|Mobile Wireless Authentication and Encryption|
<< Permeable GSM is good for CDMA. Lots of people worry about being listened to, so they would just as soon have a phone which can't be listened to [except by the megacomputers at the National Security Agency]. Other things being equal, they'll opt for CDMA. >>
In relationship to what is under discussion permeable GSM is no better or worse than permeable CDMA, although it has in the past (before the adoption of R-UIM by 3GPP2) had a potential advantage for carriers.
GSM network authentication was (is) based on shared private key using three security algorithms, A3, A5, and A8 with comp128 or optionally a carrier specific algorithm like Vodafone uses. There is also a data specific GEA3 encryption algorithm for GPRS.
A3 and A8 - normally identical - are operator specific and saved in the SIM and AuC. A5 is saved in ME and specified for data encryption and decryption over the air interface.
Along the way comp128 has been strengthened, some portions of the algorithms are (or will be) made available for public scrutiny by cryptographers and code crackers who serve a valuable purpose in life by doing what the Israeli's just did.
The original scheme has proven remarkably robust given the fact that it was designed in the mid-eighties and been in commercial use for over a decade.
While the SIM (or today the R-UIM) serves many functions its original purpose was network authentication. If the algorithms were ever compromised the SIM with a new or strengthened algorithm could be replaced rather than recalling a handset and replacing a soldered in IC which stored the algorithms.
There was great panic in the ANSI-41 community when the authenticating algorithms used commonly for cdmOne,IS-54/IS-136 TDMA, and authenticating AMPS were first cracked in 1997, and momentum built for SIM adoption in CDMA because of the potential consequences, even while Lucent strengthened the compromised algorithms. Of course the SIM wasn't invented in San Diego so there was strong opposition to its adoption from that contingent. The San Diego stance of "No SIM in CDMA" (one of Qualcomm's "5 Principles") changed dramatically when China said "if no SIM In CDMA then no CDMA in China."
3GPP & 3GPP2 today are working together on 3G authentication and eventually financial transactions will probably make use of public key rather than private key.
One thing to keep in mind however is that encryption can only be as strong as the local government allows it to be, and several governments, most notably the US, France, and China, will never allow it to be too strong and will always have a back door.
And, oh yeah, the paranoid would say that someone in DC is now reading this post because they are monitoring keywords - several contained herein - in Internet traffic.
I never should have watched that rerun of "Enemy of the State" with Gene Hackman and Will Smith last evening. <g>
3GPP link on this here:
- eQ -