Cracking GSM

RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.

that is a road

the UK M5 is a road. perhaps you mean MI5?

Hey! I know these people!

[epsalon]

Elad, Nathan, Eli Biham and Orr Dunkelman (which was not listed for some reason) are friends of mine at the Technion Israeli Institute of Technology. Their previous attack on A5/1 required a few hundred GB of HD space and dedicated telephony equipment to pull. A5/2 is a peace of cake in comparison. This new attack makes it ciphertext only. That means that you don't have to initiate a short call (for example) to the evesdropee or knowing some part of the call (like with voicemail) before breaking the encryption. It uses the signal correction mechanism to initialize itself.

In general, this is no big news, because this equipment is hard to aquire and the benefits are not that great. In comparison, CDMA and TDMA don't (effectively) encrypt calls at all.

Instant Cryptanalysis

[IRandom]

The novelety of this attack is that it is instantanous. The cryptanalysis is done one when the call is being established (when the phone just rings) even before any any real conversation is being done.
The exact details are still secret but the attack exploits a misuse of Error Correcting Codes (ECC - are used in communication protocols to correct random noise errors).
It seems that instead of encrypting the conversation and then employing ECC, the GSM does it the other way thus leaking enough data for the cryptanalysis to be performed