Thursday, May 06, 2010

MAC based security enforcement System for individual Mobile Device Security

The story began with the day when I lost my mobile, I mean, the mobile set picker picked-up mobile forcefully when I attended the political speech by Dr. Babu Ram Bhattarai, conducted during the maoist strike program on 2066/01/21 at Sundhara Kathmandu.

I heard that YCL, the brother body of United Nepal Communist party (Maoist) is well organized and honest one. YCL members are well disciplined and they do for people. I was quite positive to get my mobile set back after when I had identified the picker just immediately I found that my mobile was picked-up and got submitted to YCL member. They (YCL) convinced me that they would get back the set after enquiry and punishment to the picker. I just left them enquired and call whenever they get the set back from the picker.  But unfortunately, my expectation just became expectation only. Finally I lost my mobile and became contactless with all my friends and family until the strike closed. But it’s an infinite strike which is leading the country towards the worst situation more and more.
There were so many important numbers saved within the SIM. Doctors, Professors, Engineers, Engineering Colleges, Leaders and many more. But what can I do? I knew that there are some security policies can be implemented for SIM and mobile set security. But I haven’t implemented any set/SIM security with my mobile set. It is useless even if I have implemented the security over my mobile set because there are provisions to unlock the mobile set through software connected with the interfacing device.

Now my objective here is to make the lost mobile set completely useless so that pocket/mobile picker can easily be avoided. In this security control model, all the PUK no and PIN no are useless because these all numbers are provided by the telecom service provider and can easily be broken down or can use the device after reset. The main thing is the hardware identification No to be provided on each mobile set like what we provide MAC Address on each Network card for computer networking and internet. Just think that your mobile no is your IP address and mobile MAC is the built in hardware no provided on each Mobile device. There is another code provided with our SIM (Security Code). The Security Code is the main administering code for the mobile set and mobile no. both.

The newly purchased SIM (or mob. No) should be registered with operator’s security control system with the mobile set’s MAC no. (here hardware id is supposed to be a MAC of mobile set). The mobile no is supposed to be bounded with mobile MAC so that the connection/communication is only be successful when call is established with the given mobile number together with the MAC of the mobile set provided on the security control database. For every connection should check on the mobile MAC table so that the mobile number is bounded with mobile MAC during the communication.  The security control database for individual mobile user might be like:


Security Database

By the use of security code, we can simply insert, update or delete the MAC no from the security database of corresponding mobile user. Hence MAC is that number which makes control over the mobile number as well as the mobile device both. If a call is attempted, before establishing the call, mobile number with corresponding Mobile MAC is checked. Every time the device should send its hardware address (MAC) to mobile switching center or it is like a firewall which should be checked before the call established.  If the caller number is mismatched with the registered MAC then the system found that the mobile device is either theft or broken.
Security Check during the call (Flow Chart)

We use 48 bits MAC address in computer communication. Principally this 48-bits MAC is also more than sufficient to generate unique physical address for each mobile device (2^24= 281474976710656). Hence a telecom operator might have 281474976710656 mobile users which are more than the world’s population.
The mobile service operator, provides the SIM with security code and mobile no to the customer by registering his/her name, address, citizenship/passport no bounding the mobile number and security code. The customer’s first job is to enable the SIM with the mobile device’s MAC address. For this, customer provides the security code to insert/update his/her MAC over the security database table. We can add more than one MAC (Device) if we want to use single SIM to operate with more mobile devices with respect to time.
Hence the security Access Control List (SACL) fully control over the mobile number and mobile device as well properly. What if, the mobile device is lost?
If the mobile set is lost,
1.    Provide your security code and blacklist the previous MAC (insert into blacklist database).
2.    Provide your security code and update the security database with the FAKE MAC value.
Now the mobile device is completely unusable within its network. However this device can be used with another service provider with newly provided SIM. There might be several mobile operators within the country like in Nepal these are: NTC, Spice Nepal, UTL, Nepal Satellite, and Smart Telecom…that’s why any device blacklisted with NTC database can be used over Spice Network or other telecom network. However, we can’t establish a call to the network from where the device is blacklisted. It is operable only within the owner’s network. Anyone device blacklisted in one network can be made useless to other network only if we synchronize the blacklisted database i.e. frequently exchanging the blacklisted DB through Electronic Data Interchange (EDI). Controlling of mobile Device through centralized security controlled BD has several advantages:
1.    Solve the problem of mobile lost (theft)
2.    Telecom fraud control
These two are the major issues in telecommunication sector where we all Nepalese are facing.
48-bits MAC addressing with mobile device has added advantage for the implementation of IP-based communication through mobile set like internet and the implementation of Next Generation Network Application.
Let’s develop the standards for such implementation with mobile so as to make the security tighter in telecom network.
(This is the preliminary idea I have imagined, I am not sure whether this idea has already developed and implemented)