GSM calls even more secure thanks to new A5

1 October 2002

A new security algorithm, known as A5/3, will provide users of GSM mobile phones with an even higher level of protection against eavesdropping than they have already. It will ensure that even if a prospective attacker manages to pull a GSM phone call out of the radio waves, he will be completely unable to make sense of it, even if he throws massive computing resources at the task.

A5/3 has been developed by a joint working party between the GSM Association Security Group and the 3rd Generation Partnership Project (3GPP™), for use in GSM™ systems. It will also be useable for the General Packet Radio Service (GPRS) where it will be known as GEA3, and other GSM modes such as High Speed Circuit Switched Data (HSCSD) and Enhanced Data Rates for GSM Evolution (EDGE).

GSM systems use several security elements, designed to safeguard the interests of the user, network operators and service providers. The A5/3 encryption algorithm specifically supplies signalling protection, so that sensitive information such as telephone numbers is protected over the radio path, and user data protection, to protect voice calls and other user generated data passing over the radio path.

Encryption algorithms are complex mathematical data scrambling operations implemented in software or hardware to protect data against unauthorised reading. A5/3 joins an existing family of GSM A5 algorithms: these are implemented in hardware to ensure an appropriately fast operation, and are contained within the mobile handset.

Since the original GSM A5 algorithm was developed in 1987, the climate for cryptography has changed substantially, due largely to more relaxed attitudes on the part of national security agencies – removing much of the traditional "hush-hush" approach to cryptography. The algorithm's developers concluded that the time was right to exploit this more creative state of affairs and enhance the already very high security of GSM algorithms.

The new algorithm was designed by the Security Algorithms Group of Experts (SAGE) of the European Telecommunications Standards Institute (ETSI), based on a requirements specification produced by 3GPP's Working Group SA3. The development was carried out with the support of the GSM Association, 3GPP, and the United States' T1 Standards Committee, sponsored by the Alliance for Telecommunications Industry Solutions (ATIS). A5/3 is based on the Kasumi algorithm, specified by 3GPP for use in 3rd Generation mobile systems as the core of confidentiality and integrity algorithms. Kasumi in turn was derived from the MISTY algorithm, created by Mitsubishi. The defining specifications are publicly available on the 3GPP web site.

Professor Michael Walker of Vodafone Group plc, Chairman of the 3GPP SA3 group, remarked: "We now have an encryption algorithm for GSM which has been expertly designed and analyzed for use in mobile communications, and which, with the more relaxed attitudes to cryptography, can be openly published."

Charles Brookson, Chairman of the GSM Association Security Group, said: "GSM security has proved to be remarkably resilient for a design 15 years old, but with the availability of stronger algorithms, and the ability to use them, it is time that GSM should offer similar levels of strength where the standards allow this."

It is expected that the algorithm will be publicly available from the third quarter of 2002 and will then be progressively implemented in mobile systems. Its developers have invited its further evaluation by industry. Industry parties wishing to implement the algorithm, should contact ETSI, the GSM Association, or Committee T1.

NOTES TO EDITORS

About 3GPP
The 3rd Generation Partnership Project (3GPP) was established for the preparation and maintenance of a complete set of globally applicable technical specifications for a Third Generation mobile system based on the evolved GSM core networks and the radio access technologies supported by 3GPPTM partners. 3GPP membership consists of three categories – Organizational Partners, Market Representation Partners and Individual Member companies.

More On Mobile Phones & Security

Home Page > Main Cellphones & Security Page
   - Cellphone Detectors
   - Cellphone Jammers
   - GunPhone

New Spyphone used as bug	Cellphone-like Jammer Launched	Trimble TrimTrac GSM GPS Locator Device	Secret Video Of GunPhone > Play	"How to Hack a Motorola GSM Phone"
Nextel develops free text-based AMBER Alert offering Vaccine Developed Against Cabir Cellphone Worm Cabir, The World's First Mobile Phone Virus Discovered SMS Security flaw Siemens S55 mobile phone One million mobile calls tapped in Korea Further measures to reduce handset theft RFID Privacy & Security Upgraded Encrypted MMS now available `“Missed call” SPAM scam curbed` Mobile spam becoming a major problem UK Mobile Operators Block Online Porn GSM wireless increases security in Birmingham SPY-PH Spy Cell Phone Launched Nokia issues battery warning O2 launches emergency SMS as measure against spam First raid on IMEI reprogrammers under new UK laws Calif. bans mobile phone spam Microsoft investigation of hackers using Smartphone New UK Database Makes Stolen Phones Useless GSM calls even more secure thanks to new A5/3 Algorithm Lose Your Cellphone In South Africa And Go To jail? Thwart thieves by SMS GSM Phones Blocked For Gaddafi In Depth: Mobile Phone Privacy, Bugging & Security Israeli Device Detects Cell Phones Acting as Bugs New GunPhone