Ciphering is today used in many data transmission systems to prevent the data transmitted from falling into the hands of an unauthorized user. The ciphering has grown in significance in the past few years, particularly as wireless telecommunication has become more common.
The ciphering can be performed, for example, by encrypting the information to be transmitted in a transmitter, and by decrypting the information in a receiver. In the encryption means the information to be transmitted, for example a bit stream, is multiplied by a certain number of encryption bit patterns, whereby it is difficult to find out what the original bit stream was if the encryption bit pattern used is unknown.
In a digital GSM system, for example, ciphering is performed on the radio path: a ciphered bit stream to be transmitted onto the radio path is formed by XORing data bits with ciphering bits, the ciphering bits being formed by an algorithm known per se (the A5 algorithm), using a ciphering key Kc. The A5 algorithm encrypts the information transmitted on the traffic channel and the DCCH control channel.
The ciphering key Kc is set when the network has authenticated the terminal but the traffic on the channel has not yet been ciphered. In the GSM system the terminal is identified on the basis of the International Mobile Subscriber Identity IMSI, which is stored in the terminal, or the Temporary Mobile Subscriber Identity TMSI, which is formed on the basis of the subscriber identity. A subscriber identification key Ki is also stored in the terminal. A terminal identification key is also known to the system.
In order that the ciphering would be reliable, information on the ciphering key Kc must be kept secret. The cipher key is therefore transmitted from the network to the terminal indirectly. A Random Access Number RAND is formed in the network, and the number is then transmitted to the terminal via the base station system. The ciphering key Kc is formed by a known algorithm (the A5 algorithm) from the random access number RAND and the subscriber identification key Ki. The ciphering key Kc is computed in the same way both in the terminal and in the network part of the system.
In the beginning, data transmission on a connection between the terminal and the base station is thus not ciphered. The ciphering does not start until the base station system sends the terminal a cipher mode command. When the terminal has received the command, it starts to cipher data to be sent and to decipher received data. Correspondingly, the base station system starts to decipher the received data after sending the cipher mode command and to cipher the sent data after the reception and successful decoding of the first ciphered message from the terminal. In the GSM system the cipher mode command comprises a command to start ciphering, and information on the algorithm to be used.
The problem in the known methods is that they have been designed for the present systems, wherefore they are inflexible and not suited for the ciphering of data transmission in new systems, where several parallel services for one mobile station are possible. If we use the same ciphering mask twice for two or more parallel protocol data units that will be sent using the same air interface frame, then an eavesdropper may deduce a lot of information from the data streams. The amount of information that can be deduced depends on the structure of the data streams. From random data that has no structure one cannot obtain any information, but usually there is a structure in the data, especially in the signaling data.