Charles Brookson OBE CEng FIET FRSA
I chaired the CEPT Algorithm Expert Group for GSM mobile back in 1986, to design the processes for technical security, part of the Security Expert Group chaired by Thomas Haug. I then worked in Security Standards Groups such as ETSI, SMG and 3GPP. My career was with BT, one2one, UK Government and Consultancy, where I still tinker with mobile standards. For accidental reasons, I’ve been involved in security algorithms and protocols since the late 1970’s.
We took the business model first in GSM:
UK Operators could not sell direct to the public, only through retailers, to encourage retail competition. We had to come up with a secure design that allowed the Operators to sell subscriptions, and the retailers to sell phones. Of course, this model has radically changed since then.
I’ve always designed security with how they are used in the real world, and work out who trusts who, and what parts need to be secured against any possible threats.
I’d had plenty of experience of poor security in the manufacture and design of analogue mobile phones, so we wanted the security under the total control of the Operator, and we came up with the physically secure SIM smart card (we’d already been using tokens and cards in British Telecom BT for security, so it was an obvious answer).
Then we looked at the security threats:
I didn’t want any Operator to have to trust the security of any other Operator, so we came up with the idea of putting your own algorithms on the SIM card, and not sharing it, only passing the means (using triplets) to other Operators.
By this method we prevented any other Operator from being able to defraud others. I wanted this, as I had seen this happening in BT, with rogue payment requests and funny happenings from other Operators and Countries.
Then we had the practicalities, nobody thought we needed security:
I was told that security was not really that important at all, which I also strongly disagreed with. After all, we had seen all the cloning issues of ESN and MIN on analogue mobile systems such as TACs (1G). The decision makers didn’t want to pay for security back in those days, or even these days, except when forced by regulation! Isn’t it strange how many businesses take security seriously after a hack or fraud has occurred?
I also wanted some level of privacy, to stop eavesdropping (we’d had cases of eavesdropping of our UK Royal family for example), but we were told that this was not very important and should have minimal impact on the silicon. We came up with privacy algorithms that could meet export control requirements (42-bit keys for then COCOM regulations), last about ten years, and be made using 2000 to 3000 transistors.
I was told that we wanted a way of checking the type-approval for regulatory purposes, so only tested devices could be used on networks (this was legal requirement in Denmark for example). We came up with the IMEI, a serial number for each mobile, which could be easily inserted at the factory.
In pursuit of privacy, so we came up with the idea of a temporary identifier used over the air (TMSI), and this sort of worked quite well (it does default to the real one or IMSI on set up).
Finally, we were told all of this was to have no impact on call set up time or complexity, so we were not able to add the third handshake to allow mutual authentication. This was to prove a big mistake. Base stations would always be expensive I was told, and so it was just not required, as who would ever be able to replicate their own base station! (The complexity fallacy in Security I’ve heard many times: “This will never be broken because it is too expensive and complex …”).
The result of all this?
In the early 1990’s we had a GSM security system that was designed for half a dozen countries, and it worked well for the first ten years. It then grew and was adopted worldwide as GSM became the De Facto global standard.
Then we had a succession of evolutions from GPRS and EDGE, to 3G, 4G and 5G. All the time we just built on what had already been designed, without questioning the rationale. Backward compatibility was king!
I chaired the GSM Association Security Group for the first 25 years of its existence, and after the first ten years I spent the rest of my career putting sticking plaster solutions on the various technical requirements to ensure that they creaked along, as the security gradually fell apart.
For example, we had to get Operators to sign disclaimers that they were adopting insecure algorithms, when they insisted on using the example default authentication algorithm which had already been broken. Then they were surprised that their authentication had been broken and their SIM Cards cloned! I suspect that many just did not care or have enough technical people or knowledge to even understand that they needed to design their own, our original design intention.
We now have electronic SIMs, which are based on hardware provided by mobile device manufacturers, so now the inherent security is no longer controlled by the Operator. It also breaks my rule of not trusting devices, especially mass-produced electronic consumer equipment.
We had to remove support for the older privacy algorithms from handsets, even when we’d seen many open papers from hackers on them being broken, to force Operators to put in newer ones. There was no real will to change the algorithms after 20 years of service, well after their “best-before-end” date of the designed 10 years.
We spent many years in Standards groups looking at how we could put back in mutual authentication (I have the original 1987 papers showing that we had it in, but of course it got rejected by those who did not understand why we needed it). This led to all the false base station attacks and bidding down of algorithms – because with no mutual authentication the mobile must trust the network. Interestingly, one variation of GSM did not use authentication at all (to speed up the process). It made very little difference to the speed at set up and scares me every time I think about it (it still exists).
The IMEI was then used to prevent stolen phones by law enforcement and governments, so there was now a financial incentive by criminals to change it. This led to even more Standards work to try and fix it, which has not really been resolved. A case of using something for a purpose it was not intended for, and therefore criminals would put more resources put into breaking it, and then break the whole rationale of the original design (aided by manufacturers with insecure IMEIs in their hardware).
Finally, of course, the whole business model is now multifarious, not that anyone seems to think about this aspect. Operators now sell mobiles direct and through shops, we have Virtual Operators (MVNO), we have private networks and so on. It seems that nobody designs security against a business models for mobile, it’s just presented as a recipe, and you try and pick and choose ingredients that you might force to fit your needs.
So, we do need a revolution?
Yes, we most certainly do! 6G and beyond needs radical new thinking!
We have gaily carried on using old principles and business models (even though we have moved on) without much original thinking. I rarely see business models or threat analysis associated with any security thinking for mobile networks. We are still using protocols, signalling systems and concepts that are almost 40 years old, and using them to evolve systems for the next 20 years.
My cynical thought is that this suits everyone involved, and they just to have tinker with what they have, and then they can tell the world they can throw out the old and buy something shiny and new!
It’s my contention the foundation stones that we are basing the evolution to 6G are broken, or no longer relevant. We need a radical rethink to make something new that is useful for what we now need. We did that with GSM (the first time we really used encryption on a public system, and had open interfaces, and many other things). We need to do that again ….
Like everyone in history who spreads thoughts against conventional wisdom, I expect to be labelled a heretic by reactionary forces who don’t want to change.
But I’m going to fight for my cause, even though it may end up with being burnt at the stake … to this end I’ve proposed a new ETSI White paper (which has been accepted by TC CYBER Committee) on this subject to help shape thinking for future security. That way it will be free for everyone to read, and not behind a pay wall.
Let’s all work together: I’m sure we can succeed and create a new security system fit for the bright 6G world!
If you would like to discuss 6G and any related topics please feel free to contact us