GSM Security

A. At the current moment YES.

At certain times, such as during a call set up, the network's VLR (Visitor Location Register) decides to authenticate a subscriber. It requests authentication parameters from the mobiles HLR (Home Location Register). The HLR in turn requests these parameters from the AuC (Authentication Centre). The AuC passes a 128 bit random number, RAND, and the mobiles Key, Ki, through the algorythms A3 and A8 which generate the desired 32 bit SRES (Signed Response) and Kc (Cipher Key) respectively.

This Authentication Triplet (RAND+SRES+Kc) is passed to the BTS which the mobile is operating through. The BTS issues an authentication challenge;

• It passes a random number, RAND, (128 bits) to the mobile
• The mobile receives and then passes RAND to the SIM
• The SIM passes RAND through its copies of A3 and A8 together with its copy of Ki.
• The SIM A3 Algorythm takes RAND and Ki and forms the 32 bit response, SRES which is returned to the network.
• The SIM A8 Algorythm takes RAND and Ki and forms the Cipher Key, Kc.
• The SIM returns its version of SRES to the BTS via the phone.
• The VLR checks that the two values of SRES correlate, if so the authentication challenge has been successful: The Subscriber has been authenticated.
• The requested transaction can now take place

By storing all the Keys and Algorythms within a single entity of the Home network it is possible to enhance security- the Keys and Algorythms are never transmitted outside the AuC hence cannot be intercepted on the fixed part of the GSM network. Additionally it allows different networks to have different algorythms since a roaming mobile only needs to get the same RAND and Kc as the current BTS has. At all time these authentication parameters are calculated by it's home network, not the network it has roamed onto. The only common algorythm is the encryption algorythm A5 used to encrypt traffic on the air interface between the MS and BTS.

Without knowledge of Ki (which is never transmitted over the air) you cannot form Kc. Ki is only stored in two places, the authentication centre within the network and the SIM. It cannot be read out of the SIM and networks will have security systems to stop all but the most essential employees getting access to Kc at the AuC.

Attacking using a code book response - you get all possible combinations of RAND and respond with a pre-recorded SRES- would mean that you need to record the SRES for the 3.4*10^38 combinations of RAND- for the mobile under attack. Clearly this method appears difficult to say the least!

Any potential ways around the security systems on the air interface are either being kept very quiet or do not exist.