GSM/EDGE BSS,

rel. RG10(BSS), operating

documentation, issue 02
Feature description
BSS20093: A5/3 ciphering
DN70645977, issue 1-1


2 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d8058058d589
The information in this document is subject to change without notice and describes only the
product defined in the introduction of this documentation. This documentation is intended for the
use of Nokia Siemens Networks customers only for the purposes of the agreement under which
the document is submitted, and no part of it may be used, reproduced, modified or transmitted
in any form or means without the prior written permission of Nokia Siemens Networks. The
documentation has been prepared to be used by professional and properly trained personnel,
and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes
customer comments as part of the process of continuous development and improvement of the
documentation.
The information or statements given in this documentation concerning the suitability, capacity,
or performance of the mentioned hardware or software products are given "as is" and all liability
arising in connection with such hardware or software products shall be defined conclusively and
finally in a separate agreement between Nokia Siemens Networks and the customer. However,
Nokia Siemens Networks has made all reasonable efforts to ensure that the instructions
contained in the document are adequate and free of material errors and omissions. Nokia
Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which
may not be covered by the document.
Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO
EVENT WILL Nokia Siemens Networks BE LIABLE FOR ERRORS IN THIS DOCUMENTA-
TION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDI-
RECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED
TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY
OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION
IN IT.
This documentation and the product it describes are considered protected by copyrights and
other intellectual property rights according to the applicable laws.
The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark
of Nokia Corporation. Siemens is a registered trademark of Siemens AG.
Other product names mentioned in this document may be trademarks of their respective
owners, and they are mentioned for identification purposes only.
Copyright Nokia Siemens Networks 2009. All rights reserved
f Important Notice on Product Safety
Elevated voltages are inevitably present at specific points in this electrical equipment.
Some of the parts may also have elevated operating temperatures.
Non-observance of these conditions and the safety instructions can result in personal
injury or in property damage.
Therefore, only trained and qualified personnel may install and maintain the system.
The system complies with the standard EN 60950 / IEC 60950. All equipment connected
has to comply with the applicable safety standards.
The same text in German:
Wichtiger Hinweis zur Produktsicherheit
In elektrischen Anlagen stehen zwangslufig bestimmte Teile der Gerte unter Span-
nung. Einige Teile knnen auch eine hohe Betriebstemperatur aufweisen.
Eine Nichtbeachtung dieser Situation und der Warnungshinweise kann zu Krperverlet-
zungen und Sachschden fhren.
Deshalb wird vorausgesetzt, dass nur geschultes und qualifiziertes Personal die
Anlagen installiert und wartet.
Das System entspricht den Anforderungen der EN 60950 / IEC 60950. Angeschlossene
Gerte mssen die zutreffenden Sicherheitsbestimmungen erfllen.
DN70645977, issue 1-1

3
BSS20093: A5/3 ciphering
Id:0900d8058058d589
Table of contents
This document has 16 pages.
Reason for update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.1 In general . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.1 End user benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.2 Operator benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Functional description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1 Functional overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Ciphering algorithm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 System impacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5 User interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.1 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.2 Parameter evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.3 System responses to failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.4 Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.5 Measurements and counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6 Activating and configuring the feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1 Feature activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2 Feature deactivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
7 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
0 Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d8058058d589
List of figures
Figure 1 Ciphering and deciphering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
DN70645977, issue 1-1

5
BSS20093: A5/3 ciphering
Id:0900d8058058d589
List of tables
Table 1 BTS software support of A5 ciphering modes . . . . . . . . . . . . . . . . . . . . . 8
Table 2 Selection of A5 algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Table 3 Error description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580515851
Reason for update
Reason for update
Issue history
Details
Issue
number
Date of issue Reason for update
01 12/2008 Approved draft of first issue for new release
1-1 02/2009 First issue for new release
DN70645977, issue 1-1

7
BSS20093: A5/3 ciphering Introduction
Id:0900d8058021f512
1 Introduction
1.1 In general
For CS calls and SMSs, the A5/3 ciphering code provides more secure air interface links
to prevent hacking attacks than A5/1 encryption. Therefore, A5/3 encoding shall be
deployed if possible, as defined by the A5/3 ciphering feature (BSS20093). Otherwise,
the A5/1 algorithm can be used, which is supported by all BTS and MS types.
Maximum encryption is selected by the BSC in the call setup phase. This algorithm will
be changed to the less complex one only if the target TRX is not capable of supporting it.
According to 3GPP GERAN standardization, the A5/2 cipher mode (which is less secure
than A5/1) is not allowed to be supported in MSs for further releases. If non-encryption
is permitted, A5/0 can be deployed. The set of usable ciphering algorithms is then {A5/0,
A5/1, A5/3}, where the 3GPP standardization ciphering method A5/3 is the most secure
one. First, application of this algorithm will be tried. If a ciphering mode cannot be estab-
lished, a less secure one will be applied.
Ciphering is performed by the BTS. The BSC selects the ciphering algorithm based on
information received from the MSC and information about allowed and supported algo-
rithms in the BSS and the MS.
1.2 Benefits
The ciphering algorithm A5/3 provides more secure air interface links than A5/1 encryp-
tion. If the network capabilities are sufficient, A5/3 encryption shall be deployed. Intro-
duction of A5/3 mode provides an adequate level of security against hacking attacks.
Nevertheless, the A5/1 algorithm can be used as fallback solution.
1.2.1 End user benefits
If the decryption key is unknown, the decryption probability for A5/3 coding is less than
for A5/1 encryption. Therefore, electronic eavesdropping on A5/3 ciphered calls is more
difficult than on A5/1 encrypted ones.
1.2.2 Operator benefits
A5/3 ciphering enables the operator to offer modern encryption methods in order to
support the subscribers right to use secure communication paths.
8 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580258dc2
Requirements
2 Requirements
The A5/3 ciphering algorithm can be used for voice calls and SMSs if both the MS and
the BSS support this encryption.
During handovers, the ciphering mode changes from A5/3 to A5/1 coding and, if non-
encryption is permitted, it is even possible to change from A5/3 to A5/0 and from A5/1
to A5/0. If ciphering mode change is not possible, then the required handover is not exe-
cuted.
The BSS is also capable of changing ciphering modes for DTM intracell HOs. For DTM,
a release 7 MS is required to support ciphering mode change during DTM assignment.
2.1 Software requirements
The A5/3 ciphering algorithm has to be deployed in the BSS. The BSC has to be
equipped with S14 software.
BTS
The new ciphering software package has to be installed if BTS hardware requirements
are fulfilled.
BTS software support can be checked by the following mapping:
Failure indication and the corresponding counters are implemented.
A ciphering mode setting IE is used for
handover DL messages,
messages to update database entries of the MSC after intercell handovers, inter
BSC handovers, and after MOC and MTC setup.
A interface
Ciphering mode change requires usage of cipher mode IE for handover command
messages.
The selected encryption algorithm IE is used for the following messages to the MSC:
Handover performed, Cipher mode complete, and Handover request acknowl-
edge.
Air interface
Ciphering mode change requires usage of cipher mode IE for handover command
messages.
Cipher mode IE is used for the assignment command message and the DTM
assignment command message for intracell handovers.
Hex digits Supported ciphering
UV.WX-Y0 A5/0
UV.WX-Y1 A5/0, A5/1
UV.WX-Y3 A5/0, A5/1, A5/3
Table 1 BTS software support of A5 ciphering modes
DN70645977, issue 1-1

9
BSS20093: A5/3 ciphering Requirements
Id:0900d80580258dc2
2.2 Hardware requirements
The above-mentioned prerequisites have to be supported by the hardware. The Flexi
EDGE BTS hardware supports A5/3 ciphering. For UltraSite BTS and MetroSite BTS,
EDGE support or EDGE capable baseband units are required. The Talk Family BTS
type does not support A5/3 ciphering because of its DSP capacity limitation.
10 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580258d97
Functional description
3 Functional description
The A5/3 ciphering feature improves ciphering by implementing the A5/3 algorithm.
This chapter is divided into the following sections:
Functional overview
Ciphering algorithm
For general information on the ciphering procedure, the reader is referred to Basic Call,
DN9814062, ch. 2.8.
3.1 Functional overview
Data of GSM air interface channels can be encrypted and decrypted by means of the A5
algorithm. The data will be A5 encrypted after interleaving and before GMSK modula-
tion. This new feature offers improved methods to select A5 ciphering algorithms for the
air interface, and introduces A5/3 encryption to the BSS. A5/3 ciphering is based on the
Kasumi F8 algorithm, which is also used in WCDMA RAN.
According to 3GPP GERAN standardization, A5/2 ciphering mode may not be sup-
ported in MSs for further releases. The A5/1 algorithm can be used as an alternative to
A5/3 encryption. The latter is supported by all BTS and MS types.
Ciphering is performed by the BTS burst by burst. The BSC selects the ciphering algo-
rithm based on the information received from the MSC and the information about
allowed and supported algorithms in the BSS.
The use of A5/3 is licensed, and license checking (on/off) for the feature is implemented
in the BSC. In the BTS, the A5/3 algorithm is implemented only in the EDGE BB of the
TRX, because of the DSP capacity required for this feature. Therefore, the BSC has to
check whether the TRX is A5/3 capable before selecting the ciphering algorithm.
Maximum A5 encryption is selected by the BSC in the call setup phase based on the
MSC parameters, the MS capability, and software and hardware support of BTS and
BSC parameters. This ciphering algorithm is selected according to the algorithm used
previously and the TRX capability, and will be changed only if the target TRX is not
capable of supporting it. The ciphering algorithm can be changed during assignment or
during handover from a stronger to a weaker one, e.g. from A5/3 to A5/1. If the non-
ciphering algorithm A5/0 is permitted and encryption is not possible, this mode can also
be taken into account.
The ciphering mode has to be changed from A5/3 to A5/1 or to A5/0 if at least one of
these algorithms is deployed, and
the destination TRX does not support A5/3,
handovers using ciphering of A5/3 upgraded and non-upgraded TRXs or BTSs
exist, or
non-encryption is permitted and only A5/0 can be used.
It is neither required nor possible to change the ciphering mode for intra BTS handovers
of the Flexi EDGE BTS.
The strongest ciphering algorithm is initially selected during the call setup phase based
on the MS and BSS capabilities. This algorithm will be changed if needed, possible, and
permitted.
Application of A5/3 ciphering affects BTS, MSC and MS functionalities.
DN70645977, issue 1-1

11
BSS20093: A5/3 ciphering Functional description
Id:0900d80580258d97
3.2 Ciphering algorithm
If GMSK modulation is used, as presupposed for this feature, the plain text is mapped
to binary blocks 114 bits in length. Each of these blocks is part of a normal burst and
transmitted during a time slot. For ciphering, algorithm A5 produces an enciphered/deci-
phered block every 4.615 ms using a bit-wise modulo 2 addition with the plain text block.
Figure 1 Ciphering and deciphering
Block 1 and Block 2
Block1 and Block 2 of equal length (114 bits=length of the normal burst) are gener-
ated using the A4 algorithm. In the MS, deciphering is performed for each time slot with
Block 1, and enciphering with Block 2. In the BSS, the order is inverse, i.e. decipher-
ing is performed with Block 2 and enciphering with Block 1.
Count
Enciphering and deciphering are synchronized by steering the A5 algorithm using the
explicit time variable Count. This Count parameter is derived from the TDMA frame
number, expressed as a block of 22 bits.
Cipher key (Kc)
The cipher key is a binary block code of 64 bits.
Ciphering AIgorithm
DIRECTION
LENGTH
Kc
KEYSTREAM
PLAINTEXT
BLOCK
CIPHERTEXT
BLOCK
BLOCK
COUNT
Sender
MS or BSS
12 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580258de7
System impacts
4 System impacts
In this chapter, dependencies on other features of the BSS are considered.
DTM call
Sometimes DTM call intracell handovers require ciphering mode change. Cipher mode
IE is used for this purpose in DTM assignment messages. If the MS does not support
this IE, intracell handover with ciphering mode change cannot be used. Evidently, A5/3
encoding for the corresponding handovers has to be supported.
A5/1 ciphering
A5/3 ciphering is used instead of the weaker A5/1 encoding if the BTS supports A5/3
ciphering and if this encoding is enabled in the BSC and the MSC.
FACCH call
A5/3 ciphering for FACCH calls is possible.
DN70645977, issue 1-1

13
BSS20093: A5/3 ciphering User interface
Id:0900d80580258e9f
5 User interface
This chapter is divided into the following sections:
Parameters
Parameter evolution
System responses to failures
Alarms
Measurements and counters
5.1 Parameters
Configuration management provides parameters in order to select allowed A5 algo-
rithms with regard to the BSC:
The on/off license defines whether the A5/3 algorithm is permitted in the BSC.
5.2 Parameter evolution
Not applicable.
5.3 System responses to failures
The following error codes are used for failures concerning the feature:
5.4 Alarms
No alarms are related to this feature.
5.5 Measurements and counters
The CIPH NOT SUPPORT TRX counter is updated in order to detect insufficient A5
support on the target side.
Parameter Values
ALLOWED_A5_ALGORITHMS A5/0, A5/1
Table 2 Selection of A5 algorithms
Error Description
ciph_not_support_trx_c Number of failed ciphering algorithm selections
due to incompatible ciphering algorithm support
Table 3 Error description
14 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580258ede
Activating and configuring the feature
6 Activating and configuring the feature
This chapter provides the procedures to operate the A5/3 ciphering feature.
6.1 Feature activation
Prerequisites
Additional support by the following network entities is needed to use the feature:
MSC
BTS hardware and software
MS
1 Check that the license or licenses for the A5/3 ciphering feature are installed
For an overview of licensing procedures, see Licensing in BSC and W7 License and
Feature Handling.
ZW7I: LIC,FULL:LIC=<licence code>;
2 Set the state of A5/3 ciphering to ON
The feature is automatically operational when the feature state in license management
is ON.
ZW7M:FEA=1235:ON;
The operator can check usage and used capacity of the feature via the platform feature
management MML.
3 End
6.2 Feature deactivation
The feature can be deactivated by the following commands:
DN70645977, issue 1-1

15
BSS20093: A5/3 ciphering Activating and configuring the feature
Id:0900d80580258ede
1 Set the state of A5/3 ciphering to CONF or to OFF
The feature is automatically disabled when the feature state in license management is
changed to OFF or to CONF.
ZW7M:FEA=1235:OFF;
or
ZW7M:FEA=1235:CONF;
Remark: This encryption will be retained for calls established with A5/3 ciphering even
if the feature state is changed to OFF or to CONF.
2 End
16 DN70645977, issue 1-1
BSS20093: A5/3 ciphering
Id:0900d80580258ee9
Abbreviations
7 Abbreviations
0 Z
3GPP third generation partnership project
BB baseband
BSC base station controller
BSS base station system
BTS base transceiver station
CS circuit switched
DL downlink
DSP digital signal processor
DTM dual transfer mode
EDGE enhanced data rates for GSM evolution
FACCH fast associated control channel
GERAN GSM/EDGE radio access network
GMSK Gaussian minimum shift keying
GSM global system for mobile communications
HO handover
IE information element
MML man machine language
MOC mobile originated call
MS mobile station
MSC mobile services switching center
MTC mobile terminated call
SMS short message service
TCH traffic channel
TDMA time division multiple access
TRX transceiver