A new security algorithm, known as A5/3, will provide users of GSM mobile phones with an even higher level of protection against eavesdropping than they have already. It will ensure that, even if a prospective attacker manages to pull a GSM phone call out of the radio waves, he will be completely unable to make sense of it, even if he throws massive computing resources at the task.
A5/3 has been developed by a joint working party between the GSM Association Security Group and the 3rd Generation Partnership Project (3GPP), for use in GSM systems. It will also be useable with GPRS where it will be known as GEA3, and other GSM modes such as HSCSD and EDGE.
GSM systems use several security elements, designed to safeguard the interests of the user, network operators and service providers. The A5/3 encryption algorithm specifically supplies signalling protection, so that sensitive information such as telephone numbers is protected over the radio path, and user data protection, to protect voice calls and other user generated data passing over the radio path.
Encryption algorithms are complex mathematical data scrambling operations implemented in software or hardware to protect data against unauthorised reading. A5/3 joins an existing family of GSM A5 algorithms: these are implemented in hardware to ensure an appropriately fast operation, and are contained within the mobile handset.
Since the original GSM A5 algorithm was developed in 1987, the climate for cryptography has changed substantially, due largely to more relaxed attitudes on the part of national security agencies - removing much of the traditional "hush-hush" approach to cryptography. The algorithm's developers concluded that the time was right to exploit this more creative state of affairs and enhance the already very high security of GSM algorithms.
The new algorithm was designed by the Security Algorithms Group of Experts (SAGE) of the European Telecommunications Standards Institute (ETSI), based on a requirements specification produced by 3GPP's Working Group SA3. The development was carried out with the support of the GSM Association, 3GPP and the United States' T1 Standards Committee, sponsored by the Alliance for Telecommunications Industry Solutions (ATIS). A5/3 is based on the Kasumi algorithm, specified by 3GPP for use in 3rd Generation mobile systems as the core of confidentiality and integrity algorithms. Kasumi in turn was derived from the MISTY algorithm, created by Mitsubishi. The defining specifications are publicly available on the 3GPP web site.
Charles Brookson, Chairman of the GSM Association Security Group, said: "GSM security has proved to be remarkably resilient for a design 15 years old, but with the availability of stronger algorithms, and the ability to use them, it is time that GSM should offer similar levels of strength where the standards allow this."
It is expected that the algorithm will be publicly available from the third quarter of 2002 and will then be progressively implemented in mobile systems. Its developers have invited its further evaluation by industry.'"
Posted to the site on 5th July 2002
Posted to: www.cellular-news.com/story/7107.php