DOC RABE Media - Fotolia
We hear a lot about Wi-Fi security, but I'd like to know how secure cellular data transmission is. How do 3G or 4G cellular network operators implement security?
Cellular technologies have evolved over the years, along with the security measures used to protect voice and data traffic. Second-generation (2G) GSM encryption was cracked long ago, but 3G UMTS and HSPA technologies made significant improvements, and 4G LTE offers further advances.
GSM introduced Subscriber Identity Module (SIM) card authentication to let cellular network operators authenticate user devices, deterring fraudulent calls. GSM also supported optional A5/1 encryption to protect user voice and data traffic over the airlink, and it was designed to stop eavesdroppers from using GSM traffic to track a user's location. Unfortunately, even GSM encrypted traffic could be recorded and decoded using tools such as GnuRadio and Kraken.
GSM was the starting point for 3G technologies, which were enhanced to correct weaknesses and improve cellular data security. Specifically, 3GPP security standards use Universal SIM cards and authentication and key agreement protocols for strong mutual authentication, letting subscribers ensure they connect to an authentic, secure cellular network. In addition, 3GPP added mandatory integrity protection for signaling messages, deterring connection hijacking. A new encryption algorithm, known as f8, and longer keys were also introduced to deter eavesdropping on signaling or user messages sent over the airlink.
The security of 4G LTE cellular data transmission goes even further, as defined by the 3GPP TS 33.401 standard. LTE adds a Universal Integrated Circuit Card token to provide hardware storage for sensitive information, including keys and the International Mobile Subscriber Identity. LTE uses AKA for mutual authentication and generating keys for confidentiality and integrity, now provided as multiple levels throughout LTE. For example, LTE can now use three algorithms for airlink encryption: AES, SNOW 3G or ZUC. In addition, IPsec tunnels can be used to protect the confidentiality of LTE traffic backhauled from node to node within the operator's network.
User data confidentiality remains a network operator option, however, even in LTE. And renegotiation attacks can be used to downgrade from LTE to GSM encryption if the handset does not insist upon LTE. For more technical detail about the security protocols around 4G cellular data transmission, see NIST's "LTE Security – How Good Is It?" presentation.
Ultimately, network subscribers have relatively little control over cellular data security. They do, however, have some control over which generation of cellular technology they use. Replacing an older smartphone with a newer LTE-capable device is a good start to better secure cellular data. But be aware that vital measures, such as airlink encryption, can still be downgraded or absent, especially when roaming. For this reason, it's always a good idea to add end-to-end security measures, such as HTTPS or VPN, when sending sensitive data over cellular networks.
Do consumers still care about GSM vs. CDMA?
LTE-Advanced networks will help carriers meet skyrocketing bandwidth needs.
Per-app VPNs can protect against mobile threats.
Dig Deeper on Enterprise mobile security
Related Q&A from Lisa Phifer
Licensed and unlicensed frequency bands serve different purposes for wireless communications. Find out the differences between the two bands and the ... Continue Reading
As the remote workforce increases, network managers and users might opt to set up two concurrent VPN connections from the same remote device. But ... Continue Reading
Is there a difference between a wireless access point vs. a router? Yes -- while the two wireless devices are related, they meet different needs in a... Continue Reading