What are the three established security techniques in a mobile network, and what is the first attack vector they defend?
The three techniques are: (1) a SIM card with an identification number and key for authentication, (2) encryption of the communication, and (3) position anonymization via a temporary subscriber identity. They defend the link between the handset and the point where traffic enters the fixed network.
* The three GSM security techniques and what each provides. *
The first attack vector: the stretch between the mobile device and the feed into the fixed network (i.e., the radio path to/through the base station). The two classic threats there are:
- Unauthorized telephony (impersonating a paying subscriber)
- Eavesdropping on the transmission
The three established defenses:
| # | Technique | Purpose |
|---|---|---|
| 1 | SIM card with identification number + key | Authentication of the subscriber |
| 2 | Encryption of the communication | Confidentiality over the air |
| 3 | Temporary subscriber identity | Position anonymization against third parties |
Why temporary identities matter: if the phone always broadcast its permanent identity (IMSI), anyone listening could build a movement profile. A rotating temporary identity (TMSI) breaks that linkability — defense #3 protects privacy, not just confidentiality.
Go deeper:
GSM (Wikipedia) — the system that introduced SIM authentication, over-the-air encryption, and TMSI, and the architecture they sit in.