Question

A network architect is designing a remote access solution for mobile workers with laptop computers and will use GPRS technology for over-the-air communications. Because workers access sensitive information, what protection is required to protect GPRS traffic?

Answer 1

The architect should implement an authentication system for the users and devices that will connect to the remote network.

Step-by-step explanation:

The architect should implement a request/answer mecanism. This consists in creating a unique key inside the SIM card in the user's device and checking the IMEI too. When the device enters the network, it provides this information and its location to the HLR (Home Location Register).

The HLR requests 3 datapoints: a random number (RAND), a SRES answer and the session key. This data is sent to the VLR (Visitor Location Register), which sends as a request, one RAND number back to the MS (Mobile Station) for each authentication made. The MS sends back the SRES answer to the VLR and verifies if the answers are equal to grant access to the user.

To protect the user's confidentialy, a TLLI (Temporary Logical Link Identity) protocol can be implemented. This will authenticate each GPRS user in a local and temporary way, due to the session expected to be expired soon.