Authentication and security
Since the radio medium can be accessed by anyone, authentication of users to prove that they are who they claim to be, is a very important element of a mobile network. Authentication involves two functional entities, the SIM card in the mobile, and the Authentication Center (AuC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AuC. During authentication, the AuC generates a random number that it sends to the mobile. Both the mobile and the AuC then use the random number, in conjuction with the subscriber's secret key and a ciphering algorithm called A3, to generate a signed response (SRES) that is sent back to the AuC. If the number sent by the mobile is the same as the one calculated by the AuC, the subscriber is authenticated .
The same initial random number and subscriber key are also used to compute the ciphering key using an algorithm called A8. This ciphering key, together with the TDMA frame number, use the A5 algorithm to create a 114 bit sequence that is XORed with the 114 bits of a burst (the two 57 bit blocks). Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers.
The AC or AUC is the Authentication Center, a secured database handling authentication and encryption keys. Authentication verifies a mobile customer with a complex challenge and reply routine. The network sends a randomly generated number to the mobile. The mobile then performs a calculation against it with a number it has stored and sends the result back. Only if the switch gets the number it expects does the call proceed. The AC stores all data needed to authenticate a call and to then encrypt both voice traffic and signaling messages.
The diagram and extended quote (in blue) below is from Professor Levine's excellent .pdf file on cellular and GSM. It shows just how complicated encryption is but in the file he explains it quite well. Please download this 100 page .pdf file to learn more about GSM than I will ever know or be able to write about. Also, any wireless book Levine has written should get your careful consideration. (Note: you may have to read the document with Acrobat Reader 4.0 and not the latest version. 5.0 does not seem to be backward compatible with this file.)
Another level of security is performed on the mobile equipment itself, as opposed to the mobile subscriber. As mentioned earlier, each GSM terminal is identified by a unique International Mobile Equipment Identity (IMEI) number. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR). The status returned in response to an IMEI query to the EIR is one of the following:
* White-listed: The terminal is allowed to connect to the network.
* Grey-listed:The terminal is under observation from the network for possible problems.
* Black-listed: The terminal has either been reported stolen, or is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.
PCS-1900 authentication involves a two-way transaction. The base station transmits a random "challenge" number RAND (different value on each occasion when a call is to be connected or an authentication is to be performed for another reason) to the mobile set.
The mobile set performs a calculation using that number and an internal secret number and returns over the radio link the result of the computation SRES. The base system also knows what the correct result will be, and can reject the connection if the mobile cannot respond with the correct number. The algorithm used for the calculation is not published, but even if it is known to a criminal, the criminal cannot get the right answer without also knowing the internal secret number Ki as well.
Even if the entire radio link transaction is copied by a criminal, it will not permit imitation of the valid set, because the base system begins the next authentication with a different challenge value. This transaction also generates some other secret numbers which are used in subseqent transmissions for encryption of the data. Therefore, nobody can determine which TMSI was assigned to the MS, aside from not being able to "read" the coded speech or call processing data.
This process has proved to be technologically unbreachable in Europe, and there is no technological fraud similar to the major problem with analog cellular. There is still non-technological fraud, such as customers presenting false identity to get service but never paying their bill (subscription fraud).
The mathematical processes involved in DES and Lucifer encryption consist of two repeated operations. One is the permutation or rearrangement of the data bits. The other operation involves XOR (ring sum or modulo 2 sum) of the data bits with an encryption mask or key value. These operations are repeated a number of times (rounds) to thoroughly scramble the data, but they can be reversed by a person who knows both the algorithm and the secret key value.