SAGE Activity Report 2017
Chairman: Steve Babbage, Vodafone
Responsible for specifying cryptographic algorithms for telecommunications standards
The Security Algorithms Group of Experts (SAGE) responds to the needs of other committees for cryptographic algorithms. The Group specifies cryptographic algorithms for use in standardized telecommunications systems. In recent years most of its work has been for mobile telephone standards – the Global System for Mobile Communication (GSM™), the General Packet Radio Service (GPRS), the Universal Mobile Telecommunications System (UMTS™) and LTE™, the radio technology beyond 3G which has been specified by the Third Generation Partnership Project (3GPP™). Indeed, all the standardized algorithms in 3G and 4G mobile telecommunications and more recent 2G algorithms were specified by SAGE.
Additional work is undertaken for Terrestrial Trunked Radio (TETRA) and Digital Enhanced Cordless Telecommunications (DECT™), and from time to time the group advises other ETSI committees and external groups.
In 2017 we continued to develop security algorithms as needed to support our core standardization activities. During the year, work included initial consideration of the development of algorithm variants for 5G. While all the radio interface algorithms in 3G and 4G use 128-bit keys, it is likely that 5G will use (or at least support) 256-bit keys that offer greater resistance to attacks. If necessary, therefore, we will adapt our existing algorithms, as well as the MILENAGE Authentication and Key Agreement algorithm, to support 256-bit keys.
Looking ahead to 2018, SAGE will await formal requests from SA3 to provide a new 256-bit key for 5G systems. This could also be potentially retrofitted to previous-generation systems if required.
An important new feature in 5G is provision for better protection of the end user’s identity. In current 3GPP systems it is possible to track a user through the subscriber’s unique identity – their IMSI. This information is occasionally transmitted unencrypted – for example the first time the user attaches to a new network; or it can be intercepted through the use of a fake base station known as an ‘IMSI catcher’. In 5G this risk is obviated via encryption of the user’s identifiers to the home network. In response to a request from SA3, in October 2017 SAGE provided detailed guidance on the use of the ECIES encryption algorithm as an efficient mechanism for public-key-based encryption of the IMSI or SUPI (SUPI is an identifier similar to IMSI, introduced in 5G).
In 2017 we also delivered to 3GPP a new General Packet Radio Service (GPRS) 128-bit algorithm to provide greater protection for ‘Extended Coverage GSM’ (EC-GSM). This specialized adaptation of 2G supports integrity protection of user data as an optional feature – something that was never originally specified in GPRS.