A consequence of international roaming is the exchange of information between providers in different countries. All countries have strict regulations against the export of encryption algorithms and thus GSM works around it. When a user tries to use his phone in say another country, the local networks request the HLR of the subscriber’s home network for the RAND, SRES and KC which is sufficient for authentication and encrypting data. Thus the local network does not need to know anything about the A3 or A8 algorithms stored in the SIM.
Authentication Algorithm A3 – It is operator dependent and is an operator option. The A3 algorithm is a oneway function. That means it is easy to compute the output parameter SRES by using the A3 algorithm but very complex to retrieve the input parameters (RAND and KI) from the output parameter. Remember the key to GSM’s security is keeping KIunknown. While it maysound odd that each operator may choose touse A3 independently, it was necessary tocover the case of international roaming.
Ciphering Algorithm A5 - Currently, there exists several implementations of this algorithm though the most commonly used ones are A5/0, A5/1 and A5/2. The reason for the different implementations is due to export restrictions of encryption technologies. A5/1 is the strongest version and is used widely in Western Europeand America, while the A5/2 is commonlyused in Asia. Countries under UN Sanctions and certain third world countries use the A5/0, which comes with no encryption.
Ciphering Key Generating Algorithm A8 – It is operator dependent. In most providers the A3 and A8 algorithms are combined intoa single hashfunction known as COMP128. The COMP128 creates KCand SRES, in a single instance.
Security in GSM :
- GSM offers several services using confidential information stored in the AuC and in the individual SIM.
- The SIM stored personal, secret data and in protected with a PIN against unauthorized use.
Three algorithms have been specified to provide security services in GSM.
--> Algorithm A3 is used for authentication.
--> A5 for encryption, and
-->A8 for the generation of a cipher key.
The various security services offered by GSM are :
(a)Access control and authentication
(i). Subscriber Authentication
Let`s dive into each one :
(a). Access control and authentication :
- The first step includes the authentication of a valid user for the SIM.
- The user needs a secret PIN to access the SIM.
- The next step is the subscriber authentication.
This step is based on a challenge-response scheme as shown below :
(i). Subscriber Authentication :
- Authentication is based on the SIM, which stores the individual authentication key Ki, the user identification IMSI, and the algorithm used for authentication A3.
- The Auc performs the basic generation of random values RAND, signed responses SRES and cipher keys Kc for each IMSI, and then forwards this information to the HLR.
- The current VLR requests the appropriate values for RAND, SRES, and Kc from the HLR.
- For authentication, the VLR sends the random value RAND to the SIM.
- Both sides, network and subscriber module, perform the same operation with RAND and the key Ki, called A3.
- The MS sends back the SRES generated by the SIM; the VLR can now compare both values.
- If they are the same, the VLR accepts the subscriber, otherwise the subscriber is rejected.
(b). Confidentiality :
- All user-related data is encrypted.
- After authentication, BTS and MS apply encryption to voice, data, and signalling as shown below:
To ensure privacy, all messages containing user-related information are encrypted in GSM over the air interface.
After authentication, MS and BSS can start using encryption by applying the cipher key Kc, which is generated using the individual key Ki and a random value by applying the algorithm A8.
Note that the SIM in the MS and the network both calculate the same Kc based on the random value RAND.
The key Kc itself is not transmitted over the air interface.
MS and BTS can now encrypt and decrypt data using the algorithm A5 and the cipher key Kc.
(c). Anonymity :
- To provide user anonymity, all data is encrypted before transmission, and user identifiers are not used over the air.
- Instead, GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update.
- Additionally, the VLR can change the TMSI at any time.