Security and authentication in GSM
1 Answer

A consequence of international roaming is the exchange of information between providers in different countries. All countries have strict regulations against the export of encryption algorithms and thus GSM works around it. When a user tries to use his phone in say another country, the local networks request the HLR of the subscriber’s home network for the RAND, SRES and KC which is sufficient for authentication and encrypting data. Thus the local network does not need to know anything about the A3 or A8 algorithms stored in the SIM.

  1. Authentication Algorithm A3 – It is operator dependent and is an operator option. The A3 algorithm is a one way function. That means it is easy to compute the output parameter SRES by using the A3 algorithm but very complex to retrieve the input parameters (RAND and KI) from the output parameter. Remember the key to GSM’s security is keeping KI unknown. While it maysound odd that each operator may choose to use A3 independently, it was necessary to cover the case of international roaming.
  2. Ciphering Algorithm A5 – Currently, there exists several implementations of this algorithm though the most commonly used ones are A5/0, A5/1 and A5/2. The reason for the different implementations is due to export restrictions of encryption technologies. A5/1 is the strongest version and is used widely in Western Europe and America, while the A5/2 is commonly used in Asia. Countries under UN Sanctions and certain third world countries use the A5/0, which comes with no encryption.
  3. Ciphering Key Generating Algorithm A8 – It is operator dependent. In most pro viders the A3 and A8 algorithms are combined into a single hash function known as COMP128. The COMP128 creates KCand SRES, in a single instance.
Please log in to add an answer.

Continue reading...

The best way to discover useful content is by searching it.