The encryption algorithm used in the GSM system is a stream cipher known as the A5 algorithm.
Multiple versions of the A5 algorithm exist which implement various levels of encryption.
- A5/0 utilizes no encryption.
- A5/1 is the original A5 algorithm used in Europe.
- A5/2 is a weaker encryption algorithm created for export and used in the United States.
- A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).
The stream cipher is initialized with the Session Key (Kc) and the number of each frame. The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique keystream for every frame.
The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. In practice, the same Session Key (Kc) may be in use for days.
Authentication is an optional procedure in the beginning of a call, but it is usually not performed.
The A5 algorithm is implemented in the Mobile Station (MS).
For more information on the A5/3 algorithm, read Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications.