Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg.

Sem: VI Year: FH
2022 ​

Experiment No 3: GSM Security

PART A

(PART A: TO BE REFFERED BY STUDENTS)

A.1 Aim: To implement GSM security algorithms (A3/A5/A8)

A.2 Objectives: To understand the security algorithms in mobile networks

A.3 Outcomes: Student will be able to implement security algorithms for mobile
communication network. (LO-4)

A.4 Tools Used/programming language: Java, Python etc

A.5 Theory:

•​ Authentication verifies identity and validity of SIM card to the network and ensures
that subscriber has access to the network.

•​ Term used

✔​ Ki= individual subscriber authentication key, it is 32 bit number and present

only in SIM card and stored in authentication center.

Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

✔​ RAND= random 128 bit number generated by AUC (authentication center) when

network request to authenticate the subscribers.

✔​ SRES (signed responses) = 32 bit crypto variable used in authentication process.

✔​ Kc = 64 bit cipher key.

•​ MS is challenged by given RAND by the network.

▪ Security in GSM
•​ Three algorithms have been specified to provide security services in GSM. Algorithm A3 is
used for authentication, A5 for encryption, and A8 for the generation of a cipher key.

•​ In the GSM standard only algorithm A5 was publicly available, whereas A3 and A8 were
secret, but standardized with open interfaces.

•​ Network providers can use stronger algorithms for authentication– or users can apply
stronger end-to-end encryption.

•​ Algorithms A3 and A8 (or their replacements) are located on the SIM and in the AUC and can
be proprietary.

•​ Only A5 which is implemented in the devices has to be identical for all providers.

Subscriber Authentication
For subscriber authentication algorithm used is A3
1.​ A3 algorithm is inbuilt inside SIM and AUC, Input for A3 is Ki and RAND
2.​ Ki=Stored inside SIM(kiis encrypted inside SIM card) and not share on network and also
present in AUC of MSC.

3.​ Before a subscriber can use any service from the GSM network, he or she must be
authenticated. Authentication is based on the SIM, which stores the individual
authentication key Ki, the user identification IMSI, and the algorithm used for
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

authentication A3.
4.​ When user want to access GSM network IMSI number from SIM send to MSC then HLR then
to AUC.

5.​ Now AUC check IMSI number is present or not and identify associated Ki value (Ki is fixed),
in this procedure AUC generate RAND number which is different for every new user request.

6.​ AUC using authentication algorithm A3(input to A3 are ki and RAND) calculate SRES as
output of A3 and AUC using algorithm A8 of cipher generation (input to

A8 are ki and RAND) calculate Kcand send these SRES, Kc and RAND to HLR
then from HLR to MSC. These three terms SRES, Kc and RAND are called as triplet.

7.​ MSC now send only RAND value to MS

8.​ MS using algorithm A3 (input to A3 is Ki and RAND)calculate SRES and using algorithm A8
calculate Kc and send these SRES and kc to MSC

9.​ MSC check SRES receive from MS and Network are same or not. If both are same

Encryption
1.​ To ensure privacy, all messages containing user-related information are encrypted in
GSM over the air interface.
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

2.​ After authentication, MS and BSS can start using encryption by applying the cipher key Kc

3.​ Kc is generated using the individual key Ki and a random value by applying the algorithm
A8. Note that the SIM in the MS and the network both calculate the same Kc based on the
random value RAND. The key Kc itself is not

transmitted over the air interface.

4.​ MS and BTS can now encrypt and decrypt data using the algorithm A5andthe
cipher key Kc. As Figure shows, Kc should be a 64 bit key – which is not very
strong, but is at least a good protection against simple eavesdropping.
However, the publication of A3 and A8 on the internet showed that in certain
implementations 10 of the 64 bits are always set to 0, so that the real length of
the key is thus only 54 consequently, the encryption is much weaker.

5.​ Note: An eavesdropping attack, also known as a sniffing or snooping attack, is a

theft of information as it is transmitted over a network by a computer,
smart-phone, or another connected device. The attack takes advantage of
unsecured network communications to access data as it is being sent or received
by its user. Eavesdropping is the act of intercepting communications between
two points.
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

Figure: Data Encryption

A.6 Sample Source Code:

https://www.theprogrammingcodeswarehouse.com/2020/04/implementation-ofa3-
security.html

import random k=random.getrandbits(128)

m=random.getrandbits(128) kb=bin(k)[2:]
mb=bin(m)[2:] kbl=kb[0:64] kbr=kb[64:]
mbl=mb[0:64] mbr=mb[64:]
a1=int(kbl,2)^int(mbr,2)
a2=int(kbr,2)^int(mbl,2) a3=a1^a2
a4=bin(a3)[2:].zfill(64) a5=a4[0:32]
a6=a4[32:] a7=int(a5,2)^int(a6,2)
print("128 Bit Key = ",kb)
print("128 Random Bits Generated = ",mb) print("RES/SRES
= ",bin(a7)[2:].zfill(len(a5)))

A.6 Sample Output:

128 Bit Key
=1111101110100110010000010010011000100111001111010011101011010001111000111000001
111

011101110110111010100010110101000111010001

128 Random Bits Generated

=1100000100010001011000101110010011011010110011001000110101110001001000010100101
001

0000010011110000001000011001001111111000100

RES/SRES=11110110110100000010111110001101
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

PART B

(PART B: TO BE COMPLETED BY STUDENTS)

(Students must submit the soft copy as per following segments within two hours of the
practical. The soft copy must be uploaded on the ERP or emailed to the concerned lab in
charge faculties at the end of the practical in case the there is no ERP access available)

Roll No.: C-07 Name: Sarika Ashok Katkar

Class : TE-C Comps Batch : C1

Date of Experiment: 28-01-25 Date of Submission

Grade :

B.1 Question of Curiosity:

Q.1: Source Code (students need to implement GSM Security Algorithm using any programming
language like Java, Python, etc)

import random

def generate_random_bits(bit_length):
"""Generate a random number with the given bit length and convert it to a
binary string."""
return bin(random.getrandbits(bit_length))[2:].zfill(bit_length)

def simplified_a3_a8(key, rand):

"""
Simplified implementation of A3/A8-like algorithm.
Takes a 128-bit key and 128-bit random challenge, returns a 32-bit SRES.
"""
# Split key and random into 4 equal parts of 32 bits each
key_parts = [key[i:i+32] for i in range(0, 128, 32)]
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

rand_parts = [rand[i:i+32] for i in range(0, 128, 32)]

# XOR corresponding parts

res_parts = []
for k_part, r_part in zip(key_parts, rand_parts):
xor_result = int(k_part, 2) ^ int(r_part, 2)
res_parts.append(bin(xor_result)[2:].zfill(32))

# Combine results and perform a final XOR

combined_res = "".join(res_parts)
sres = int(combined_res[:32], 2) ^ int(combined_res[32:64], 2) ^
int(combined_res[64:96], 2) ^ int(combined_res[96:], 2)

return bin(sres)[2:].zfill(32) # Return SRES as a 32-bit binary string

# Generate 128-bit key and random number

key = generate_random_bits(128)
rand = generate_random_bits(128)

# Compute RES/SRES
sres = simplified_a3_a8(key, rand)

# Output the results

print("128-bit Key: ", key)
print("128-bit RAND: ", rand)
print("32-bit SRES: ", sres)

Q.2: Output of GSM Security Algorithm

Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

Q.3: List out various elements of GSM architecture and explain in brief function of each element.

The GSM (Global System for Mobile Communications) architecture is designed to facilitate mobile
communication within a cellular network. It consists of various elements that work together to provide
voice and data services to mobile users. Here are the key elements of the GSM architecture and their
functions:

Mobile Station (MS):

The mobile device used by the end-user, consisting of the mobile equipment (ME) and the Subscriber
Identity Module (SIM). The ME contains the hardware components, while the SIM stores user-specific
information like the International Mobile Subscriber Identity (IMSI) and cryptographic keys.
Base Station Subsystem (BSS):

Comprises the Base Transceiver Station (BTS) and the Base Station Controller (BSC).
Base Transceiver Station (BTS): Communicates with the mobile station and manages radio communication,
including modulation, demodulation, and frequency hopping.
Base Station Controller (BSC): Controls multiple BTS units, managing handovers and frequency hopping, and
allocating radio resources.
Network and Switching Subsystem (NSS):

Consists of the Mobile Switching Center (MSC), Visitor Location Register (VLR), and Home Location Register
(HLR).
Mobile Switching Center (MSC): Central component responsible for call switching and routing, call setup
and release, and managing connections to other networks.
Visitor Location Register (VLR): Maintains information about mobile subscribers currently within the
jurisdiction of the MSC it serves, providing temporary information required for call processing.
Home Location Register (HLR): Contains permanent subscriber information such as subscriber profiles,
subscription details, and current location information.
Authentication Center (AUC):

Protects network security by authenticating the identity of the mobile station and verifying the encryption
parameters. It generates and stores random numbers used in the authentication process.
Equipment Identity Register (EIR):
Lab Manual: Mobile Computing Lab (CSL-603) Branch: Computer Engg. Sem: VI Year: FH
2022 ​

Maintains a database of IMEI (International Mobile Equipment Identity) numbers, helping to identify stolen
or unauthorized mobile devices.
Short Message Service Center (SMSC):

Manages the storage, forwarding, and delivery of Short Message Service (SMS) messages.
Gateway Mobile Services Switching Center (GMSC):

Connects calls between the GSM network and other networks (such as PSTN or ISDN).
Operation and Maintenance Center (OMC):

Manages and monitors network operations, including performance, maintenance, and fault management.
Public Switched Telephone Network (PSTN):

The traditional telephone network to which GSM networks are connected, facilitating communication
between mobile and landline phones.

B.2 Conclusion:

GSM security algorithms A3, A5, and A8 ensure authentication and encryption. A3 generates a
32-bit SRES using the 128-bit Ki and RAND for subscriber authentication. A8 derives a 64-bit
session key (Kc) from Ki and RAND for secure communication, while A5 encrypts data using Kc
to protect it over the air interface. These algorithms work together to provide robust
authentication and data confidentiality.