backtop


Print 18 comment(s) - last by Pessimism.. on Jan 18 at 9:06 AM


Business users talking on the cell phone beware -- wire-tapping solutions are now widely available for GSM networks at under $1,000, meaning that you may be blabbing your financial secrets to unwanted parties. In recent months A5/1 GSM encryption, a 64-bit algorithm was cracked, and now A5/3, a 128-bit algorithm, has been cracked as well.  (Source: The Phone Coach)
The security woes of the cell phone sector continue

For those in the know about the current state of cell phone security, it's a mess. With current 64-bit encryptions on GSM (used by about 3.5 billion people worldwide), publicly cracked after 21 years of secrecy, wire-tapping is now no longer the realm of the government alone.  Security researchers have demonstrated that malicious users and corporate spies alike can tap 64-bit GSM and decrypt it using equipment that can cost under $1,000 (most of the software involved is open source).  That's scary news for anyone who wants to avoid letting their company's financial results slip in a seemingly private, behind-closed-doors conversation with your financial staff.

Equally scary is the cell phone companies' response.  They only acknowledged the insecurity when the algorithm was publicly cracked by Karsten Nohl, PhD, a 28-year-old German computer security researcher and member of Berlin's Chaos Computer Club.  Even now they're dragging their feet on adopting more secure algorithms across their networks.

And now the next best encryption, the KASUMI system -- a 128-bit A5/3 algorithm implemented across 3G networks -- has been cracked as well.  Where as A5/1 was brought down by 2 terabyte time-memory tradeoff attack tables generated over a couple months on an NVIDIA GPU cluster (via CUDA code) early last year, the effort used the sophisticated, "related-key sandwich attack" to crack the more advanced algorithm in only 2 hours.  A paper on the work is published here (PDF).

The research was led by faculty members of the Mathematics and Computer Science departments at the Weizmann Institute of Science in Israel.  The participating researchers included Orr Dunkelman, Nathan Keller, and Adi Shamir, the last of which is famous for having his last name being part of the acronym RSA -- which stands for a popular public-key encryption algorithm.

They used an approach that involved first using one key for encryption of a message, and then changing it to a different key.  Writes the researchers, "By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full Kasumi by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity."

The attack is less effective than the recent A5/1 crack, though, according to Karsten Nohl.  Professor Nohl says that the new method requires the collection of "several million known plaintexts" to get a single key.  A plaintext is transmitted approximately every second, so cracking a particular carrier's encryption could require a long period of data collection.  It also would take two hours to crack the particular call on a single PC, though researchers said using a cluster could reduce this time to a manageable amount.

The current KASUMI (A5/3) algorithm was the result of a tweaked MISTY algorithm.  The original MISTY algorithm was developed by researchers at Mitsubishi.  The MISTY algorithm was more secure, but more computationally intensive, than the modified KASUMI variant.

Mr. Nohl says despite the new research shows that the GSM industry should perhaps reconsider KASUMI as they move away from A5/1 he states, "The attack should stand as a reminder that A5/3 and any other cipher will need to be replaced eventually.  Hopefully this fact is considered when upgrading GSM."

Currently most of the telecommunications industry has no definite timetable for even rolling out KASUMI, so it seems doubtful that it will act very fast, though.  That means that for now, you probably shouldn't say anything on GSM networks that you don't want repeated.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Several million
By ekv on 1/16/2010 3:51:49 AM , Rating: 2
To be fair, I don't think he'd have his phone on for 11.6 days straight. I don't have a cell, but aren't most plans at 300 or so minutes per month.

I agree however that attacks only get better. GSM would be wise to hire Adi Shamir -- one bad a** dude (cryptographically speaking).

Having said that, why the hell doesn't GSM just use AES? is it some kind of licensing / money problem?


RE: Several million
By Solandri on 1/17/2010 2:23:48 AM , Rating: 2
quote:
Having said that, why the hell doesn't GSM just use AES? is it some kind of licensing / money problem?

If I had to guess, I'd say it's because of politics. AES is a U.S. government standard, and GSM began as a European standard. (Though to be fair, hardware AES probably wasn't fast enough at the time GSM was initially standardized to encrypt the real-time data streams needed for a cell phone conversation. It should be plenty fast enough now, since hardware AES is included in most contemporary wireless routers.)


RE: Several million
By Nil Einne on 1/17/2010 3:16:14 AM , Rating: 3
Why not? I rarely turn off my phone. In some cases when I want to make sure it doesn't do anything, I do, but this isn't that common. For ordinary meetings and the like, IMHO just turning it to silent is fine as when I'm sleeping or don't want to be disturbed. I think many people do the same.

300 minutes is referring to call/talk minutes. The article didn't specify that a plaintext is only sent while in a call, presuming it's sent all the time while the phone is in contact with a tower, then minutes are irrelevant (in any case, many people in the world are on prepay and don't have minutes although many would use less then 300 minutes).


RE: Several million
By Pessimism on 1/18/2010 9:06:34 AM , Rating: 2
11.6 days? This is nothing for the average teenage girl.


"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki