We hear a lot about Wi-Fi security, but I'd like to know how secure cellular data transmission is. How do 3G or...
4G cellular network operators implement security?
Cellular technologies have evolved over the years, along with the security measures used to protect voice and data traffic. Second-generation (2G) GSM encryption was cracked long ago, but 3G UMTS and HSPA technologies made significant improvements, and 4G LTE offers further advances.
GSM introduced Subscriber Identity Module (SIM) card authentication to let cellular network operators authenticate user devices, deterring fraudulent calls. GSM also supported optional A5/1 encryption to protect user voice and data traffic over the airlink, and it was designed to stop eavesdroppers from using GSM traffic to track a user's location. Unfortunately, even GSM encrypted traffic could be recorded and decoded using tools such as GnuRadio and Kraken.
GSM was the starting point for 3G technologies, which were enhanced to correct weaknesses and improve cellular data security. Specifically, 3GPP security standards use Universal SIM cards and authentication and key agreement protocols for strong mutual authentication, letting subscribers ensure they connect to an authentic, secure cellular network. In addition, 3GPP added mandatory integrity protection for signaling messages, deterring connection hijacking. A new encryption algorithm, known as f8, and longer keys were also introduced to deter eavesdropping on signaling or user messages sent over the airlink.
The security of 4G LTE cellular data transmission goes even further, as defined by the 3GPP TS 33.401 standard. LTE adds a Universal Integrated Circuit Card token to provide hardware storage for sensitive information, including keys and the International Mobile Subscriber Identity. LTE uses AKA for mutual authentication and generating keys for confidentiality and integrity, now provided as multiple levels throughout LTE. For example, LTE can now use three algorithms for airlink encryption: AES, SNOW 3G or ZUC. In addition, IPsec tunnels can be used to protect the confidentiality of LTE traffic backhauled from node to node within the operator's network.
User data confidentiality remains a network operator option, however, even in LTE. And renegotiation attacks can be used to downgrade from LTE to GSM encryption if the handset does not insist upon LTE. For more technical detail about the security protocols around 4G cellular data transmission, see NIST's "LTE Security – How Good Is It?" presentation.
Ultimately, network subscribers have relatively little control over cellular data security. They do, however, have some control over which generation of cellular technology they use. Replacing an older smartphone with a newer LTE-capable device is a good start to better secure cellular data. But be aware that vital measures, such as airlink encryption, can still be downgraded or absent, especially when roaming. For this reason, it's always a good idea to add end-to-end security measures, such as HTTPS or VPN, when sending sensitive data over cellular networks.
Do consumers still care about GSM vs. CDMA?
LTE-Advanced networks will help carriers meet skyrocketing bandwidth needs.
Per-app VPNs can protect against mobile threats.
Dig Deeper on Enterprise mobile security
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.