Project

General

Profile

Actions

A52 Withdrawal » History » Revision 1

Revision 1/7 | Next »
admin, 02/19/2016 10:51 PM
first version of page on A5/2 withdrawal


PageOutline = Withdrawal of A5/2 algorithim support =

After several attacks have been published on breaking the A5/2 encryption algorithm, the specification bodies (ETSI, 3GPP)
and the operator industry (GSMA) have started to phase out A5/2.

As there seems no public document describing this procedure in detail, the page in this wiki was created.

Most of the information has been recovered from the published [http://www.3gpp.org/ftp/Specs/html-info/Meetings-S3.htm 3GPP SA3 WG meeting reports]

Timeline

=== November 2004: 3GPP SA3 Meeting 36 ===

From the official [http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_36_Shenzhen/Report/Draft_Rep_v004_SA3_36.pdf report]:

''TD S3-041028 Vodafone comments to S3-040955: Proposed CR to 43.020: Clarifying the support of algorithms
within mobile stations (Rel-6). This was introduced by Vodafone and comprised an update to TD S3-040955. It was
reported that phasing out A5/2 was acceptable for the GSMA Board. The effect on other operators who implement
only A5/2 (if any) was unknown, as they do not participate in the GSM/3GPP standardisation bodies). The CR was
revised in TD S3-041075, which was approved.''

=== July 2007: 3GPP SA3 Meeting 44 ===

From the official [http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_44_Tallinn/Report/S3-060772.zip report]:

{{{
Charles Brookson gave a review of GSMA Security Group activities. Progress was being made on the 2006 work items:
- Withdrawal of A5/2 from GSM handsets and networks
}}}

''It was noted that some manufacturers are reluctant to remove A5/2 from their mobiles as some operators were still using it. The answer was that work is still ongoing to convince operators, mainly from North America, that A5/2 should be removed.''

This means that even by mid-2007, A5/2 was still actively used by operators even in the 1st world!

Miscellaneous

=== The GSMA IR.21 roaming database ===

The GSMA is maintaining a database of GSM roaming operators called IR.21. It contains information about
the various GSM operators world wide.

The structure of the information is described in
[http://www.algerietelecom.dz/veilletech/bulletin67/pdf/mobile7.pdf GSM Association Roaming Database, Structure and Updating Procedures].

Interesting bits of information are: * Which ciphering algorithms are in use (this should tell us where A5/2 is still in use!) * Whether or not ''Authentication performed for roaming subscribers at the commencement of GSM Service'' * Whether or not ''Authentication performed for roaming subscribers in case of GPRS''

Having access to this database (which is available to all 700+ full GSMA members) would give real insight in
the reality of GSM network security!

=== GSMA PRD SG.15 ===

the [GSMA_Security_Group] has a document called SG.15 which describes best common practises regarding the use
of GSM security features.

Unfortunately we don't have access to that document..

=== Operators reluctant to phase out A5/2 ===

[http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_44_Tallinn/Report/S3-060772.zip 3GPP SA3 Meeting Report 44] (July 2006) states:

''It was noted that some manufacturers are reluctant to remove A5/2 from their mobiles as some operators were still using it. The answer was that work is still ongoing to convince operators, mainly from North America, that A5/2 should be removed. ''

Interestingly, not the 3rd world countries were reluctant to switch to A5/1, but American operators ;)

Files (0)

Updated by admin about 8 years ago · 1 revisions

Add picture from clipboard (Maximum size: 48.8 MB)