GSM encryption algorithms

There are at least seven different encryption algorithms used in the GSM protocol. However, I could only find information on three of them. This may be because the remaining four are not publicly known.

The first, A5/1, was developed in 1987, before GSM was used outside of Europe. Initially proposed to use a 128-bit key, the strength of encryption was argued over by European NATO countries. Germany was a proponent of very strong encryption because of it's proximity to the Soviet bloc. Britain, however, wished to more easily eavesdrop on cellular communications, and advocated for a weaker implementation. The firs implementation ended up using a 54-bit key but this was increased to 64 bits later.

1994 was the first time that A5/1 was compromised. Researcher Ross Anderson first demonstrated the possibility, and by the early 2000s the A5/1 could be decrypted in "less than one minute of computations" using only "a few seconds of known conversation."

A variant, A5/2, was used in export markets, mostly in developing countries. It was much weaker than A5/1, "so much so that [in 1999] low end equipment can probably break it in real time." A5/2 is now prohibited for use with any GSM network worldwide.

A5/3 is yet another variant, but much stronger than A5/1 because of its 128-bit key. It is also known as KASUMI; kasumi is the Japanese word for mist, and the algorithm was based on another algorithm called MISTY1. Several researchers have managed to break A5/3 or the protocol surrounding it, but none so far have compromised it in real-world settings.

No comments:

Post a Comment

Speak now...