Ciphering in Gprs Encryption in 3g Packet Data Networks

¶ … General Packet Radio Services (GPRS) is a service used in the provision of packet radio access for the GSM (for Global System for Mobile Communications) users [1].In regard to the wireless component, the GPRS technology makes a reservation of the radio resources only in instances when there are instances of data to be sent over its infrastructure. This therefore ensures that the radio resources are optimized. The fixed part of the GPRS infrastructure employs Internet Protocol (IP) technology as is usually connected to the general public internet. By taking advantage of these resources, the GPRS infrastructure manages to provide a variety of applications and services that are packet-oriented to the mobile end-users and therefore making a reality the concept of mobile internet services. For the successful implementation of these services as well as other news immerging services and applications over the GPRS infrastructure, security is paramount [2].This is due to the fact that the wireless component of the GPRS infrastructure is inherently insecure and the concept of radio transmission is naturally more susceptible to cases of fraud and eavesdropping when employed as compared to the wireless transmission. Additionally, the reality of user mobility as well as the possibility of universal access to the GPRS network infrastructure means that there are higher levels of security risks as compared to the ones that the fixed networks are prone to. In order to realize the security objectives, the GPRS infrastructure employs as special security architecture that aims at the protection of the network resources against unauthorized access while also ensuring the privacy of the users. The GPRS security architecture is however based on the security measures that are used in the GSM systems. This is due to the fact that GPRS is a system that is based on the GSM infrastructure. On the basis of this consideration, a large number of extant literature on mobile security in the realm of second-generation (2G) mobile networks makes a due references to GSM technology [2].These literature are considered to apply to GPRS systems too. GPRS systems differ from the GSM ones in certain services as well as operational points, factors which required totally different security analysis. This is mainly because the GPRS system is based on IP technology, an open as well as widely deployed technology that is inherently exposed to various vulnerability points. At the same time, intruders to the existing GPRS services and applications may take advantages of the vulnerability within the IP system in breaching the confidentiality, integrity, availability of the system in order to compromise the services as well as defraud the system users. GPRS systems are therefore exposed to intruders at a greater level that the GSM systems.

In this paper, we present an elaborate discussion of Ciphering in GPRS systems as well as encryption in 3G data networks. The paper also contains a proposal of an algorithm about Ciphering and Encryption, and how to use the AES algorithm with GPRS networks using 256 bits key, and why should use Encryption to send data using 3G Packet data Networks.

The status of GPRS

Within its simplest form General Packet Radio Service (GPRS) is noted to lie between the Global System for Mobile Communication (GSM) and the third generation (3G) mobile networks. The development of the GPRS systems has seen a rapid growth and has seen it being the most popular technology in the wireless communication arena. In this chapter, we present a brief history of GPRS while also pointing out the security issues that affects GPRS network infrastructure.

Figure 1. The status of GPRS-GPRS lies between 3G and GSM network.

Background

A review of the background of the mobile wireless communications reveals that the general lack of reliable security mechanisms can be attributed to the rapid pace of development in the GPRS technology arena. The unfortunate fact that wireless technology spreads quite fact has meant that these breaches have become numerous with the general attraction of several hackers. In this section, were investigate the primitive leaks in the GPRS security.

The very first single cell mobile service began sometime in the 1940s [4] with an evolution to the first and second generation mobile telephone services in the later years.

GPRS is therefore very powerful system that is in actual sense an improvement of the GSM technology. GPRS is based on the original GSM architecture. The knowledge of GSM architecture is therefore necessary for the understanding of the GPRS architecture.

In the early years of 1980s, the application of cellular telephone systems were seeing a rapid growth in the U.S., Japan and Europe. Every nations developed its own standard and system a fact which brought a lot of incompatibility in regard to the technology and equipment used in the cellular operations. This resulted in the underdevelopment of wireless communication as a result of the uncoordinated nature of the international telecommunication system.

As a consequence, the Conference of European Posts and Telegraphs (CEPT) organized a study group which was mandated with the creation of the pan-European public mobile system. This study group was called Groupe Special Mobile (GSM) and its was mandated in 1982 [5]. However in 1989, GMS got transferred to ETSI (European Telecommunication Standards Institute) and then became considered to be the internationally accepted standard for digital cellular telephony.

The GSM criterion system was initially implemented in 1991 upon which it was named the Global System for Mobile Communication (GSM). It shared an exact abbreviation as the work group -Groupe Special Mobile. Later on GSM networks grew all over the world from the developing countries to their developed counterparts.

Security issues in GPRS networks

Just like the GSM system, the GPRS system has several security problems. These security problems are indicated to be existence even with standard encryption being applied. The weaknesses in the GPRS infrastructure are attributed to the basic GMS infrastructure upon which it rides [6][1].In order to fully comprehend the security issues affecting the GPRS infrastructure, it is paramount that we explore the underlying security mechanisms which are employed in the operation of the GPRS systems.

The GPRS Security Architecture

In order to realize its security objectives, the GPRS system employs a standard set of security mechanism that makes part of the GPRS security architecture. The main elements of the GPRS security mechanism were originally designed for the GSM system but they have been appropriately modified in order to adapt the GPRS network as well as packet-oriented traffic [1][7]. The aims of the GPRS security architecture are to protect the GPRS network infrastructure against any sort of unauthorized access as well as to protect the users' privacy. The following components are what makes the GPRS security architecture;

1. The subscriber Identity Module (SIM);

2. The subscriber identity confidentiality;

3. The subscriber identity authentication;

4. User data as well as signaling confidentiality between the M. SGSN and the MS as well as the

5. GPRS backbone security.

The subscriber Identity Module-SIM

The SIM card marks the subscription of a given mobile user to a given network, Each and every SIM-card is related to a specific user and is unique. The SIM card has a microprocessor, persistent EPROM memory, ROM, volatile RAM as well as an I/O interface.

General Packet Radio Service (GPRS) is therefore a means of linking the internet and corporate intranet having a transmission speed of 172 kbps via the GSM framework [8]. The main aim of using GPRS is to enable subscribers to use mobile communication anywhere. GPRS technology is a solution to the need of remote working at extreme speeds, enabling companies to access Local Area Network by providing their staff Virtual Private Networks (VPN) over GPRS. Some of the services carried out may need heightened levels of security, such as financial transactions and matters of national security. In addition, GPRS faces new and immense threats since it uses IP technology and is linked to the internet. Practical securities given by GPRS are similar to those employed by GSM. Privacy, integrity and verification are among the most important services that devices and networks should offer to their users. Due to risks associated with the internet, GPRS network has placed some safety measures such as authentication and ciphering to safeguard its subscribers' data by barring unauthorized access and data privacy similar to those used by GSM network. Users of this system are recognized through a cryptographic safety mechanism that uses A3, A5 and A8 security algorithms. The only algorithm made by the GSM and is used by GPRS is A5, also known as GPRS-A5.

The A3 algorithm is used for verification procedure, the A8 algorithm is mainly employed encryption key generation, and finally the GEA3 algorithm is utilized in data confidentiality. Both A3 and as algorithms are founded on the RIJNDAEL block cipher while GEA3 algorithm on the other hand is founded on the KASUMI block cipher [9] . The functioning of the proposed RIJNDAEL block cipher realization is slightly slower than other former designs in terms of output but the implementation is compact so as to incorporate better in the user Identification Card (SIM). The GEA3 algorithm is incorporated in the mobile equipment and is used for mass encryption. So, the functional demands are numerous and an effective implementation of the KASUMI block cipher is required. The suggested GEA3 and KASUMI executions outperforms all the initial designs.

Ciphering is executed between the Mobile station (MS) and Base Station Subsystems (BSS) while GPRS ciphering is executed between MS and GPRS Support Node (SGSN) and deciphering is not executed in BSS. Subscriber validation algorithms and keys are kept in Subscriber Identioficatin Modules (SIM) of MS and GPRS authentication centers.

In order to offer IP services, SGSN and GGSN nodes are affixed to GSM framework. Connection of MS to GPRS was first carried out through the use of SGSN. The system is accountable for GPRS Mobility Management (GMM) service and distribution of packets for MS and also corresponds with Home Location Register to get user identity from GPRS. SGSN controls registration of new mobile users with the goal of documenting their Location Area (LA) for the purposes of data routing. The second node known as the gateway GPRS Support Node (GGSN) uses the GI interface / internet to enable interworking with external packet Data Networks (PDNs). It is linked to SGSN through an IP-based network through the utilization of Gn interface. GGSN performs the role of a router by sending incoming packets from the internet to the SGSN and also from SGSN to the internet.

SGSN and GGSN are basically that uses the UNIX operating system and other similar softwares to perform these functions. Development of these application softwares is carried out by a new open working group for both SGSN and GGSN.

Packet domain and routing information are found in the HLR data base and utilizes Gr interface for SGSN and Gc for interface GGSN for the purpose of exchanging user subscription services and location data.

GSM users' mobility and call setups are controlled and coordinated by the Visitors Location Register or Mobile Switching Centre [10]. MSC and SGSN communication is linked using Gs signal interface. Its main function is to forward circuit switched paging for GPRS attached MS to SGSN; therefore there is no direct involvement between MSC and GPRS network.

BSS employs Um and Gb interfaces to enable connection between radio, mobile station and network. Um is the interface linking MS to BTS while Gb links BSC to SGSN. GPRS traffic is relayed by Basic Station Controller (BSC) which also doubles up in function by performing call switching capabilities. MS identities are kept in the Equipment Identity Register (EIR). SGSN employs Gf signal interface to correspond with EIR for GPRS equipment check.

GPRS security systems are put into operations in SIM card and network Authentication Centre (Auc). The information stored in the systems, keys and logarithms include; Ki, that is a 128 bit subscriber identification password; GPRS-KC, which is a 64 bit ciphering key used in precluding eavesdropping for every connection; A3/A8 Algorithms and IMSI, which are found in SIM and AuC and are used to create validation and ciphering keys; P-TMSI (Packet Temporary Mobile Subscriber Identity), that acts as a temporary user number identifier for subscriber in air interface towards the network to safeguard IMSI number. It also inhibits identification of GPRS user by potential dropper. P-TMSI is used in updating location and is assigned by SGSN which may also frequently reallocate P-TMSI to MS. And GPRS-A5, which ciphers data and is applied in MS and SGSN. The network safety of GPRS network is founded on GSM. The major difference between the systems is the presence of the GPRS backbone, and the availability of packet data. This results in a transformation in the way that radio interface encryption is carried out in GPRS. GSM encipherment is executed at radio burst levels, after coding of the file has been carried out and modulated on the air interface. This is the possible nethermost layer and constrains between the mobile station and base station and can only be done in circuit switched connection where time slot is often allocated to one mobile terminal.In GPRS a single radio resource is distributed to numerous mobile stations.The present GSM base stations can not handle with key management setbacks brought by these, thereby making encryption to be possible at LLC levels instead. LLC terminates in SGSN instead of BTS in order to enable GPRS to navigate the whole base station subsystem hence no transformations are required in BTSes. In GSM all data interchanges are circuit-switched to ensure permanent data flow in a stream of bits. This offers itself well for a cipher stream that is initialized in the beginning of the stream.

The difficulty related with packet data is parallel to that of IPsec. In IPsec encryption is employed at the IP packet level [11]. Packets may be present out of order or get lost, but the receiver must be capable of decrypting successfully all the packets obtained. Therefore data encipherment can not rely on previously received packets.

Packet rearrangement does not occur at the SGSN or mobile terminal making it only possible to decrypt them in the order they are delivered, When utilizing a cipher stream, whose output is established by the amount of input bytes, or block cipher, whose output is dependent on early input, data loss ends in desynch between the sender and the recipient, due to unreliable block sizes.

Ciphering is a duty carried out by the Logic Link Control (LLC) protocol that is transported between MS and SGSN [12]. The base station does not decipher the LLC information. This simply means that ciphered information is transferred to the SGSN node of the GPRS network.

Any connection initiated by MS to Gprs network has to be validated before being granted access. GPRS validation is executed at the beginning of; a routing location update; GPRS attach or detach and GPRS packet transfer. The initial validation procedure was aimed at safeguarding users from hackers who would illegally use the network through stealing and using their identities. GPRS operators' aim is to identify whoever tries to instigate connection with the network. They are therefore able to identify valid subscribers with SIM cards that have authentic Ki keys. The process must take place without Ki being sent to radio interface. SGSN in conjunction with AuC and MS initiates and controls the validation process. GPRS attaching involves the sending the subscribers' IMSI by SGSN to AuC to request triplets.. A triplet is a combination of three keys namely, RAND, SRES, and Kc. Rand is a 128 bit number that is indiscriminately generated for the provision of triplets. SRES is an A3 created 32 bit number, used as a MS digital signature. GPRS-Kc on the other hand is a 64 bit ciphering key that is created by A8 algorithm. KI and RAND are employed by both A3 andA8 algorithms as input parameters [13].

After Auc has obtained triplets. SGSN sends RAND number to MS for verification. SIM creates SRES based on Ki and Rand using A3 algorithm. MS then conveys its SRES value to SGSN that evaluates it with SRES generated by AuC. The agreement of both values is an indication of successful validation. Each execution of A3 algorithm is performed with new RAND value that can never be predetermined. This ensures that recording of channel transmission and playing it back is not used to forge identity. It must however be noted that all the information sent to radio interface are encrypted as ciphering only occur after authentication. This compromise information safety as someone can intercept RAND and SRES during transmission over the radio interface.

On successful completion of Verification process, a message was sent by SGSN and at the time of reception of the message from MS a response message is sent back to SGSN with instruction to commence ciphering . This process requires a ciphering key and algorithm. Fixed networks' SGNS have a GPRS Kc key as the ciphering key and GPRS A5 as the ciphering algorithm. SGNS obtains GPRS KC-key from Auc as part of the triplets, while MS on the other hand creates GPRS KC-key in SIM after obtaining RAND from the network. Although there is similarity in the choice of the ciphering key by both GPRS and GSM, there are also differences in ciphering between GSM and GPRS, for example, in GPRS ciphering is executed between MS and BTS and applies one of the three versions of A5 (A5-0, A5-1 and A5-2) depending on the ciphering levels permitted. In GPRS ciphering is conducted between MS and SGSN using a new version of A5 that is meant for packet data transmission [14]. GPRS ciphering algorithm A5 uses Kc key and two more parameters known as input and direction to safeguarding user data confidentiality. Incase GPRS Kc was the only available input parameter, then ciphering bit sequence (Ciph-S) would be the same for all GPRS sessions. Input parameter relies on LLC frame number, while direction parameter relies on the data transmission direction. As a result, all LLC frames are ciphered using totally different Ciph-S that has the same length as the frame being ciphered. Lengths of LLC frames varies and may be up to a maximum of 1523 octets long. SGSN must therefore frequently LLC frame number to MS in order to stay synchronized.

At the beginning of ciphering, there is communication between layer 3 entity and LLC layer on the suitable Kc and ciphering algorithms to be utilized. It is also a possible to point out that no ciphering will take place as this is an alternative as algorithm assortment is carried out by the network. The algorithm to be applied is chosen from a collection of algorithms assisted by the mobile station. The MS displays its collection of algorithms to the network during verification. The LLC layer then instigates the encryption algorithm using Kc, direction bit and a unique input parameter. The direction bit is mainly used to denote if the current key stream will be utilized for both up and down stream communications as a different key stream is used by the given directions. The unique input parameter is added with the aim of ciphering all LLC frames with a different set of key streams. This parameter is computed from the LLC frame number, a frame counter and a value given by SGSN known as input offset value (IOV). IOV is negotiated at the time of bargain between LLC layer and layer 3 parameter negotiations [15].

LLC frames that are ciphered exists in two types, namely, I and UI frames. I frames are used for substantiated information transfer, that is, received information is recognized. UI frames on hthe other hand are used for authenticated information exchange and has no sequence number verification. Lost UI frames are not shown to layer 3. Encipherment varies among the frame types. Both frames utilize their IOV, known as I-IOV and UI-IOV respectively. Due to lack of sequence number check by UI, UI-IOV defaults to a permanent number of zero, although it can be bargained at the time of LLC parameter bargaining. The encipherment encompasses information and a frame check sequence fields.The LLC frame includes control fields a nd addresses outside the encrypted segment.

In the case of UI frames, the decision to send or not to send the encrypted frame is performed by the upper layer. Received encrypted frames are signified by a flag while UI frames had an E. bit to provide proof of existence to the LLC peer.

The first observable similarity in networks having 3G serving node (3G-SGSN) and 3G gateway node (3G-GGSN) is the core network which is analogous to that of GPRS.The SIM card is known as USIM and the base station is now by owned by a bigger entity called UTRAN (UMTS terrestrial radio access network), that communicates to GSM base station subsystem. UTRAN network consists of radio network controllers (RNCs) and Node B. Determine by channel, the RLC modus operandi is either Node B. Or controlling RNC [16].

Optimized Parallel and Energy-Efficient Implementation of SNOW 3G for LTE Mobile Device.

Long-Term Evolution (LTE) communication systems assists high data exchange rates of up to 100 Mbit/s. Cryptographic algorithms applied in data encryption and decryption in these systems are exemplified by their high calculation, complexity and long implementation times. A study of the LTE protocol stack in indicates that processing a transport block within an Inter-arrival duration of I ms requires that the ciphering operation does not go beyond 0.6 ms. In addition to their timing rerstriction, ciphering algorithms must be performed effectively in terms of energy usage as mobile phones have a limited battery lifetime.

Like other ciphering algorithms, SNOW 3G is traditionally executed as a dedicated hardware. Software execution, however, permits for reuse of computing resources and offers flexibility required to assist multiple cellular standards. In addition, it permits the application of multi-core processors, that are anticipated to be used in future mobile phones. They could enhance system operation and/or reduce power use. However, the economical division of an algorithm for parallel processing is challenging and calls for a careful study of an algorithm's internals. The suggested parallel design is then reviewed against the serial implementation with respect to effecting time and energy rate.

Ciphering and deciphering of subscriber data is performed in the Packet Data Convergence Protocol (PDCP) sublayer of the protocol load. Evolved Packet System Encryption Algorithms (EEA I) is founded on the SNOW 3G stream cipher. Conveyed IP packets areencrypted after their header is condensed in the PDCP sublayer (upper link), whereas decryption is directed to the payload of the obtained PDCP protocol data units (downlink).SNOW 3G algorithm structure consists of three main purposes; the Linear Feedback Shift Register (LFSR); the Finite State Machine (FSM), and the feedback process. The LFSR comprises 16 chained 32 bit stages (So to SIS). In the FSM, data plottings are conducted using substitution boxes SI and S2. S2 are 32 bit to 32 bit conversions based on Rijndael's S. Box (SR) and another stipulated S-Box (SQ), respectively [17]. The algorithm is harmonized with the feedback part, which draws on the functions MULa and DIV a to bring up-to-date SIS. These functions map the least important byte

So and the most important byte of Sll into a 4-byte values, respectively [16]. SNOW 3G has two modes of function: the initialization mode and the key stream mode. During initialization, LFSR points are reorganized to the XOR arrangement of the cipher key and the transmission parameters signaled by the Radio Resource Control (RRC) sublayer. These parameters are the note long, packet count, radio bearer, and the direction of transmission (uplink/downlink). Key stream blocks are generated in the key stream mode by carrying out XORs functions between the FSM output and the So point.

The platform used for analysis is based on the ARMII MPCore processor, with nearly four cores. Each core is furnished with a LI cache memory, where cache data consistency between cores is guaranteed through the Snoop Control Unit (SCU). Interrupt lines are transmitted to an assigned

core using the Distribution Interrupt Controller (DIC). Mobile phone's boot code is plotted to the internal memory for speedy system startup, whereas the communication software is performed from a bigger, and slower, external memory. Both memories' read and write latencies (in cycles) are set as per the state of the art cellular phone platform. Other peripherals include the timer required for programming of software threads, and the UART that offers subscriber interaction with the system. on-chip buses are applied in linking the system components. The system prototype referred to above is built using CoMET from Synopsys. This instrument allows for cycle precise benchmarking of system function. As in various 90 nm system-on-chips used for mobile appliances, the platform is presumed to function with a supply voltage (V dd) in the limit of 1 to 1.4 V. In order to carry out relative power comparisons between various executions, the power is projected from the system platform at high level by tracing system occurrences, such as carried out processor instructions, cache admissions, bus transactions, and main memory entry. Power figures for various events are obtained from Cacti for memory energy consumption, in addition to vendor data sheets and previous analysis. The energy consumption of a given execution is estimated by adding the energy (Power x Latency) of all the happening events divided by the implementation duration of the algorithm [17].

The architecture of GPRS system is analogous with GSM since the backbone network of GPRS is founded on GSM communication network. After enhancing the initial weaknesses of GSM, the architecture of GPRS system is more effective and more powerful than GSM.

The GSM scope is between Base Transceiver Station (BTS) and Mobile Server (MS). This scope is only safe from attackers during in air wireless communication periods. Unfortunately, the safety measures cannot be attained as it is too thoughtless. Therefore the exhaustive range covered by GPRS is from the SGSN to the MS. The nature of GPRS traffic demands that GPRS-5 algorithm is applied in ciphering. The ciphering is executed in the Logical Link Control layer. SGSN handles GPRS-Kc independently from Mobile Switching Center.

The mobile station is also referred to as cellular phone or mobile phone. There are the most essential and simplest security tasks in it. The mobile station (MS) consists of two key elements: the mobile equipment (ME) and subscriber identification module card (SIM). In different situations, ME is divided into terminal equipment (TE) and mobile terminal (MT) [18].

The major safety task of Mobile Station is identity. International mobile equipment identity (IMEI) in Mobile Equipment as an verification card of Mobile Station is in control of the international communication terminal identity.

Two types of SIM are a fixed established chip (plug-in SIM) or a replaceable SIM module. The SIM is a safe microprocessor-based system which is executed on a credit-card-sized platform with on-board non-volatile memory. The safety features assisted by the SIM are validation of the user identity to the network, data privacy over the air interface, and file access situations.

The problem with safety issues of MS should be lost. Once mobile phone is lost, it may be retrieved by the use of IMEI and its confidential data is protected by user authentication. Mobile Station can be safeguarded from unauthorized access by collaboration of SIM and PIN (personal identification number). In the past, the chances of MS being attacked by hacker were very low. However, with the growth in the number of software viruses and programs, it becomes easy to gain access to confidential information stored in the memory of Mobile Station, such as private pictures, phone numbers and messages.

Attacking method of repeated exposure of validation key, incriminates the hackers crack privacy of subscriber data and verification data. When such situations occur, the attackers might clone SIM card with the intent of connecting and incriminating the original subscriber to a crime.

From the security viewpoint, the SGSN controls the authentication and ciphering from Mobile Station. A lot of emphasis is placed on guarded information such as session management, packet switched data, mobility management and charging information.

SGSN does not only execute ciphering but also takes care of the interaction between MSC/VLR and HLR. SGSN transmits data packets that are sent to the external network to the necessary GGSN.

The relation between SGSN and GGSN: Multiple SGSNs connection to single GGSN.

The GPRS validation processes are implemented in the SGSN. SGSN on the other hand request for the validation of MS from the HLR/AUC in communication with the IMSI of the MS. The other significant role played by SGSN it is the last data encryption station.

Authentication process of SGSN

SGSN and HLR have to constantly share verification information, and SGSN accepts the verification assisted by BSS.

GGSN is the access point of GPRS network to peripheral networks. GGSN doubles up as router for the networks IP addresses so as to enable the users of GPRS access external networks. GGSN performs the function of allocating IP to the mobile stations.

GGSN is able to gain direct access to the Internet and is the access point of GPRS to the peripheral networks. It also functions as a router and also assigns IP addresses to mobile stations. Therefore, GPRS mainly consists of SGSN and GGSN.

Due to its capability of gaining direct access to the IP addresses and direct link to domain name server (DNS), GGSN becomes vulnerable to viral and digital worm infections. Further, denial of service (DoS) or any harm caused to DNS greatly affects the functioning of GGSN. GGSN is greatly exposed to attacks by hackers. It is also connected to safe remote connections, enabling it to gain access to corporate intranet over. It has been noted that the attackers mainly hack into GPRS to alter and steal commercial information [19].

One of the key security drawbacks of GPRS is its ability to allow access to the IP data packets by anybody. This is due to undependable network and poor connection with the IP protocol. The fact that the most reliable routing path is selected for IP routing, makes it a potential target to hackers as they can predict the flow of data packets before carrying out an attack. Even though IPsec has been applied in attempts to secure privacy and integrity of IP in a bid to cover up its limitations, it is unable to perform this function due to the high overhead costs involved. GPRS safety and IP networks safety relies on their dependability on each other.

GPRS IP packet data faces the same threats as IP applications. This makes it possible for attackers to manipulate the safety measures applied through causing traffic, denial of services, eavesdropping, camouflaging and falsification. Focus is given to IP safety and GPRS IP components such as Domain Name Server (DNS), GGSN and Network Management Station. Due to threats to safety of GPRS and IP. The researcher have proposed the following solutions to the problem;

Encryption

Only encrypted information from the MS to the SGSN should be used to administer the network.

Authentication

Managing connections including reliable MS have to use strong authentication method.

Firewalls

Dependable and safe firewall solutions are evaluated and chosen from leading firms to ensure network gateways performance and reliability on safety policies.