Breaking GSMFollowing words are used ambiguouslyTower : It covers all the technologies deployed by the operator User : Anyone having a SIM and wants to join or create a session with the towerEavesdropping : Any form of data interceptionAn overview of GSMGSM relies on three functions for Authentication and Stream encryption they are name A3 , A5 , A8 A3 :- For Authenticating a User ( Sim ) A5 :- For encrypting Data Stream (Between User and Tower) A8 :- Generating Dynamic key for A5 An overview of SIM SIM is what the user has, it contains useful data listed as follows :- IMSI number (International Mobile Subscriber Identity) Subscriber Authentication key (Ki) A3 and A8 Security algorithms PIN (Personal Identification Number) PUK (Personal Unlocking Key)To prevent eavesdropping after initial connection TSMI is used instead of IMSI (TSMI is assigned by the Tower)Following sequence is followed A3-->A8-->A5 Note: While A3 and A8 are embedded in Sim (Run on SIM) A5 runs on users deviceA3 : The authentication Mobile station sends IMSI to network network accepts IMSI and find corresponding which is 128 bit secret key stored on the SIM card as well as available with the authentication center The AUC generates 128 bit random number RAND and sends to the mobile station. This is called“challenge” The AUC generates 128 bit random number RAND and sends to the mobile station. This is called“challenge”◦ SIM card accepts this challenge and uses the random number and key Ki as input to A3 algorithm. SIM has a microcontroller to execute the algorithm A3. It produces 32 bit output called signature response SRES using Ki and RAND as input 4. Network also calculates output using same inputs i.e. Ki,RAND and algorithmA3. MS sends SRES tonetwork6. Network matches both SRES, if matched subscriber is authenticated.COMP128 is used as hashing function , COMP128 is oneway function that uses substitution and permutation to hash the Ki and RAND (Some snippets)/* ( Load RAND into last 16 bytes of input ) */for (i=16; i<32; i++) x[i] = rand[i-16];/* ( Load key into first 16 bytes of input ) */for (j=0; j<16; j++) x[j] = key[j];Note the size of the key and RAND are 128 bits hence size of x is 256 bitsNow permutation and subsitution is performed to x[i] using 5 tables which are of size 2048,1024,512,256,128Code for permutation and substitution is omitted as it is not important The output of the COMP128 algorithm is 128 bit long of which the first 32 bits is SRES and the next 54 bits is CIPHER KEY (Which is used as input in A5)Cipher key is padded with 10 "0" bits to make it 64 bits and than feed as an input to A5SRES is send to network and if network has calculated the same value for sres you are verified.