mobile phones are easily lost or stolen in daily life, this introduces the following security risks:
(1) Using stolen or found mobile phones to access network services without paying, causing losses to users who have lost their mobile phones;
(2) If criminals can read the international identity number and mobile user authentication key of mobile users, they can "clone" many mobile phones and engage in the illegal sale of mobile phones, causing economic losses to mobile phone users and network service providers.
(3) Criminals may also change the identification number of stolen or found mobile phones in order to prevent them from being registered on the blacklist of lost mobile phones.
2.4 Threats to Security in Mobile Communication Networks Also Include Wireless Eavesdropping, Impersonation Attacks, Integrity Violations, Service Denial, and Mobile Phone Attacks.
The specific description is as follows:
(1) Wireless eavesdropping - eavesdropping on user identification numbers, user data and signaling information transmitted in wireless channels;
(2) Impersonation attack – impersonating a mobile user to deceive the network terminal and impersonating a network terminal to deceive the mobile user;
(3) Integrity violation—altering signaling information transmitted in the wireless communication control channel;
(4) Business denial – Mobile users abuse authorization, and network service providers forge bills;
(5) Mobile phone attacks – stealing mobile phones, changing mobile phone identification numbers and cloning mobile phones.
3. Security Technologies in Mobile Security Communication: Operational experience from first-generation analog mobile security communication networks to second-generation digital mobile security communication networks has demonstrated that various security vulnerabilities in mobile security communication networks not only threaten the privacy and interests of mobile users but also seriously disrupt the normal operation of the network and damage the economic interests of service providers and network operators. To protect the interests of all parties, mobile security communication networks must adopt appropriate security measures and provide a sufficient level of security technology services.
3.1 Confidentiality and Security Technical Services Confidentiality and security technical services can be divided into 5 categories, with their confidentiality levels and purposes as follows:
(1) The purpose of user voice confidentiality (level: 1) is to protect user voice transmitted in the wireless channel and prevent it from being eavesdropped on by others;
(2) The purpose of user identity confidentiality (level: 1) is to protect the user's real identity and prevent wireless tracking;
(3) The purpose of signaling data confidentiality (level: 1) is to protect the signaling data transmitted in the wireless channel and prevent it from being eavesdropped on by others;
(4) The purpose of user data confidentiality (level: 2) is to protect user data transmitted in the wireless channel and prevent it from being eavesdropped on by others;
(5) The purpose of authentication key confidentiality (level: 2) is to protect the authentication key stored by the SIM and AC to prevent it from being stolen or "cloned" by others.
3.2 Authentication Security Technology Services Authentication security technology services can be divided into three categories, as described below:
(1) The purpose of user authentication is to identify the identity of mobile users and prevent impersonation;
(2) The purpose of network identity authentication is to identify network identities and prevent attackers from impersonating network users to deceive;
(3) The purpose of signaling data integrity detection is to protect the integrity of signaling information transmitted in the wireless channel and prevent it from being tampered with by others.
3.3 Layer Security Technology Services The two types of security services mentioned above are provided at the access layer of the mobile communication network. With the increasing variety of security mobile communication network services and the development of commerce, security technology services have been added at the application layer, as described below:
(1) Entity identity authentication - Two application entities mutually authenticate the identity of the entity;
(2) Data source authentication – The recipient application entity authenticates that the data indeed comes from the sender;
(3) Data integrity authentication - The receiving application entity confirms that the received data has not been tampered with;
(4) Data confidentiality—protecting data communication between two application entities, achieving end-to-end confidentiality, and preventing data leakage;
(5) Data Receipt Proof – The sender’s application entity authentication can prove that the recipient has indeed received the application data.
3.4 Mobile Phone Protection Mobile phone manufacturers assign a globally unique International Mobile Equipment Identity (IMEI) to each mobile phone. Whenever a mobile phone accesses a mobile communication network, it must transmit the IMEI to the Network Equipment Registry (EIR). The EIR checks if the IMEI is on the "blacklist" of lost or stolen mobile phones. If it is, the EIR sends a signal to lock the phone, preventing the user from unlocking it and continuing to use the phone. This largely prevents unauthorized users from abusing network services with found or stolen mobile phones, thus causing legitimate users of the lost phones to pay for the services. However, some criminals use sophisticated tools to alter the IMEI of stolen phones, thereby bypassing the "blacklist" check. To prevent IMEI modification, mobile phone manufacturers typically place the IMEI in a protective unit, namely a read-only memory with physical tamper-proof features.
4. Conclusion Because the security vulnerabilities in wireless communication networks threaten the economic interests of network users and operators, wireless communication networks must utilize the aforementioned security technologies to eliminate these threats in order to protect their interests. With the continuous development of wireless communication technology, the application of wireless communication networks has not only penetrated into many sectors of the national economy, such as national defense, scientific research, and healthcare, but has also permeated the daily lives of countless households. The more widespread the application of wireless communication networks, the more important their security becomes. This article only describes the characteristics and features of security vulnerabilities and security technologies in secure mobile communication networks for the benefit of readers.
