A5/2

A5/2 is a stream cipher used to provide voice privacy in the GSM cellular telephone protocol. It was designed in 1992-1993 (finished March 1993) as a replacement for the relatively stronger (but still weak) A5/1, to allow the GSM standard to be exported to countries "with restrictions on the import of products with cryptographic security features".[1]

Not to be confused with ATSC A/52.

The cipher is based on a combination of four linear-feedback shift registers with irregular clocking and a non-linear combiner.

In 1999, Ian Goldberg and David A. Wagner cryptanalyzed A5/2 in the same month it was reverse engineered, and showed that it was extremely weak – so much so that low end equipment can probably break it in real time.[2]

In 2003, Elad Barkan, Eli Biham and Nathan Keller presented a ciphertext-only attack based on the error correcting codes used in GSM communication. They also demonstrated a vulnerability in the GSM protocols that allows a man-in-the-middle attack to work whenever the mobile phone supports A5/2, regardless of whether it was actually being used.[3]

Since July 1, 2006, the GSMA (GSM Association) mandated that GSM Mobile Phones will not support the A5/2 Cipher any longer, due to its weakness, and the fact that A5/1 is deemed mandatory by the 3GPP association. In July 2007, the 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones, stating: "It is mandatory for A5/1 and non encrypted mode to be implemented in mobile stations. It is prohibited to implement A5/2 in mobile stations."[4] If the network does not support A5/1 then an unencrypted connection can be used.

See also

References
  1. Security Algorithms Group of Experts (SAGE) (March 1996). "ETR 278 - Report on the specification and evaluation of the GSM cipher algorithm A5/2" (PDF). European Telecommunications Standards Institute (ETSI). Archived (PDF) from the original on December 4, 2013.
  2. Goldberg, Ian; Wagner, David; Green, Lucky (August 26, 1999). "The (Real-Time) Cryptanalysis of A5/2". David Wagner's page at UC Berkeley Department of Electrical Engineering and Computer Sciences. Archived from the original on April 21, 2021.
  3. Barkan, Elad; Biham, Eli; Keller, Nathan (2003). "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication". In Boneh, Dan (ed.). Advances in Cryptology - CRYPTO 2003. Lecture Notes in Computer Science. Vol. 2729. Berlin, Heidelberg: Springer. pp. 600–616. doi:10.1007/978-3-540-45146-4_35. ISBN 978-3-540-45146-4.
  4. 3GPP TSG-SA WG3 (Security) Meeting #48 (September 18, 2007). "SP-070671 - Prohibiting A5/2 in mobile stations and other clarifications regarding A5 algorithm support". 3GPP Change Requests Portal. Archived from the original on April 21, 2021.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.