Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A5/3 ciphering
in Release B11
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
1
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
Contents
1. SCOPE ............................................................................................................. 3
2. RATIONALE ....................................................................................................... 4
3. ALCATEL-LUCENT IMPLEMENTATION ......................................................................... 4
3.1
3.2
3.3
TCH Handover............................................................................................ 6
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
2
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
1. SCOPE
The present functional feature description provides detailed information concerning the
implementation of the A5/3 ciphering feature in the Alcatel-Lucent BSS B11 release.
The following feature is described:
15 72 90
Alcatel-Lucent
A5/3
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
3
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
2. RATIONALE
Due to fact that A5/2 ciphering algorithm has been broken, the GSM Association requested all
operators to not use A5/2 anymore from July 2007 onwards. As a complement to this request, the
MS do not support A5/2 ciphering algorithm starting with 3GPP Release 6 onwards.
In the same time, some representatives of hacker community claim that they would be able to
break also the A5/1 ciphering algorithm with relatively limited means.
These were the reasons to introduce a new ciphering algorithm in order to continue ensuring voice
calls privacy in the GSM networks.
For that purpose the A5/3 ciphering algorithm was chosen. The new algorithm is very robust. It
was standardized in 3GPP Release 4 and it is already used in the UMTS technology.
A5/3 can be a mandatory requirement of some end-users and will be needed by Operators to
maintain a good corporate image and to avoid churn due to a feeling of uncertainty.
The A5/3 ciphering algorithm only concerns the Circuit Switched domain. In the Packet Switched
domain, ciphering is not provided by the BSS.
3. ALCATEL-LUCENT IMPLEMENTATION
3.1 General behavior
Before the introduction of the A5/3 algorithm, a BSS was supporting up to 2 encryption algorithms
(A5/1 and alternatively A5/2 up to 2007), but not both of them at the same time: either A5/1 was
used for all calls, either A5/2 was used for all calls.
As A5/3 algorithm is not supported by all MS in the network and also not supported by all TRX
generations, the BSS will have to support 2 encryption algorithms simultaneously. The choice of
the algorithm to be used will be performed on a per call basis: the ciphering algorithm is decided
at call setup, and can be changed after a handover in case the new TRX has different ciphering
capabilities.
For a call, A5/3 is used if:
-
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
4
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
DTM is not enabled in the cell or DTM is enabled and the Ciphering Mode Setting
Capability of the MS bit is set. (Only 3GPP Release 6 MS are able to change the ciphering
algorithm when the call is established in DTM, this being indicated in its Ciphering Mode
Setting Capability bit.)
The MSC gives in a bit field a set of permitted algorithms on call basis, e.g. in the CIPHER MODE
COMMAND message. The BSC will always give priority to A5/3 over A5/1, in case several ciphering
algorithms are possible.
If no ciphering algorithm is specified by the MSC, the BSC will use A5/0 (No encryption).
Abis
MS
BTS
MSC
BSC
TRX1
IMMEDIATE ASSIGNMENT
IMMEDIATE ASSIGNMENT
SABM / SDCCH
SDCCH unciphered
ENCRYPTION COMMAND
2
SDCCH ciphered
HANDOVER CMD
HANDOVER CMD
3
ASSIGNMENT REQUEST
TRX2
ASSIGNMENT COMMAND
ASSIGNMENT COMMAND
SABM / FACCH
TRX3
TCH ciphered
1. At initial SDCCH allocation (i.e. call setup), ciphering is not started. At this point, SDCCH is
established without ciphering.
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
5
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
2. The ciphering algorithm is chosen at reception of CIPHER MODE COMMAND and takes into account
the TRX capabilities.
3. If a SDCCH handover takes place, it may happen that the ciphering capabilities of the new TRX
are different from the previous one. This situation can lead to a change of ciphering algorithm
after the handover.
4. Upon reception of the ASSIGNMENT REQUEST message, the selection of the ciphering algorithm is
done again for the TCH. The ciphering algorithm may have to be changed if the TRX chosen for
the TCH has different ciphering capabilities than the TRX where the SDCCH was established. For
normal TCH assignments, ciphering selection will be done based on the Encryption Information IE
stored when Cipher Mode Command was received.
5. PARAMETERS
CELL_CIPH_SET: List of the ciphering algorithms allowed by the Operator, on a per cell basis.
The values can be: A5/0, A5/0+A5/1, A5/0+A5/1+A5/3. The A5/0 bit is always set.
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
6
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
6. COUNTERS
MC951
Indicates the number of Assignment Request messages received for MS supporting A5/3 ciphering.
MC952
Indicates the number of Cipher Mode Command received from the MSC, allowing A5/3 ciphering
for a MS supporting A5/3 in a cell where A5/3 is enabled.
MC953
Indicates number of successful Cipher Mode Command procedures for usage of A5/3
MC954
Counter is incremented each time the BSC sends:
1) If the cell is a serving cell: a 44.018 ASSIGNMENT COMMAND message with the target ciphering
algorithm to be used by the MS for this call set to A5/3 (whatever the ciphering algorithm used
before),
2) If the cell is the target cell of an Intra-Cell handover, or inter-cell handover, or external handover
or internal/external directed retry: or a 44.018 HANDOVER COMMAND message via the serving cell
with the target ciphering algorithm to be used by the MS for this call in the target cell set to A5/3
(whatever the ciphering algorithm used before).
MC955
Indicates number of 44.018 Assignment Command / Handover Command messages sent to an MS,
with A5/3 as ciphering algorithm
MC956
Counter is incremented each time the BSC sends:
1) If the cell is a serving cell: a 44.018 ASSIGNMENT COMMAND message to an A5/3 capable MS
without requiring the usage of A5/3, because the TRX on which the MS is being allocated in the
serving cell does not support A5/3,
2) If the cell is the target cell of an intra-cell handover, or inter-cell handover, or external handover
or internal/external directed retry: or a 44.018 HANDOVER COMMAND message to an A5/3 capable
MS via the serving cell, without requiring the usage of A5/3, because the TRX on which the MS will
be allocated in the target cell does not support A5/3.
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
7
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.
7. GLOSSARY
2G
2nd Generation
3GPP
BSC
BSS
BTS
CS
Circuit Switched
DTM
GMSK
GPRS
GSM
HO
Handover
IP
Internet Protocol
MS
Mobile Station
MSC
NSS
Network Sub-System
OMC-R
PS
Packet Switched
SDCCH
SUM
TCH
Traffic Channel
TDM
Time-Division Multiplexing
TRX
Transceiver
8. REFERENCES
3GPP TS 24.008
3GPP TS 42.009
Security aspects.
3GPP TS 43.020
3GPP TS 48.058
Base Station Controller - Base Transceiver Station (BSC - BTS) interface; Layer
3GPP TS 55.216
3 specification.
Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the
GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3
Specifications.
End of Document
Alcatel-Lucent
File
FFUV7WE2.DOC
Reference
3DC 21144 0140 TQZZA
Date
18/082008
Edition
02
Page
8
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization.