Dissertations and Theses

Date of Award


Document Type




First Advisor

Mohamed A. Ali


2G Second-generation, A3 Authentication Algorithm, A5 Encryption Algorithm, A8 Key Generation Algorithm, AGCH Access Grant Channel, AMR Adaptive Multi-Rate


We have participated in the creation of almost two terabytes of tables aimed at cracking A5/1, the most common ciphering algorithm used in GSM. Given 114-bit of known plaintext, we are able to recover the session key with a hit rate of 19%. The tables are expected to be unique as they provide the best coverage yet known to the authors and research workers and they are the first step in a real-world passive attack against GSM. An initial investigation and analysis into the air interface of GSM were performed, from both a theoretical and practical point of view. These examinations would be essential in order to utilize the downloaded tables in a practical attack. Additionally, a rogue GSM network was built and deployed without enabling ciphering and frequency hopping. This active attack was purely based on opensource software and hardware, implying that real GSM networks could be spoofed with resources available to the general public


To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.