GSM technologists at standards organization European Telecommunications Standards Institute (ETSI) have created a new, stronger security algorithm that will be available to network systems and handset vendors from the third quarter of this year (see Algorithm Secures GSM).

The move is in response to fears that it is only a matter of time before one of the current algorithms used in GSM networks, A5/2, is hacked. In a meeting in Tokyo last October, representatives of 3rd Generation Partnership Project (3GPP), which prepares technical standards for 3G networks based on evolved GSM core networks, noted that "technical experts predict that it will not be too much longer before the [A5/2] algorithm is compromised."

Because of export restrictions concerning encryption technologies, GSM networks use different versions of the ciphering algorithm A5 depending on where they are in the world. A5/1 is the strongest, used mostly in North America and Western Europe, while A5/2 is common in Asia. A5/0 has no encryption, and is used in some third-world countries and those territories under UN sanctions.

The encryption deployed in the new algorithm, named A5/3 [ed. note: What about calling it Super Al, or even Al Gor?], specifically provides signaling protection, making it harder for GSM calls to be hacked or for information, such as phone numbers, to be decoded.

"This is an enhancement," says James Moran, director of fraud and security at the GSM Association, which represents the interests of its GSM operator members and which, along with the 3GPP and the T1 Standards Committee in the U.S., supported the development.

"There is no demonstration to show that the existing algorithms have been cracked. But the existing algorithms were developed in the late 1980s, and it was decided that, with export controls on encryption products now easing and more secure algorithms already developed for next-generation systems, it was worthwhile taking the opportunity to make GSM even more secure," says Moran.

A5/3 is for use in 2G networks, although it's derived from the confidentiality and integrity algorithms that already exist for 3G systems, known collectively as the "Kasumi kernel."

As Kasumi had already been developed to provide strong cryptographic security for UMTS networks, the 3GPP Tokyo meeting noted that "the ETSI [Security Algorithms Group of Experts] should be subcontracted to prepare an algorithm which will be known as A5/3 and that it should be based on the Kasumi kernel."

Concern obviously exists that GSM networks deploying the A5/2 algorithm are a security risk, hence the need for A5/3. And while Moran claims that current algorithms have not been demonstrably cracked, that appears to be the case only for the hacking of live GSM networks. Under test conditions, existing GSM security algorithms have allegedly been "compromised." Research displayed on the Website of the SANS (System Administration, Networking and Security) Institute, which exists to help security experts share their experiences, shows that as far back as 1999 researchers "claimed to have cracked the weaker A5/2 algorithm" within seconds, using a single PC.

Indeed, it is claimed that even the stronger A5/1 algorithm has been broken, though the cryptographers involved admitted that the version used in live GSM networks would be slightly different from the version cracked in the lab.

The same research report welcomes the development of A5/3. It notes that the specifications of A5/2 were never made public for scrutiny: "The GSM standard was created in secrecy and all of the algorithms used are not available to the public. Most security analysts believe any system that is not subject to the scrutiny of the world’s best minds can’t be as secure." With A5/3, however, "they have moved away from their 'security by obscurity' ideology." All the algorithms being used in 3GPP are available to security researchers and scientists, it notes.

— Ray Le Maistre, European Editor, Unstrung
http://www.unstrung.com