10
EPS Cryptographic Algorithms
In this chapter we discuss in detail the cryptographic algorithms that are used in EPS. One principle that has been used in the design of EPS security is that of algorithm agility: the system should be flexible in the sense that new algorithms can be introduced and outdated ones can be removed, both without major hassle. Therefore, it is expected that in the future new algorithms would appear in EPS but they are potentially not even invented at the time of writing and hence naturally not yet discussed in this chapter. The need for better algorithm agility has stemmed from experiences with 2G and 3G systems where new algorithms have been introduced and one algorithm (A5/2) has also been removed from the 3GPP system.
On the other hand, we are here discussing standardized algorithms. A general principle for any standardized mechanisms (including non-security related ones) is that options should only be introduced if they serve a clear benefit for the system as a whole. If the difference between one option and another is more like a matter of taste, or if the benefit of each option over the others materializes only in a small minority of all circumstances, options should not be introduced because they complicate the system, add development cost, and put the interoperability at risk. Hence, the number of different algorithms should be kept small and introduction or removal of algorithms should be done only after it is clear that such action adds value ...