A3 and A5 Algorithms

Submitted by:-10BEC0308-G.Karthik Reddy10BEC0321-M Chetana Sri Krishna10BEC0332-R Vamshidhar ReddyA3 and A5 AlgorithmsWireless and mobile communication mini-project

4/19/2013Prof. Vinoth Babu. KCommunication Lab

ABSTRACT:- In this report, A3 and A5/1 algorithms are discussed and these algorithms have been analysed practically by implementing them in Matlab. The results show us the step to step operations that take place while authenticating a sim and also as how the basic data encryption in done for data transfer in a GSM communication system.

INTRODUCTION:- A mobile phone (technically called as mobile base station) has become an item of necessity in this era. For communication to be done over mobile phone, we need a cellular network like AMPS, GSM, etc.... For a mobile phone to access these cellular networks, it needs identification, this is provided by a Subscriber Identification Module. The problem of authenticating the identification is solved by using the A3 algorithm.Now comes the issue of privacy and security. To ensure the privacy of the data as well as to avoid hacking of data while transmitting the data into the air, the A5 algorithm was developed. The A5/1 algorithm is the basic algorithm, but loops and faults were found in this algorithm. So newer and more tricky and confusing algorithms were developed. The currently used algorithm for encryption in GSM network is the A5/3 algorithm.

THEORY:- GSM is so convenient in that anyone can use it to communicate with anyone else in almost any place at any time. However, people are worried about two major security issues: privacy and authentication. Privacy refers to the guarantee that the communication messages are not intercepted by an eavesdropper. On the other hand, authentication is carried out to ensure that any unauthorised user cannot fraudulently obtain his/her required services from the home domains.

The security of GSM is based on algorithms A3, A5 andA8. The architecture of GSM is shown in figure below. The outputs of SRES and Kc are computed, respectively, using Ki and RAND through algorithms A3 and A8 as inputs, where Ki is the mobile stations secret key shared between the mobile station and the home system (HLR) and saved in the SIM card, and RAND is generated by HLR. SRES is a certificate to authenticate mobile stations and Kc is the session key between mobile stations land base stations (VLR). To transmit messages confidentially, algorithm A5 is used to encrypt/decrypt the transmitted messages. The A5 algorithm uses the Kc as an input and computes 228 bits for encryption purpose

A3 Algorithm:-

The above block diagram gives a simple outlook at the working of the A3 algorithm i.e. the authentication protocol. The network corresponds to HLR of the core network. Steps:-1) The Mobile Station (MS) signs into the network.2) The Mobile Services Switching Center (MSC) requests 5 triples from the Home Location Register (HLR).3) The Home Location Register creates five triples utilizing the A8 algorithm. These five triples each contain: a) A 128-bit random challenge (RAND) b) A 32-bit matching Signed Response (SRES) c) A 64-bit ciphering key used as a Session Key (Kc).4) The Home Location Register sends the Mobile Services Switching Center the five triples.5) The Mobile Services Switching Center sends the random challenge from the first triple to the Base Transceiver Station (BTS).6) The Base Transceiver Station sends the random challenge from the first triple to the Mobile Station.7) The Mobile Station receives the random challenge from the Base Transceiver Station and encrypts it with the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station utilizing the A3 algorithm.8) The Mobile Station sends the Signed Response to the Base Transceiver Station.9) The Base Transceiver Station sends the Signed Response to the Mobile Services Switching Center.10) The Mobile Services Switching Center verifies the Signed Response.11) The Mobile Station generates a Session Key (Kc) utilizing the A8 algorithm, the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station, and the random challenge received from the Base Transceiver Station.12) The Mobile Station sends the Session Key (Kc) to the Base Transceiver Station.13) The Mobile Services Switching Center sends the Session Key (Kc) to the Base Transceiver Station.14) The Base Transceiver Station receives the Session Key (Kc) from the Mobile Services Switching Center.15) The Base Transceiver Station receives the Session Key (Kc) from the Mobile Station.16) The Base Transceiver Station verifies the Session Keys from the Mobile Station and the Mobile Services switching Center.17) The A5 algorithm is initialized with the Session Key (Kc) and the number of the frame to be encrypted.18) Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.Below is a pictorial representation of the mathematical operations performed.

Code:-

clc;clear all;r=randi([0 1],128,1)ki=randi([0 1],128,1)for i=1:1:64 z(i)=xor(r(i),ki(i+64));end for i=65:1:128 d(i)=xor(r(i),ki(i-64)); end for i=1:1:64 kc(i)=xor(z(i),d(i)); end kc for i=1:1:32 sres(i)=xor(kc(i),kc(i+32)); endsressres1=sres; k=0; for l=1:1:32 if(sres(l)==sres1(l)) k=k; else k=k+1; end end if(k==0) display('USER authenticated') else display('INVALID USER') end

A5 algorithm:- A GSM transmission is organised as sequences ofbursts. In a typical channel and in one direction, one burst is sent every 4.615 milliseconds and contains 114 bits available for information. A5/1 is used to produce for each burst a 114 bit sequence ofkey streamwhich isXORedwith the 114 bits prior to modulation. A5/1 is initialised using a 64-bitkeytogether with a publicly known 22-bit frame number. Older fielded GSM implementations using Comp128v1 for key generation, had 10 of the key bits fixed at zero, resulting in an effectivekey lengthof 54 bits. This weakness was rectified with the introduction of Comp128v2 which yields proper 64 bits keys. When operating in GPRS / EDGE mode, higher bandwidth radio modulation allows for larger 348 bits frames, andA5/3is then used in a stream cipher mode to maintain confidentiality.

A5/1 is based around a combination of threelinear feedback shift registers(LFSRs) with irregular clocking. The three shift registers are specified as follows:

The bits are indexed with the Least Significant Bit(LSB) as 0.The registers are clocked in a stop/go fashion using a majority rule. Each register has an associated clocking bit. At each cycle, the clocking bit of all three registers is examined and the majority bit is determined. A register is clocked if the clocking bit agrees with the majority bit. Hence at each step at least two or three registers are clocked, and each register steps with probability 3/4.Initially, the registers are set to zero. Then for 64 cycles, the 64-bit secret key is mixed in according to the following scheme: in cycle, the key bit is added to the least significant bit of each register using XOR

Each register is then clocked.Similarly, the 22-bits of the frame number are added in 22 cycles. Then the entire system is clocked using the normal majority clocking mechanism for 100 cycles, with the output discarded. After this is completed, the cipher is ready to produce two 114 bit sequences of output key stream, first 114 for downlink, and last 114 for uplink.

Clocking of Registers:-

Code:-

clc;clear all;close all;r=randi([0 1],128,1)ki=randi([0 1],128,1)for i=1:1:64 z(i)=xor(r(i),ki(i+64));end for i=65:1:128 d(i)=xor(r(i),ki(i-64)); end for i=1:1:64 kc(i)=xor(z(i),d(i)); end kc

RA = zeros(19,1);RB = zeros(22,1);RC = zeros(23,1);for i=1:1:19 RA(i)=kc(i);endfor j=20:1:41 RB(j-19)=kc(j);endfor h=42:1:64 RC(h-41)=kc(h);endRARBRCi = 0;while(i ~= 228 ) i = i + 1 ;RA19 = RA(19,1);RA18 = RA(18,1);RA17 = RA(17,1);RA14 = RA(14,1);

RB22 = RB(22,1);

RC21 = RC(21,1);RC8 = RC(8,1);RA9 = RA(9,1);RB11 = RB(11,1);RC11 = RC(11,1);n = 0;l = 0;if(RA9 == 1) l = l + 1;else n = n + 1;endif(RB11 == 1) l = l + 1;else n = n + 1;endif(RC11 == 1) l = l + 1; else n = n + 1;end

if(l > n) c = 1;else c = 0;end

tempA = bitxor(RA19, RA18);tempA = bitxor(RA17, tempA);tempA = bitxor(RA14, tempA);tempB = bitxor(RB22, RB21);tempC = bitxor(RC23, RC22);tempC = bitxor(RC21, tempC);tempC = bitxor(RC8, tempC);

if(RA9 == c) for m = 19 :-1: 2 RA(m,1) = RA(m-1,1); end

RA(1,1) = tempA;end

if(RB11 == c) for m = 22 :-1: 2 RB(m,1) = RB(m-1,1); end RB(1,1) = tempB;end

if(RC11 == c) for m = 23 :-1: 2 RC(m,1) = RC(m-1,1); end RC(1,1) = tempC;end

outA = bitxor(RA19,RB22);outA = bitxor(RC23,outA);seq(i) = outA;endk=seq;for a=1:1:114 down(a)=k(a);endfor b=115:1:228 up(b-114)=k(b);endupdown Observation and Results:- By executing the above given matlab codes, e are able to analyse the algorithms. By using the randi function to generate a random number to be used as rand, we perform the operations as required. Depending on the random number, we get different outputs for each case. Also we presume the case where the system response (SRES) is same at both mobile phone (MS) and Mobile Switching Centre (MSC).This is regarding the authentication as per A3 Algorithm.

As for the A5 algorithm, we have generated the code which is used to mask the information to be transmitted and unmask the encrypted information received.Sample Result:-kc = Columns 1 through 20 1 1 0 1 1 0 1 1 1 1 0 1 1 0 0 1 0 0 1 1 Columns 21 through 40 1 1 1 1 1 1 0 1 1 1 0 0 1 1 0 0 0 0 1 0 Columns 41 through 60 1 1 1 0 0 0 0 0 0 0 1 0 1 0 0 0 1 0 1 0 Columns 61 through 64 1 0 0 0

sres = Columns 1 through 20 0 0 0 1 1 0 0 1 0 0 1 1 1 0 0 1 0 0 0 1 Columns 21 through 32 0 1 1 1 0 1 1 1 0 1 0 0

USER authenticated REFERENCES:- 1) Wikipedia2) C.C.Lee, M.S.Hang and W.P Yang-Extension of Authentication Protocol IEEE 20023) Google and other small websites