Security in GSM

Security Advice For Mobile Phone Users

Every day, all over the world, millions of people enjoy the convenience provided by GSM technology. Today, over 3 billion people have access to GSM and 3GSM services and this number is growing rapidly. Mobile phones have revolutionised the way the world communicates.

Whilst using a mobile phone is generally a trouble free experience, these desirable and sophisticated devices have, inevitably, become the subject of some interest amongst the world's criminal fraternity. One issue is, of course, the theft of mobile phones, although this is often perceived as being a more serious threat than it really is. But additional challenges more familiar to the fixed Internet world, such as spam and mobile phone viruses, are also on the increase.

These web pages aim to provide mobile phone users with simple, easy to follow advice to help you minimise the risk of experiencing these problems firsthand.


GSM Security Algorithms

GSM security algorithms are used to provide authentication and radio link privacy to users on a GSM network.

GSM uses three different security algorithms called A3, A5, and A8. In practice, A3 and A8 are generally implemented together (known as A3/A8).

An A3/A8 algorithm is implemented in Subscriber Identity Module (SIM) cards and in GSM network Authentication Centres. It is used to authenticate the customer and generate a key for encrypting voice and data traffic, as defined in 3GPP TS 43.020 (03.20 before Rel-4). Development of A3 and A8 algorithms is considered a matter for individual GSM network operators, although example implementations are available.

An A5 encryption algorithm scrambles the user's voice and data traffic between the handset and the base station to provide privacy. An A5 algorithm is implemented in both the handset and the base station subsystem (BSS).


Authorisation for use of GSM algorithms by network operators

Network operator members of the GSM Association are provided with written authorisation to use the following algorithms when they join the Association:

* Example A3/A8 algorithm COMP128-2
* Example A3/A8 algorithm COMP128-3
* Encryption algorithm A5/1

GSM algorithm specifications available on application

Copies of the following example A3/A8 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSM Association:

* COMP128
* COMP128-2
* COMP128-3

Copies of the specifications of the following A5 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSM Association:

* A5/1
* A5/2