What algorithm is utilized for encryption in GSM networks?

The encryption algorithm used in the GSM system is a stream cipher known as the A5 algorithm.

Multiple versions of the A5 algorithm exist which implement various levels of encryption.

• A5/0 utilizes no encryption.
• A5/1 is the original A5 algorithm used in Europe.
• A5/2 is a weaker encryption algorithm created for export and used in the United States.
• A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).

The stream cipher is initialized with the Session Key (Kc) and the number of each frame. The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique keystream for every frame.

The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. In practice, the same Session Key (Kc) may be in use for days.

Authentication is an optional procedure in the beginning of a call, but it is usually not performed.

The A5 algorithm is implemented in the Mobile Station (MS).

For more information on the A5/3 algorithm, read Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications.

GSM Security FAQ

• How is encryption utilized in GSM?
• What algorithm is utilized for authentication in GSM networks?
• What algorithm is utilized for encryption in GSM networks?
• What algorithm is used for key generation in GSM networks?
• What are the components of a GSM network
• What are Ki, Kc, RAND, and SRES?
• How do Authentication and Key generation work in a GSM network?
• Have the A3 and A8 algorithms been broken?
• Have the A5 algorithms been broken?
• What are locking and unlocking?
• What is an IMEI?
• How can I find my IMEI?
• What is an IMSI?
• What is a TIMSI?
• What are the PIN and PUK?
• How do I change my PIN and PUK?
• How do I use CallerID?
• What is a Subscriber Identity Module (SIM)?