Gaussian Minimum Shift Keying (GMSK) is a form of modulation used in a variety of digital radio communications systems. It has advantages of being able to carry digital modulation while still using the spectrum efficiently. One of the problems with other forms of phase shift keying is that the sidebands extend outwards from the main carrier and these can cause interference to other radio communications systems using nearby channels.
In view of the efficient use of the spectrum in this way, GMSK modulation has been used in a number of radio communications applications. Possibly the most widely used is the GSM cellular technology which is used worldwide and has well over 3 billion subscribers.
GMSK modulation is based on MSK, which is itself a form of phase shift keying. One of the problems with standard forms of PSK is that sidebands extend out from the carrier. To overcome this, MSK and its derivative GMSK can be used.
MSK and also GMSK modulation are what is known as a continuous phase scheme. Here there are no phase discontinuities because the frequency changes occur at the carrier zero crossing points. This arises as a result of the unique factor of MSK that the frequency difference between the logical one and logical zero states is always equal to half the data rate. This can be expressed in terms of the modulation index, and it is always equal to 0.5.
MSK modulation
Signal using MSK modulation
A plot of the spectrum of an MSK signal shows sidebands extending well beyond a bandwidth equal to the data rate. This can be reduced by passing the modulating signal through a low pass filter prior to applying it to the carrier. The requirements for the filter are that it should have a sharp cut-off, narrow bandwidth and its impulse response should show no overshoot. The ideal filter is known as a Gaussian filter which has a Gaussian shaped response to an impulse and no ringing. In this way the basic MSK signal is converted to GMSK modulation.
Spectral density of MSK and GMSK signals
Spectral density of MSK and GMSK signals
Generating GMSK modulation
There are two main ways in which GMSK modulation can be generated. The most obvious way is to filter the modulating signal using a Gaussian filter and then apply this to a frequency modulator where the modulation index is set to 0.5. This method is very simple and straightforward but it has the drawback that the modulation index must exactly equal 0.5. In practice this analogue method is not suitable because component tolerances drift and cannot be set exactly.
Generating GMSK using a Gaussian filter and VCO
Generating GMSK using a Gaussian filter and VCO
A second method is more widely used. Here what is known as a quadrature modulator is used. The term quadrature means that the phase of a signal is in quadrature or 90 degrees to another one. The quadrature modulator uses one signal that is said to be in-phase and another that is in quadrature to this. In view of the in-phase and quadrature elements this type of modulator is often said to be an I-Q modulator. Using this type of modulator the modulation index can be maintained at exactly 0.5 without the need for any settings or adjustments. This makes it much easier to use, and capable of providing the required level of performance without the need for adjustments. For demodulation the technique can be used in reverse.
Block diagram of I-Q modulator used to create GMSK
Block diagram of I-Q modulator used to create GMSK
The purpose for security
All frauds result in a loss to the operator. It is important to recognise that this loss may be in terms of:
No direct financial loss, where the result is lost customers and increase in use of the system with no revenue.
Direct financial loss, where money is paid out to others, such as other networks, carriers and operators of 'Value Added Networks' such as Premium Rate service lines.
Potential embarrassment, where customers may move to another service because of the lack of security.
Failure to meet legal and regulatory requirements, such as License conditions, Companies Acts or Data Protection Legislation.
The objective of security for GSM system is to make the system as secure as the public switched telephone network. The use of radio at the transmission media allows a number of potential threats from eavesdropping the transmissions. It was soon apparent in the threat analysis that the weakest part of the system was the radio path, as this can be easily intercepted.
The GSM MoU Group produces guidance on these areas of operator interaction for members. The technical features for security are only a small part of the security requirements, the greatest threat is from simpler attacks such as disclosure of the encryption keys, insecure billing systems or corruption ! A balance is required to ensure that these security processes meet these requirements.
At the same time a judgment must be made of the cost and effectiveness of the security measures.
Limitations of security
Existing cellular systems have a number of potential weaknesses that were considered in the security requirements for GSM.
The security for GSM has to be appropriate for the system operator and customer:
The operators of the system wish to ensure that they could issue bills to the right people, and that the services cannot be compromised.
The customer requires some privacy against traffic being overheard.
The countermeasures are designed:
to make the radio path as secure as the fixed network, which implies anonymity and confidentiality to protect against eavesdropping;
to have strong authentication, to protect the operator against billing fraud;
to prevent operators from compromising each others' security, whether inadvertently or because of competitive pressures.
The security processes must not:
significantly add to the delay of the initial call set up or subsequent communication;
increase the bandwidth of the channel,
allow for increased error rates, or error propagation;
add excessive complexity to the rest of the system,
must be cost effective.
The designs of an operator's GSM system must take into account the environment and have secure procedures such as:
the generation and distribution of keys,
exchange of information between operators,
the confidentiality of the algorithms.
Descriptions of the functions of the services
The security services provided by GSM are:
Anonymity So that it is not easy to identify the user of the system.
Authentication So the operator knows who is using the system for billing purposes.
Signaling Protection So that sensitive information on the signaling channel, such as telephone numbers, is protected over the radio path.
User Data Protection So that user data passing over the radio path is protected.
Anonymity
Anonymity is provided by using temporary identifiers. When a user first switches on his radio set, the real identity is used, and a temporary identifier is then issued. From then on the temporary identifier is used. Only by tracking the user is it possible to determine the temporary identity being used.
Authentication
Authentication is used to identify the user (or holder of a Smart Card) to the network operator. It uses a technique that can be described as a "Challenge and Response", based on encryption.
Authentication is performed by a challenge and response mechanism. A random challenge is issued to the mobile, the mobile encrypts the challenge using the authentication algorithm (A3) and the key assigned to the mobile, and sends a response back. The operator can check that, given the key of the mobile, the response to the challenge is correct.
Eavesdropping the radio channel reveals no useful information, as the next time a new random challenge will be used. Authentication can be provided using this process. A random number is generated by the network and sent to the mobile. The mobile use the Random number R as the input (Plaintext) to the encryption, and, using a secret key unique to the mobile Ki, transforms this into a response Signed RESponse (SRES) (Ciphertext) which is sent back to the network.
The network can check that the mobile really has the secret key by performing the same SRES process and comparing the responses with what it receives from the mobile.
User Data and Signaling Protection
The response is then passed through an algorithm A8 by both the mobile and the network to derive the key Kc used for encrypting the signaling and messages to provide privacy (A5 series algorithms).
Figure 1. Encryption for GSM
