A Brief History of GSM A5/2 and 2G/3G Security
MiKa and me shared some knowledge about the design flaws and the state of security in 2G/3G networks. The idea was to present an overview. Those networks have been shrouded in NDAs for too long. It is good to see that this is changing. Given the fact that millions of people use this technology on a daily basis, there should have been more publications and a deeper analysis many years ago.
GSM features four A5 encryption algorithms. They are called A5/0, A5/1, A5/2 and A5/3. A5/0 is basically plaintext, because no encryption is used. A5/1 is the original A5 algorithm used in Europe. A5/2 is a weaker encryption algorithm created for export (the weakness is a design feature). A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project. The use of A5/2 is interesting since you would expect that the network operators were keen to phase it out. It was broken over 10 years ago and can be broken in real time. Care to guess when it was removed from the network? Harald Welte has an answer in his blog. His findings are not surprising give the fact that a part of GSM’s security was not to tell anyone about the security measures used. The research also reveals that the internal anlysis detected the flaws, but the reaction in term of changing the implementation was and is far from being adequate.
Security experts are used to being ignored. The usual strategy is to downplay flaws, bugs and results of publications. True, the implications do not hit anyone right away, but if you take security seriously you have to check your systems and estimate the impact on your infrastructure. This is the least you have to do. Apparently not everyone does it.
The upcoming DeepSec conference features a workshop on GSM attacks. In addition we have speakers explaining the state of affairs of security in mobile phone networks. You better have a look!