Slashdot Mirror
Cracking GSM
RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.
The International Journal of Digital Evidencehas a current article about GSM forensics.
the UK M5 is a road. perhaps you mean MI5?
Elad, Nathan, Eli Biham and Orr Dunkelman (which was not listed for some reason) are friends of mine at the Technion Israeli Institute of Technology. Their previous attack on A5/1 required a few hundred GB of HD space and dedicated telephony equipment to pull. A5/2 is a peace of cake in comparison. This new attack makes it ciphertext only. That means that you don't have to initiate a short call (for example) to the evesdropee or knowing some part of the call (like with voicemail) before breaking the encryption. It uses the signal correction mechanism to initialize itself.
In general, this is no big news, because this equipment is hard to aquire and the benefits are not that great. In comparison, CDMA and TDMA don't (effectively) encrypt calls at all.
Make even shorter URLs - 8LN.org
From theReg...
Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.
Nathan, Elad, and Eli Biham are not US citizens as far as I know...
Make even shorter URLs - 8LN.org
The novelety of this attack is that it is instantanous. The cryptanalysis is done one when the call is being established (when the phone just rings) even before any any real conversation is being done.
The exact details are still secret but the attack exploits a misuse of Error Correcting Codes (ECC - are used in communication protocols to correct random noise errors).
It seems that instead of encrypting the conversation and then employing ECC, the GSM does it the other way thus leaking enough data for the cryptanalysis to be performed
At least they point out that the equipment required costs about $250k.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
They are all infact at the Technion, Israel's high Tech-engineering school in Haifa. The DMCA is a US law, which applies to people in the USA. It has absolutly no effect on people outside the USA.
Now in theory if they travel to the USA they could have a problem, and many Israelis do travel to the USA for one reason or another, but I don't think the US goverment will arrest an Israeli professor for publishing a paper.
Erlang Developer and podcaster
Um they already presented their work. I was there I should know. In fact their attack is hardly "news" I was chatting with certain people at the conference and they already knew the details of the attack way before the presentation took place.
Santa Barbara is an awesome btw! I can't wait for CRYPTO'04
Tom
Someday, I'll have a real sig.
"The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?"
In theory, anything is possible.
Off-the-shelf scanner - Definately not. Unless you're talking about high-end five-figure and even six-figure sums. A Rohde and Schwartz FSIQ would probably be 90% of the hardware needed to crack a CDMA signal, but FSIQs run $75k used ($120k or so new). An Agilent E4406A VSA starts at $32000 and cdmaOne and CDMA2000 options are extra $$$. And these might not even be sufficient for realtime monitoring and demodulation. It would be possible to build custom equipment for much less, but only a M.S. or Ph. D. in EE would be able to design a system to do adequate realtime demodulation of CDMA.
Non-realtime (capture the signals and post-process them) - Much easier. The hardware is $1000-2000 off-the-shelf (see GNU Radio), and the software is $99 if you're a student (Matlab), although you'll still need thorough knowledge of CDMA and some communications systems background to write the demodulation algorithms.
I don't know about the datastream-level encryption, but CDMA is much tougher to demodulate than the TDMA scheme used by GSM. (Given a captured baseband signal, I could probably tweak my old ECE 467 projects to demodulate GSM down to its datastreamin not too long, while CDMA would be a LOT harder.
retrorocket.o not found, launch anyway?
A: No.
The hash function (A3/A8) used in the default implementation of the GSM protocol for the challenge-response authentication had a vulnerability of a type known about in the cryptographic community for years.
This wasn't a deliberate weakening, because this flaw had no real impact on the ability of law enforcement to intercept, and allowed cloning of GSM handsets: something that was definitely not supposed to be possible.
They've learnt from their mistakes though: the 3G protocol has undergone extensive public review , as has the ciphers they chose.
For USians, the roles equate as follows:
MI5 = FBI
MI6 = CIA
GCHQ = NSA
JIC = Senate Oversight Committee (*very* roughly)
UNIX? They're not even circumcised! Savages!
At great risk of sounding like the Voice of Reason (and God knows how Slashdotters hate that!), could you please present some evidence to back up your assertion that the United States and United Kingdom are colluding to break the laws of both nations?
Look up the Federal laws: if it is illegal for a Federal agency to do $foo, then it is also illegal for a Federal agency to have a third party do $foo on their behalf.
If I break into a home and see a kilo of cocaine lying around, I can then go to the DEA and tell them. They can use my testimony to get a warrant to search the home and impound the drugs. Why? Because I didn't commit the crime on their behalf; I came in entirely of my own accord; there was no understanding between the DEA and myself that "if I see any drugs, I'm going to bring them to your attention".
But if the DEA asks me to break into a home, they'd better damn well have a warrant, otherwise they're breaking all manner of Federal laws.
So what you're positing is there is a tacit understanding between the US and UK that each will spy on the other's citizens and share with each other the fruits of those actions. Hmm. This sounds mind-bogglingly stupid.
Why?
Free hint: this is a Federal crime.
Free hint number two: the FBI and NSA do not get along.
Free hint number three: the FBI is the one with the charter to spy on American citizens--not the NSA.
Free hint number four: the FBI protects its jurisdictional turf very zealously.
Free hint number five: the FBI is one of the nation's intelligence agencies, co-equal with the CIA and NSA. The FBI has no charter to collect intelligence from foreign sources; the CIA and NSA have no charter to collect intelligence from domestic sources.
Free hint number six: if the NSA were to really be involved in this, the FBI would be doing a full-court-press investigation into the matter. (a), because it's a clear and massive violation of Federal law, and more importantly, (b) THE FBI DOES NOT SHARE ITS JURISDICTIONAL TURF.
Period.
So if you have any hard facts proving this tacit agreement, I'd love to hear it. If you have hard facts about it, then I'll talk to my FBI friends tomorrow and tell them about it.
I guarantee you they'll be pissed off.