Information Security Enhancement by Increasing Randomness of Stream Ciphers in GSM

— Information security is a crucial issue and needs to be addressed efficiently. Encryption of the original information is used to ensure privacy during exchange of information. In GSM (Global System for Mobile) standard, once the voice traffic initiates after signaling, encryption comes into the picture to ensure privacy during the call, after authentication. Here in this process, the plaintext is encrypted in to cipher-text using stream ciphers. For stronger security, strong ciphers with strong randomness are required. Linear Feedback Shift Registers (LFSRs) based A5 algorithm family is used for encryption in GSM. There are many shortcomings of this cipher and with these, privacy can’t be assured. Some ways are proposed in this paper to ensure better security by enhancing the randomness of the generated bit stream being used for encryption. These are incorporation of user’s current location, reuse of already generated 32 bit SRES during authentication process and conversion of linear FSRs into nonlinear FSRs. Statistical Test Suite NIST is used to test the various properties of random bit stream and an attempt has been made to achieve better randomness, hence more security.


I. INTRODUCTION
Although with the advancement of technology, many vulnerabilities of security threats of GSM have been addressed in EDGE, 3G (HPA/HSDPA) & 4G (LTE) but this is still relevant as large number of people use GSM specially in rural areas. In addition to this, stream ciphers are used in many other wireless applications like modems / routers, smart appliances & security devices. Few algorithms like A3, A8 & A5 are used in GSM for authentication & encryption process over A bis air interface between user mobile (MS) and base station (BS). The details of inputs, outputs & use of these algorithms are described in Table I. Here the SRES is Signed Response of 32 bits, K c is a 64 bits Cipher Key and RAND is a 128 bits random number. Fig. 1 shows that the combination of K c , RAND and SRES is called -Triplet‖.
A5 is mainly responsible for encryption as shown in Fig. 2.
Here by using Cipher Key K c of 64 bits along with TDMA Frame number F n , a 228 bits pseudo random number PRAN is generated which is XORed with 228 bits plain-text in bit-bybit manner to get cipher-text. This cipher form of information after encryption is finally transmitted over the air interface between the user mobile station & base station. Two stage security, i.e. -Authentication‖ & -Encryption‖ is implemented in GSM. Initially, the access of the network resources is granted to any new or existing subscriber on its request after authentication process on every location update.
During this -Authentication Process‖, the core network challenges MS and in response to this, MS sends SRES. This is matched with the SRES available with itself and grants the access on matching only as described in Fig. 3. After getting the access of the network, the encryption process takes place to ensure the privacy during the call. Here in this process, the plaintext is encrypted in to cipher-text using stream ciphers of A5/1 algorithm. In the same way, decryption occurs at the other end to reconstruct the original information.
As the transmission of information is bursty in nature in GSM, the 114 bit frame sequence in downlink (BS to MS) & the same way a 114 bit frame sequence in uplink (MS to BS) is transmitted every 4.6 milliseconds. K c is produced and mixed with a publically known TDMA frame number Fn for each frame for every new voice call.
Many cryptanalysts proved that due to weaknesses of this stream cipher, information security can be compromised in GSM [25,28,29]. These weaknesses are:
Using an improved clocking system with a combinational function of high correlation immunity and high algebraic degree, the security can be increased [6,11].
Logisim simulator (primarily developed by Dr. Carl Burch) is used to realize the structure of the proposed A5/1 algorithm and its randomness parameters are analyzed by NIST Suite [7]. Brief description about the internal structure of A5/1 is given in Section II, modifications are proposed in Section III, observations and randomness analysis is given in Section IV and Section V concludes the results.

II. INTERNAL STRUCTURE OF A5/1
It has three Linear Feedback Shift Registers (LFSRs) of different bit lengths to generate a pseudo random binary stream. The total bit length of this cipher is 64 bits in which LFSR-1 (R1) has 19 bits, LFSR-2 (R2) has 22 bits, and LFSR-3 (R3) has 23 bits as depicted in Fig. 4. Similarly, the single clocking taps of these registers are also predefined at tap 8, 10, and 10 for R1, R2 and R3, respectively. Bit length, clocking bit, tap bits and primitive polynomial are shown in Table II.   TABLE II.  INFORMATION TABLE FOR  The clocking mechanism of each register is decided by Majority Rule as shown in the truth table Table III below. For each cycle, only those registers will be clocked and updated whose clocking bit values have majority. The majority value m is decided by m = maj (C1,C2,C3), here C1, C2 and C3 are the clocking bits of all three registers.
In simple words, -at least two out of three‖ is the majority rule i.e. the majority among these bits. If two or more clocking bits are 1, the majority value m will be 1, and similarly if two or more are 0, the majority value m will be 0.
Thus, in this mechanism, two or more, whose clocking bit is the equal to m, will be clocked at each clock cycle. Every register has the clocking probability of 0.75 and non-clocking probability of 0.25. The majority rule function can be realized using logic gates as shown below in Fig. 5 (Logisim simulator). All three registers are reset by setting a zero value. In next 86 cycles, K c and Fn are loaded bit by bit with regular clocking. The output ignored during initial stage of the first 100 clock cycles and during this period the irregular clocking continues for all three LFSRs as per the majority rule. Now the required random bit stream of 228 bits is obtained for 228 clock cycles [28]. The same steps are repeated for the next frame.

III. PROPOSED CIPHER
To overcome some of the problems mentioned above in previous section, the following schemes / modifications are proposed to increase the randomness: 1) MOD-I: Here in this scheme as shown in Fig. 6, the nonlinearity is introduced in the feedback path of the shift registers by adding universal gates. Thus, the LFSRs have been converted into NLFSRs. By this, the randomness of the generated bit stream will be improved. Polynomial equations of this MOD-I scheme will have the impact of NAND and NOR logic gates in it.
2) MOD-II: Here in this scheme, the 32 bit SRES is reused in the feedback path of the shift registers, which is already generated during the authentication process by A3 algorithm, as shown in Fig. 7. The SRES is XOR'ed in the feedback unit of LFSR through a NAND gate on bit by bit basis. This scheme reuses the output of another algorithm, hence increases the randomness of the cipher key.

3) MOD-III:
The user location is mixed with the bit stream generated using XOR (only last 32 bits). This works as a key feature as generally users have different locations and intruders cannot crack it easily. This is very important proposal, because the location of each individual user is not known to intruders and many times dynamic in nature. The CGI changes with the movement of the user and this makes the bit stream more complex. The idea is shown in Fig. 8.

4) MOD-C:
In this, all the above three modifications are combined to get the simultaneous impact of all above modifications.
The idea of combining all three modifications is shown in Fig. 9.
The proposed A5/1 cipher is realized and simulated in Logisim as shown in Fig. 10

IV. OBSERVATIONS AND RANDOMNESS ANALYSIS
In a broader sense, the randomness of a data set is the lack of predictability, i.e. more uncertainty or more entropy. If a data set has more randomness means it has more encryption capability, hence more security. Such tests are carried out to check recognizable or repetitive patterns in any data set under test. Randomness is related to the theory of information entropy, probability, and chance. Entropy is a measuring tool for randomness.
NIST Suite is a statistical test suite based on Linux operating system and is used for statistical parameters testing of the output bit stream of both the actual and proposed scheme of A5/1 cipher. This test suite is also used in various cryptographic applications [7]. Performance comparison has also been done between these two with respect to various parameters. Following are the main tests which were carried out for the randomness test:

1) The frequency test (monobit & within a block):
It tests the balance of 0's and 1's in the bit stream. The equilibrium between 0's and 1's should be maintained for a perfectly random data set. Therefore, the probability of availability of 0's and 1's should be close to 0.5 [7].
2) The cumulative sums test (cusums): It tests the randomness of a sequence of 0's and 1's which are called -random walks‖ or -partial sequences‖. It tells that the sum of the partial sequences is too large or too small [7].
3) The runs test: It analyzes the occurrence of similar patterns that are separated by different patterns [7].
4) The DFT (spectral) test: It finds out the patterns which are periodic in nature in a random bit sequence. The repetitive or periodic patterns close to each other are detected in this test [7].
6) The linear complexity test: It is directly related to the bit length of the LFSRs used to generate the random bit stream [7].
The P-value parameter is defined for all these tests in NIST suite. It shows the probability of a bit stream of being random in nature. For an ideal random bit set, this P-value is 1 and if it is 0, then the bit stream is completely nonrandom. Thus, a higher value or close to 1 is desirable. Different sizes of data (up to 10,000 blocks of 114 bit i.e. 10,000 x 114 =10, 00,000 consecutive bits) are used during the statistical tests both for the actual and proposed cipher [28]. The observations of different tests conducted upon the generated bit stream are as follows: As the LFSRs of the actual cipher have been converted into NLFSRs in MOD-I scheme, we see a slight increase in the P-values of various tests. The 32 bit SRES is reused in feedback path of the shift registers in MOD-II and again slight increment in the P-values of various tests. As the last 32 bits of current location (CGI) of the user incorporated in output bit stream the slight increment in the P-values of various tests can be observed I MOD-III. Because all proposed modifications are implemented here simultaneously in MOD-C, a huge increase in the P-values of various tests can be observed.
The details of observations of different sizes of the data set are also provided in Table V for this MOD-C scheme. An effort is made in this paper to improve the randomness by making three modifications MOD-I, II, & III and then comparing the NIST test results. These modifications are the incorporation of nonlinearity I feedback path of LFSRs, reusing the SRES of A3, and inclusion of current CGI of the user, respectively to improve the entropy. After that, all three modifications are implemented simultaneously in a combined manner to achieve better results. These are the major improvements and contributions in the proposed cipher scheme.
The weakness issues mentioned in early part of this paper are addressed significantly by these proposed schemes. Simulation & testing results confirmed it.
The test results of MOD-C scheme for different data sizes as shown in Table V and depicted in graphical form in Fig. 11 above. The P-values of all the tests of proposed A5/1 have been increased by a significant value in comparison with the original A5/1 cipher. For better randomness, higher P-values are desired and better randomness means stronger encryption and enhanced security. Therefore, as per the observations and test results, it is concluded that the proposed scheme of cipher is having better security against the cryptographic attacks with respect to the actual A5/1 cipher due to increased randomness (at the cost of slight increment in hardware).