SECURITY

GSM was designed with a moderate level of security. The system was designed to authenticate the subscriber using a SHARED and challenge response. Communications between the subscriber and the base station can be encrypted. The development of umts introduces an optional usim, that uses a longer authentication key to give greater security, as well as mutually authenticating the network and the user - whereas GSM only authenticated the user to the network (and not vice versa). The security model therefore offers confidentiality and authentication, but limited authorization capabilities, and no non repudation.
GSM uses several cryptographic algorithms for security. The a-5 and a-2,2 are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. A large security advantage of GSM over earlier systems is that the Key, the crypto variable stored on the sim card that is the key to any GSM ciphering algorithm, is never sent over the air interface. Serious weaknesses have been found in both algorithms, and it is possible to break A5/2 in real-time in a cipher txt. The system supports multiple algorithms so operators may replace that cipher with a stronger one.