Professional Documents
Culture Documents
A54 Evaluation and Recommendation 2.0
A54 Evaluation and Recommendation 2.0
A54 Evaluation and Recommendation 2.0
We recommend to drive A5/4 introduction and escalation of GEA4 ePC function development
Trigger DTAG specific BSS & MSS introduction procedure by all NatCos
Clarify MSS readiness timeline for all NatCos
Continue discussion on GEA4 with suppliers and bring this to the world market feature stage
insecure encryption require a5/4 upgrade
background
VOICE DATA Encryption Breaching POTENTIAL RISKS
A5/4 GEA 4 128bit n.a. DTAG not supporting A5/4 Reputation threat
when being on lower level than competitor
A5/3 GEA 3 64 bit Minutes, brute force
DTAG not supporting GEA4: Less critical as
A5/2 GEA 2 54 bit <1sec. on COTS PC GEA4 availability is not given by world market
Customer impact low, as A5/4 capable devices
A5/1 GEA 1 54 bit Near real time since 2009
would normally support VoLTE and user will be
Implemented at DT on VoLTE (-> coverage based LTE rollout)
A5 / GEA provides over the air encryption for 2G voice and data A5/4 & GEA 4 have not been breached and provide a
A5/3 (2G voice) and GEA3 (GPRS & EDGE) 64 bit encryption at risk – with publication on vulnerability secure way forward.
of GSM expected (April 2021: GEA1 can be cracked, May/ June 2021 (?) possible impact on A5/3)
Hackers claim that breach of interface can be achieved with COTS hardware and can be achieved “in
minutes”
Vodafone already announced A5/4 (voice) support for their networks, GEA4 (data) most likely not
supported in any European network
Outlook: For DT 2G voice (A5/4) can be secured short-term – 2G data (GEA4) only mid- to long-term.
A5/4 ready to implement, GEA4 remains challenge
Network Impact Overview
MSS generally safe, ePC at risk
MSS ✅ (MSS): A5/4 supported in current releases and being implemented.
Implementation readiness differing by country (see detail) but generally OK
(ePC) GEA 4 support for ePC (SGSN) not available by DTAG SGSN suppliers –
Core
ePC ❗ offered by E/// as DT specific function (€1mn / Mid 2022)
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr
NOkia
❗ Poland: Software update (SRAN 20.c) t.b.d. Clarify update from 20.b (April 2021) Nto 20.c.
Ericsson
✅ Greece (though not all HW supporting A5/4) Switched on (based on local verification)
✅ Slovakia for current gen BSC HW (last gen HW t.b.d.) 6-8 weeks Software available, DT acceptance process to be triggered by NatCo
✅ DE, ME, HT, HU, RO 6-8 weeks Software available, DT acceptance process to be triggered by NatCo
Huawei
✅ AT, MKT, DE, CZ, NL, PL 6-8 weeks Software available, DT acceptance process to be triggered by NatCo
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr
✅ CT, SK (swap from E/// to Nokia cloud based MSS) Swap finalised
✅ MT, MKT A5/4 supporting software available, DT acceptance process to be triggered by NatCo
Current Nokia MSS A5/4 functionality not acquired - cloud based MSS supporting A5/4
Hardware swaps almost completed, but setup of traffic rerouting to new MSS to be finalized. Finalization until end of 2021, depending on local priority.
A5/4 END TO END INTRODUCTION REQUIRED TO ACTIVATE A5/4 – MSS WILL MOST LIKELY DETERMINE THE AVAILABILITY OF A5/4 PER NATCO
GEA4 needs SGSN support, not yet provided by DTAGs SGSN vendors. Impact evaluation
GEA4 will not be supported before 2022
Ericsson SGSN-MME not supporting GEA4 World market commitment on GEA4 missing
First price offer from Ericsson: 1M€ for development as DT specific feature Development as DTAG specific function considered to
(availability mid 22) be quite expensive
RE C O M M E N D E D
not secure Very secure
No impact High Impact
Terminal support a5/4 given,
GEA4 deactivated & requiring EPC implementation
Core
❗ (MSS): Continue swap and then upgrade to A5/4 (negligible costs, see backup)
(ePC) Escalate GEA4 support & implementation in GSMA and to suppliers –
Support from board requested
Core
RAN
✅ (BSS): Trigger software release acceptance processes by NatCos
Costs are negligible (see backup)
RAN
✅ Terminals
Continue IODT for A5/4
Terminals
Backup
a5/4 introduction costs negligible, gea t.b.d.
Total MSS software license costs less than €1mn for the group (plus potential costs for local services & deployment)
BSS updates will be free of charge (part of annual software fee). Partial BSS HW swap (GR, CZ) pending on actual volumes
EPC Updates depending on way forward for GEA4
END TO END INTRODUCTION COSTS FOR A5/4 <1€MN
network responsibilities / counterparts (international)
BSS (A5/4)
Ericsson BSS (Laszlo Tanczos, Security: Azzurra la Torre)
Huawei BSS (Jürgen Reinert, Harald Wollstadt, Security: Nick Radner)
Nokia BSS (Petr Sablik, Security: Nick Radner)
MSS (A5/4)
Nokia (Frank Prösl, Security: Karsten Friebe)
Ericsson (Robert Lorenc, Security: Karsten Friebe)
Buyin:
RAN: Thomas Eich; Sergiu Avram
MSS: Uwe Marin
ePC: Anna Rebecca Stock