Status: Final Published
Published Date: A5/3 and GEA3 specifications, 1999; A5/4 Encryption Algorithms for GSM and ECSD, and the GEA4, March 2004, Release 15 in October 2018
The Confidentiality and Integrity Algorithms for GSM and GPRS (specifically the A5/3, A5/4, GEA43, and GEA4) are tied to patents held by the Mitsubishi Electric Corporation Japan, which, in turn, has made them available on a royalty-free basis provided that a license is secured from the company. Underneath the obvious objective of providing security specifications for cellular communications, the SP 800-187 also serves as a stepping stone for a much more vital and intricate purpose, especially when considering automotive applications: encryption and data security.
This specification addresses a copious amount of communication security elements indirectly versus
directly. Rather than dealing with communication security on a grander scale of cellular-connected things, the standard instead focuses on the building blocks for other security services: the encryption algorithms. The key elements of this specification, along with the “confidentiality” and “integrity” parameters for cellular technologies can be broken down even further and include the following:
- Encryption Roadmap and Data Security: This refers to attempting to develop a well-rounded
roadmap of a cellular encryption approach that addresses both data security in-transit (confidentiality over the transmission of information) and data security at-rest (integrity of data caches).
- (Mostly) Full-Spectrum Cellular: Another key element is safeguarding communication security for communication protocols 2G, 3G, and 4G. However, as will be discussed below, there are a number of issues to consider here regarding 2G and Narrowband-Internet of Things (NB-IoT).
- Interference Protection and Visibility: This assures that no external interference can disrupt
connectivity, or at the very least that such interference is minimized and potentially even
detected much earlier when it occurs (thus providing additional visibility and evidence of
tampering ahead of time).
- Damage Mitigation and Safeguard OTA: Finally, this refers to attempting to minimize
connection tampering, replay attacks, attacks targeting data integrity, connectivity hijacking,
potentially even blocking or altering predetermined OTA communication, which could carry
security updates, vendor-specific system updates, and, perhaps most vital of all, critical
automotive system function updates.
Cellular Vulnerabilities: Note, however, that even though the specification addresses security encryption for cellular communications, many vulnerabilities still continue to surface, many of which are attempting to perform the actions outlined in the previous bullet point section with the “replay attack” being the top threat.
It should be noted that the 2G protocol is arguably the weakest of them all, but even encryption protocols for 3G and 4G also suffer from vulnerabilities. This specification does not directly address these issues (i.e., attack vectors or vulnerable paths), but rather outlines top-level information and other essential algorithms that can be used in lieu of other less secure alternatives. As expected, the type of target application greatly alters security expectations and the choice of encryption algorithm to use.
Below is a list of the key encryption algorithms addressed in the Confidentiality and Integrity Algorithms for GSM and GPRS. Note that some versions like A5/1 and A5/2, GEA1 and GEA2, or UEA-type algorithms are not the focus of this standard, but they are included for the sake of completion. The main ones addressed by this standard are A5/3, A5/4, GEA/2, GEA/3, GEA/4, and GEA/5.
- A5/1 and A5/2: These were the original cellular algorithms attempting to cover the first and
second generation of cellular communications and are now obsolete.
- A5/3 and A5/4: Both use the KASUMI block cipher (a 64-bit and 128-bit cipher originally
created by the European ETSI), which is the foundation for GSM and GPRS encryption. All A5-type
encryption algorithms are focused on providing security for voice data packets. The A5/3 used
the 64-bit, while the latter A5/4 extended the encryption to a more advanced 128-bit cipher,
which, as expected, is more complex and secure.
- UEA1 and UIA1: The UEA1 and UIA1 are the key ciphering algorithms and the basis for others
like A5/4 and GEA/4, which focus on data security for data at-rest and in-transit. Both are built on
KASUMI, as are the GEA/3 and GEA/4.
- GEA/1 and GEA/2: Rather insecure encryption algorithms covering the entire GSM/GPRS/
EDGE/3G/4G spectrum, which can be easily decrypted.
- GEA/3 and GEA/4: Similar to the A5/3 and A5/4, the GEA/3 is based on the 64-bit version of
KASUMI, while the GEA/5 offers the advanced 128-bit version. Both cover the full cellular
spectrum GSM/GPRS/EDGE/3G/4G. All GEA-type encryption algorithms focus on providing
encryption for all other non-voice data packets.
- GEA5: The latest version of the data packet encryption algorithm, which is based on SNOW 3G.
LPWA for IoT-focused Automotive Applications: The specification does not deal with new IoT-focused
cellular connectivity protocols like NB-IoT or Long-Term Evolution (LTE) Cat M1 (also called LTE-M), which concern Low Power Wide Area (LPWA) applications. While they have not hit critical mass as of yet, protocols like LTE-M, which are based on the 3rd Generation Public Partnership (3GPP) standard for enabling LPWA communications, are used for car-sharing, vehicle telematics, tracking, and connected parking applications. The current iteration of this specification does not cover connection security issues for the aforementioned applications or protocols.