Um Interface - Um Security Features - Um Encryption

Um Encryption

GSM encryption, called "ciphering" in the specifications, is implemented on the channel bits of the radio bursts, at a very low level in L1, after forward error correction coding is applied. This is another significant security shortcoming in GSM because:

  • the intentional redundancy of the convolutional coder reduces the Unicity distance of the encoded data and
  • the parity word can be used for verifying correct decryption.

A typical GSM transaction also includes LAPDm idle frames and SACCH system information messages at predictable times, affording a Known plaintext attack.

The GSM ciphering algorithm is called A5. There are four variants of A5 in GSM, only first three of which are widely deployed:

  • A5/0—no ciphering at all
  • A5/1: strong(er) ciphering, intended for use in North America and Europe
  • A5/2: weak ciphering, intended for use in other parts of the world, but now deprecated by the GSMA
  • A5/3: even stronger ciphering with open design

Ciphering is a radio resource function and managed with messages in the radio resource sublayer of L3, but ciphering is tied to authentication because the ciphering key Kc is generated in that process. Ciphering is initiated with the RR Ciphering Mode Command message, which indicates the A5 variant to be used. The MS starts ciphering and responds with the RR Ciphering Mode Complete message in ciphertext.

The network is expected to deny service to any MS that does not support either A5/1 or A5/2 (GSM 02.09 Section 3.3.3). Support of both A5/1 and A5/2 in the MS was mandatory in GSM Phase 2 (GSM 02.07 Section 2) until A5/2 was depreciated by the GSMA in 2006.

Read more about this topic:  Um Interface, Um Security Features