Mar2008 Agenda Receiving GSM signals Security Cracking A5/1 Mar2008 GSM Netwrk Mar2008 !"S Mar2008 Ca#uflage !"S Mar2008 Su##ary GSM GSM is ld GSM is $ig GSM / %G / &M"S / '(G' / )C(MA / * !ase statins all ver t+e place Mar2008 Receiving Nkia %%1, / 'ricssn / "SM &SR- "I.s /MA- dev kit C##ercial Interceptr Mar2008 '0a#ple 1 Mar2008 '0a#ple 1 Mar2008 Su##ary Receiving It.s c+eap It.s easy It.s getting easier Mar2008 Security Mar2008 Security Mar2008 Security Mar2008 C##ercial Interceptin Active '2uip#ent3 4 56,k 7 55,,k* /rder via internet* -assive '2uip#ent3 4 51M Mar2008 Radi Security A5/,8 A5/18 A5/1* All $rken in 199:* S#e algrit+#s prprietary IMSI / ;catin Infr#atin clear7te0t <ey is artificially weakened <ey #aterial is reused N indicatin t user <ey Recvery Syste#s availa$le Mar2008 SIM "lkit "+ere is a =>M n yur SIM? "+e /peratr can install prgra#s via /"A @AA re#tely8 wit+ut yu knwingB Scary standard3 Invisi$le flags8 $inary updates8 call7cntrl8 prprietary8 **** Mar2008 Security Su##ary Nne Mar2008 A5/1 Cracking A:@<iB A:@<iB Aut+enticate A5@<cB A5@<cB Cnversatin <c <c Mar2008 A5/1 Cracking A5@<c8Cra#eB A5@<c8Cra#eB -lain7te0t -lain7te0t + + Cra#e Cra#e Cnversatin -+ne Sending t !"S Mar2008 A5/1 Cracking Clck in DE7$it <c and 117$it fra#e nu#$er Clck fr 1,, cycles Clck fr 11E ti#es t generate 11E7$its Mar2008 Cracking A5/1 /t+er attacks are acade#ic !S* %7E Cra#es* Cully passive* C#$inatin f Rain$w "a$le attack and t+ers* Mar2008 Cracking A5/1 E fra#es f knwn7plainte0t A5/1 is a strea# cip+er )e can derive E fra#es f keystrea# utput Mar2008 Sliding )indw F,G1G1G,G1G,HHHHHHHHH****H*H****H*G1G,G1G1I F DE $it Cip+erstrea# , HHH*I F DE $it Cip+erstrea# 1 HH******I F DE $it Cip+erstrea# 1 **HHH*I HHHHHHHHHH* F DE $it Cip+erstrea# 5, **HHH*I Mar2008 Sliding )indw "tal f E fra#es wit+ 11E7$its 11E 4 DE J 1 A 51 keystrea#s per fra#e 51 0 E fra#es A 1,E keystrea#s ttal Mar2008 Rain$w "a$le DE7$its keystrea# -asswrd ;an#an Kas+ Mar2008 Rain$w "a$le !uild a ta$le t+at #aps DE7$its f keystrea# $ack t DE7$its f internal A5/1 state 1,E data pints #eans we nly need 1/DE t+ f t+e w+le keyspace 1 5: A 1::81%,8%6D8151861186EE A$ut 11,8,,, ti#es larger t+an t+e largest ;an#an Rain$w "a$le Mar2008 Kw d we d t+isLL 1 -C 4 55,8,,, A5/1.s per secnd 4 %%81%5 years Currently using D: -ic '71D C-GAs 4 6185%%8%%%8%%% A5/1.s per secnd 4 % #nt+s !uilding new +ardware t speed t+is up Mar2008 Kardware Mar2008 Rain$w "a$le C+eap Attack @M%, #inB 4 D %5,G! Kard (rives @1"!B 4 1 C-GA @r a $tnetB /pti#al Attack @M%, secB 4 1D 11:G! Clas+ Kard (rives @1"!B 4 %1 C-GAs 4 Can speed it up wit+ #re C-GAs Mar2008 Rain$w "a$le 1,E data pints will give us 1,E / DE A % A5/1 internal states S w+at d yu d nwL Mar2008 Reverse Clcking ;ad A5/1 internal state Reverse clck wit+ knwn keystrea# $ack t after <c was clcked in )ill reslve t #ultiple pssi$le A5/1 states Mar2008 Reverse Clcking Reverse all % A5/1 internal states "+e c##n state will $e t+e crrect ne &se t+e internal state and clck frward t decrypt r encrypt any packet Can slve linear e2uatins t derive key !ut isn.t really necessary Mar2008 Cnclusins "a$les will $e finis+ed in Marc+ C##ercial versin in N1/,: )ill $e scala$le t w+atever decryptin ti#e perid is re2uired Mar2008 "+reats O Cuture GSM security +as t $ec#e secure* (ata/Identity t+eft8 "racking &nlawful interceptin Attacks n GSM Infrastructure Receiving and cracking GSM will $ec#e c+eaper and easier Mar2008 "+ank Pu? Steve 4 +ttp3//wiki*t+c*rg/gs# (avid Kultn 4 +ttp3//www*picc#puting*c# 4 +ttp3//www*pencip+ers*rg NuestinsL