Encryption is a method of encoding data so that it it cannot be read by third parties. There are several levels of encryption, and mobile phones can support different levels, to match what the network is using. Some governments do not trust their citizens with secure communications.
Is it needed?
The signals sent to and from GSM mobiles are already digitised and interleaved and are transmitted on ever-changing frequencies, with each frame on a different channel. These in themselves make it improbable that an eavesdropper could monitor a call, but the GSM standard adds another level of security: the data is encrypted before being transmitted.
Possibly more importantly, the network has to authenticate that the mobile is the one it claims to be when setting up a call.
The systems used for both these circumstances are similar. The sim card holds a private key and the AuC holds a copy of this key. The key is never passed across the air.
How does it happen?
When the network wants to authenticate a mobile's identity when setting up a call, it sends a random number to the handset. The mobile uses this as a seed to combine with the private key and an encryption algorithm A3, and returns the result to the network. At the same time, the network sends the same random number to the AUC which performs the same function, using its copy of the sim card's private key.
If the two answers match, the mobile is authenticated.
Using the same random number as a seed, combined with the sim's private key, both the mobile and the AUC generate a cypher key using algorithm A8. This key is not passed over the air, but is used by both network and mobile to encrypt each packet of data. Combining the cypher key and the frame number they produce a 114 bit sequence which is XOR'd with the first two 57 bit data blocks when they are transmitted.
Is it effective?
All this means that even if the data could be intercepted, without the cypher keys it would be extremely difficult to decode. It seems unlikely that it could be done in real time without vast computing resources.
Because the sim card never reveals its private key, it is probably not possible to "clone" a sim card by picking up the signal.
It is possible (although expensive and difficult) to copy a sim card, if you have physical access to it, and a lot of patience: you feed the sim card 150,000 different seed numbers and note the responses, then work backwards to work out the private key. This is a task that would take dedicated hardware and software many hours.
People have claimed to be able to do something similar off-air, but this is so far only theoretical, and would involve setting up a dummy base station to trick the mobile into sending these responses over the air. As the mobile's battery would run down long before the several hours of interrogation were over, this seems unlikely to happen.
The software readily available to copy sim card details only copies the address book entries, not the security settings or the sim's identity.
Duplicate sim cards?
Some networks offer multiple sims on one account. These have different identities as far as the network is concerned, but the "active" sim for the account (and telephone number) can be changed by the user.
back to 'How Mobiles Work'