Page 60 - From GMS to LTE
P. 60

46  From GSM to LTE-Advanced Pro and 5G

            calculated in the AuC and on the SIM card by using a random number (RAND) and the
            secret key (Ki) as input parameters for the A8 algorithm. Together with the GSM frame
            number, which is increased for every air interface frame, Kc is then used as input
            parameter for the A5 ciphering algorithm. The A5 algorithm computes a 114‐bit
            sequence which is XOR combined with the bits of the original data stream. As the frame
            number is different for every burst, it is ensured that the 114‐bit ciphering sequence
            also changes for every burst, which further enhances security.
             To be as flexible as possible, a number of different ciphering algorithms have been
            specified for GSM. These are called A5/1, A5/2, A5/3 and so on. The intent of allowing
            several ciphering algorithms was to enable export of GSM network equipment to coun-
            tries where export restrictions prevent the sale of some ciphering algorithms and
            technologies. Furthermore, it is possible to introduce new ciphering algorithms into
            already existing networks to react to security issues if a flaw is detected in one of the
            currently used algorithms. The selection of the ciphering algorithm also depends on
            the capabilities of the mobile device. During the establishment of a connection, the
            mobile device informs the network about the ciphering algorithms that it supports.
            The network can then choose an algorithm that is supported by the network and the
            mobile device.
             When the mobile device establishes a new connection with the network, its identity
            is verified before it is allowed to proceed with the call setup. This procedure has already
            been described in Section  1.6.4. Once the mobile device and subscriber have been
            authenticated, the MSC usually starts encryption by sending a ciphering command
            to the mobile device. The ciphering command message contains, among other information
            elements, the ciphering key, Kc, which is used by the base station for the ciphering of
            the connection on the air interface. Before the BSC forwards the message to the mobile
            device, however, the ciphering key is removed from the message because this informa-
            tion must not be sent over the air interface. The mobile device does not need to receive
            the ciphering key from the network as the SIM card calculates the Kc on its own and
            forwards the key to the mobile device together with the SRES during the authentication


                      Ki
                              A8      Kc
                  RAND                    Current frame number




                                        A5/x



                                 114 Bit ciphering frame
            Burst to be encrypted          Bitwise XOR
            delivered by the cipherer
                                 114 Bit original burst
                                                        To the modulator
                                 114 Bit ciphered burst
            Figure 1.38  Ciphering of an air interface burst.
   55   56   57   58   59   60   61   62   63   64   65