GSM uses three different security algorithms called A3, A5, and A8. In practice, A3 and A8 are generally implemented together (known as A3/A8).

An A3/A8 algorithm is implemented in Subscriber Identity Module (SIM) cards and in GSM network Authentication Centres. It is used to authenticate the customer and generate a key for encrypting voice and data traffic. Development of A3 and A8 algorithms is considered a matter for individual GSM network operators, although example implementations are available.

An A5 encryption algorithm scrambles the user's voice and data traffic between the handset and the base station to provide privacy. An A5 algorithm is implemented in both the handset and the base station subsystem (BSS). 

A3

• Authentication algorithm
• Calculates SRESbased on the Kikey (stored on the SIM and in the HLR) and the RANDsent by the MSC
• Not standardized; can be chosen independently by each operator

A8

• Key generation algorithm needed to calculate the session key Kc
• Calculation of Kcdepends on Kiand RAND
• Not standardized; can be chosen independently by each operator.

A5

• Stream cipher used to encrypt over-the-air-transmissions
• Ciphering is based on Kcand the frame number
• Specified at international level to enable roaming.