The three different security algorithms mainly used by GSM are A3, A5 & A8. They are also called authentication algorithm. This is used to prevent the unauthorized use of resources.
In today's post, I will share with the process to check whether the GSMA A5 Encryption Standard (GSM Security Encryption Algorithms A5/0, A5/1 & A5/3 are recommeded to be enabled) is being enabled or not through MML.
Feature Activation:
USING THE MML
First of all, we need to check this Feature which needs to be activited on BSC level.
Run the BSC MML command LST BSCBASIC to check if A Interface Tag, Um Interface Tag, and Abis Interface Tag are laready set to GSM_PHASE_2Plus or not.
The below MML Output of LST BSCBASIC command shows that all these three tags are already set to GSM_PHASE_2Plus. If not already set, simply set it using SET BSCBASIC command as mentioned in next buttlet point.
+++ BSC-022 2021-12-15 06:46
O&M #13563580
%%/*1879822866*/LST BSCBASIC: LSTFORMAT=VERTICAL;%%
RETCODE = 0 Execution succeeded.
List Basic Attributes of BSC
----------------------------
Area Code = 212
CC = 92
A Interface Tag = GSM_PHASE_2Plus
Um Interface Tag = GSM_PHASE_2Plus
Abis Interface Tag = GSM_PHASE_2Plus
Protocol for the CB Interface = GSM 0341 interface specification
Support TFO Codec Optimize = Not Support
Support High Frequency Band = DCS1800
Service mode = Together
Single Pass Exclude MSISDN Number 1 = ####
Single Pass Exclude MSISDN Number 2 = ####
Single Pass Exclude MSISDN Number 3 = ####
Single Pass Exclude MSISDN Number 4 = ####
Single Pass Exclude MSISDN Number 5 = ####
Single Pass Exclude MSISDN Number 6 = ####
Single Pass Exclude MSISDN Number 7 = ####
Single Pass Exclude MSISDN Number 8 = ####
Single Pass Exclude MSISDN Number 9 = ####
Single Pass Exclude MSISDN Number 10 = ####
Single Pass Exclude MSISDN Number 11 = ####
Single Pass Exclude MSISDN Number 12 = ####
Single Pass Exclude MSISDN Number 13 = ####
Single Pass Exclude MSISDN Number 14 = ####
Single Pass Exclude MSISDN Number 15 = ####
Single Pass Exclude MSISDN Number 16 = ####
Single Pass Exclude MSISDN Number 17 = ####
Single Pass Exclude MSISDN Number 18 = ####
Single Pass Exclude MSISDN Number 19 = ####
Single Pass Exclude MSISDN Number 20 = ####
MSISDN prefix 1 = ####
MSISDN prefix 2 = ####
MSISDN prefix 3 = ####
MSISDN prefix 4 = ####
MSISDN prefix 5 = ####
Send System Message 10 Allow = Yes
Group Call Check = Off
Cross Call Detect Time Threshold = 255
Interval for Extracting BTS Net Connection = 10
TC CRC Allowed = On
Support RAN Sharing = No
Is Support TC Pool = <NULL>
Is Main BSC = <NULL>
ID of a BSC in TC Pool = <NULL>
Remote TC Subrack Ater Transmission Mode = <NULL>
GSM CS High Level Standard = 10
Transmission Resource Queuing Support = On
Transmission Resource Preempting Support = On
TC Pool ID = <NULL>
Ater Interface Transfer Mode = <NULL>
CSD Service Redundancy Level = Not Supported
CIC Downlink One-Way Mute Detection Switch = Off
CIC Downlink One-Way Mute Detection Threshold = 80
CIC Downlink One-Way Mute Detection Period = 3
Number of Different Frames in CIC One-Way Mute Detection = 0
CIC Downlink One-Way Mute Detection Duration = 5
One-Way Mute Alarm Reporting Period = 12
Speech Channel Alarm Threshold = 47
Speech Channel Alarm Clearance Threshold = 29
Speech Channel Fault Measure Type = Measure Only Abis Interface
One-Way Audio Log Type = Record Level1 One-Way-Audio Test Log::OFF
= Record Level2 One-Way-Audio Test Log::ON
= Record IP One-Way-Audio Test Log::ON
= Record CIC One-Way-Audio Test Log::OFF
= Record IP Packet Check Log::OFF
= Record User Plane Data Abnormal Check Log::OFF
Force HO Upon Speech Problem = Off
ISC Resources Preempting Support = ON
Insufficient ISC Resources Alarm Threshold = 5
Insufficient ISC Resources Alarm Clearance Threshold = 10
Air Interface Cross Call Detect Switch = Off
Access Cause = Period Location Update::ON
= Normal Location Update::ON
= IMSI Attach::ON
= SMS::ON
= Call Setup::ON
= Paging Response::ON
= IMSI Detach::ON
= Others::ON
Event Report Switch = Off
BSC Protocol Version No. = 0
BSC Application Version No. = 0
Traffic Busy Thres Calculation Opt Sw = Close
Allow Preemption for Abis LVDS Resources = ON
Um Rate Change Mode for HSCSD Service = Current_Channel
CS Preempt HSCSD Secondary Channel Switch = On
AMR HO Codec Policy = Protocol Specified Policy
BSC Global ID = 0
(Number of results = 1)
Run the BSC MML command SET BSCBASIC with A Interface Tag, Um Interface Tag, and Abis Interface Tag set to GSM_PHASE_2Plus.
Now to check whether the A5/3 Encryption Algorithm is enabled or not, Run LST GCELLBASICPARA Command on Cell-Level
The above MML output is of a result of single cell of a specific BSC. It can be seen that Encryption Algorithms A5/0 & A5/1 are already enabled, so we need enable only A5/3 which is currently OFF. (for other cell if A5/0 and/or A5/1 are not already enabled, we will do to make A5/0, A5/1 & A5/3 enabled on all cells of a BSC.
Run the BSC MML command SET GCELLBASICPARA with Encryption Algorithm set to A5/3.
SET GCELLBASICPARA:IDTYPE=BYNAME,CELLNAME="Faysalji",ENCRY=A5/3-1;
or Run below command where all A5/0,A5/1 & A5/3 needed to be enaled.
SET GCELLBASICPARA:IDTYPE=BYID,CELLID=0,ENCRY=A5/0-1&A5/1-1&A5/3-1;
Below LST GCELLASICPARA command shows all of the three encryptions modes A5/0,A5/1 & A5/3 are enabled on particular cell.
For Handover call scenarios enable the set HOCipherSw to ON on the BSC side and add the “Chosen Encryption Algorithm (Serving)” to the HANDOVER REQUEST message on the CN side.
For intraBSC HO call SET IntraBSCHOEncryptOptSw as ON
Thank you for reading. In the next part I will show how to check the Security Encryption Modes via Repots.
You're welcome to feedback at the comment box below about this post or leave a provate message !
