A5/2

A5/2 is a stream cipher used to provide voice privacy in the GSM cellular telephone protocol. It was designed in 1992-1993 (finished March 1993) as a replacement for the relatively stronger (but still weak) A5/1, to allow the GSM standard to be exported to countries "with restrictions on the import of products with cryptographic security features".[1]

The cipher is based on a combination of four linear-feedback shift registers with irregular clocking and a non-linear combiner.

In 1999, Ian Goldberg and David A. Wagner cryptanalyzed A5/2 in the same month it was reverse engineered, and showed that it was extremely weak – so much so that low end equipment can probably break it in real time.[2]

In 2003, Elad Barkan, Eli Biham and Nathan Keller presented a ciphertext-only attack based on the error correcting codes used in GSM communication. They also demonstrated a vulnerability in the GSM protocols that allows a man-in-the-middle attack to work whenever the mobile phone supports A5/2, regardless of whether it was actually being used.[3]

Since July 1, 2006, the GSMA (GSM Association) mandated that GSM Mobile Phones will not support the A5/2 Cipher any longer, due to its weakness, and the fact that A5/1 is deemed mandatory by the 3GPP association. In July 2007, the 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones, stating: "It is mandatory for A5/1 and non encrypted mode to be implemented in mobile stations. It is prohibited to implement A5/2 in mobile stations."[4] If the network does not support A5/1 then an unencrypted connection can be used.

See also

References

  1. ^ Security Algorithms Group of Experts (SAGE) (March 1996). "ETR 278 - Report on the specification and evaluation of the GSM cipher algorithm A5/2" (PDF). European Telecommunications Standards Institute (ETSI). Archived (PDF) from the original on December 4, 2013.
  2. ^ Goldberg, Ian; Wagner, David; Green, Lucky (August 26, 1999). "The (Real-Time) Cryptanalysis of A5/2". David Wagner's page at UC Berkeley Department of Electrical Engineering and Computer Sciences. Archived from the original on April 21, 2021.
  3. ^ Barkan, Elad; Biham, Eli; Keller, Nathan (2003). "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication". In Boneh, Dan (ed.). Advances in Cryptology - CRYPTO 2003. Lecture Notes in Computer Science. Vol. 2729. Berlin, Heidelberg: Springer. pp. 600–616. doi:10.1007/978-3-540-45146-4_35. ISBN 978-3-540-45146-4.
  4. ^ 3GPP TSG-SA WG3 (Security) Meeting #48 (September 18, 2007). "SP-070671 - Prohibiting A5/2 in mobile stations and other clarifications regarding A5 algorithm support". 3GPP Change Requests Portal. Archived from the original on April 21, 2021.{{cite web}}: CS1 maint: numeric names: authors list (link)

External links

  • A5/2 at CryptoDox
  • A5/2 withdrawal at security.osmocom.org
  • Ian Goldberg, David Wagner, Lucky Green. The (Real-Time) Cryptanalysis of A5/2. Rump session of Crypto'99, 1999.
  • Barkam, Elad; Biham, Eli; Keller, Nathan (2008), "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication" (PDF), Journal of Cryptology, 21 (3): 392–429, doi:10.1007/s00145-007-9001-y, S2CID 459117, archived from the original (PDF) on January 25, 2020, retrieved June 17, 2023
  • Tool for cracking the GSM A5/2 cipher, written by Nicolas Paglieri and Olivier Benjamin: A52HackTool (with full source code – C language – GNU GPL)
Retrieved from "https://en.wikipedia.org/w/index.php?title=A5/2&oldid=1163877656"