Retrofitting Mutual Authentication to GSM Using RAND Hijacking

  • Mohammed Shafiul Alam Khan
  • Chris J. Mitchell
Conference paper

DOI: 10.1007/978-3-319-46598-2_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)
Cite this paper as:
Khan M.S.A., Mitchell C.J. (2016) Retrofitting Mutual Authentication to GSM Using RAND Hijacking. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham


As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.


GSM Mutual authentication SIM application toolkit RAND 

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Mohammed Shafiul Alam Khan
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEgham, SurreyUK

Personalised recommendations