The GSM A5/1 encryption key made public

Security expert Karsten Nohl has finally published part of the GSM communications encryption key, titled A5/1, as he deems it to be too weak.

The A5/1 algorithm has been present since the creation of GSM mobile networks, with its aim being to protect communications between devices. In place for 20 years now, it is the core around which cellular networks are built.

In this time though, the mobile phone has considerably evolved with more then 4 billion subscribers now connected to networks around the world. Some security hunters are worried that 80% of mobile calls in the world are protected by methods which haven’t evolved much since 1988.

Karsten Nohl, a German encryption expert has been interested in the A5/1 algorithm for a while, with his aim being to display its weaknesses so as to push the mobile industry into adopting a stronger system. Over the course of 2009 he has refined a method which allows a user to quickly break the protection applied to a standard device.

His aim is to prove that that the algorithm is no longer sufficient to effectively protect cellular communications considering that more and more tasks are being done with the help of mobile networks.


The Mobile industry isn’t overly worried
The GSMA (GSM Association), which brings together mobile phone carriers, deems that the threat is exaggerated, while nevertheless working to reduce the danger. They state that the protection is more complex than it appears as, besides the key, you also have to identify the corresponding data streams amongst a mass of ongoing calls being circularly relayed on numerous frequencies.

To backup his threats, Karsten Nohl decided to publish part of his work, notably the swap table which allows you to decode GSM communications. This work was created in collaboration with members of the Chaos Computer Club and it is freely available on peer-to-peer networks.

By not releasing this table himself, and by stating that he has never used it to decode any communications, he is trying to stay within the law. He goes on to point out that all of the software and hardware tools required to complete  his work are available and easily accessible.

In reality, the mobile industry didn’t let things slide completely, as an evolution of the algorithm named A5/3, was developed and deployed on 3G networks. It is possible to also deploy this to GSM networks, although carriers weren’t willing to front up the required costs, believing that A5/1 was sufficient.

The publication of the swap table may perhaps change all of this, with some watchers warning that the decryption of GSM conversations could be done within a matter of hours (or minutes if the procedure is improved) and then abused by organised criminals. Will this point of view be taken seriously enough to convince the mobile industry that their security measures are up to scratch?