The document discusses several security weaknesses in GSM networks:
1) GSM does not use mutual authentication between phones and cell towers and only encrypts messages during transmission, allowing law enforcement to intercept conversations.
2) The encryption algorithm used in GSM, A5/1, was deliberately weakened by certain countries during development.
3) Police can use IMSI catchers to identify SIM cards in an area and track phone conversations on the GSM network with legal warrants. Commercial equipment for these purposes is sold to governments.
Echo on a Chip - Secure Embedded Systems in Cryptography: A New Perception for the Next Generation of Micro-Controllers handling Encryption for Mobile Messaging
The document discusses several security weaknesses in GSM networks:
1) GSM does not use mutual authentication between phones and cell towers and only encrypts messages during transmission, allowing law enforcement to intercept conversations.
2) The encryption algorithm used in GSM, A5/1, was deliberately weakened by certain countries during development.
3) Police can use IMSI catchers to identify SIM cards in an area and track phone conversations on the GSM network with legal warrants. Commercial equipment for these purposes is sold to governments.
The document discusses several security weaknesses in GSM networks:
1) GSM does not use mutual authentication between phones and cell towers and only encrypts messages during transmission, allowing law enforcement to intercept conversations.
2) The encryption algorithm used in GSM, A5/1, was deliberately weakened by certain countries during development.
3) Police can use IMSI catchers to identify SIM cards in an area and track phone conversations on the GSM network with legal warrants. Commercial equipment for these purposes is sold to governments.
The document discusses several security weaknesses in GSM networks:
1) GSM does not use mutual authentication between phones and cell towers and only encrypts messages during transmission, allowing law enforcement to intercept conversations.
2) The encryption algorithm used in GSM, A5/1, was deliberately weakened by certain countries during development.
3) Police can use IMSI catchers to identify SIM cards in an area and track phone conversations on the GSM network with legal warrants. Commercial equipment for these purposes is sold to governments.
• The fact that GSM has weaknesses is nothing new.
The fact that GSM
does not use mutual • authentication - a mobile phone authenticates itself to the cell tower, but not vice versa - was quickly • Also GSM specifically does not use point to point encryption between callers. It only encrypts the messages while on the air interface. This allows law enforcers to tap conversations in the core of the GSM network. • During the development of GSM there was a fierce debate between NATO signals agencies on whether GSM should use a strong encryption algorithm. In particular Germany, sharing a large border with the Soviet empire, was a strong proponent for using strong encryption. • France and most other NATO countries were opposed . Both factions proposed a design for the cipher, with the French design finally becoming the A5/1 cipher used in GSM. • The first implementation of the encryption was also shown to be deliberately weakened by • setting the ten least significant bits of the key to zero [9]. Because of export restrictions on the A5/1 • cipher an even weaker variant, A5/2, was created to be exported to less trusted nations. • Police typically uses so called IMSI-catchers, which can request the IMSI - a number identifying the SIM card inside a mobile phone - of all phones in the vicinity. Using an IMSI-catcher the police can recover the IMSIs of the phones of suspects, who typically use anonymous pre-paid SIMs. With those IMSIs the police can then try to get a warrant for tapping those phones. • Besides tapping phone conversations in the GSM back-end, government agencies can also eavesdrop on the air-interface directly. Commercial equipment for eavesdropping on GSM and the aforementioned IMSI catchers are being sold restrictively to government officials [10]. • Meanwhile more and more services are being deployed on top of the GSM network, increasing the incentive for criminals to attack GSM. In several countries you can pay for services or products via text messaging. Several Internet banking applications use the mobile phone as an external (outof-band) channel to verify transactions. • The Dutch ING bank stated only last January that they will start to use the mobile phone to send users their password reminders, even though they already use it for transaction verification [11]. Where previously making un-billed calls was the major economic attraction in attacking GSM, increasingly real money can be made. Hardware and software • main idea behind Software Defined Radio (SDR), is to create very versatile transceivers by • moving a lot of the, traditionally, hardware functions into the software domain. However a radio can • never be purely software, because you need a way to capture and create the radio waves. Analog radio • waves can be converted to digital samples using a Analog to Digital Converter (ADC) and vice versa • using a Digital to Analog Converter (DAC). A5/1 Cracking project • The pre-computation is done distributed on the Internet. Volunteers can download the tablegenerating code from the project’s website [25], and run it on their own computers. The code is specifically written for graphics cards (NVIDIA and ATI currently), because of their parallel computing power. Tables that are finished need to be shared, e.g. via bit torrent. When someone has access to enough tables he should have a chance of around fifty percent to find the encryption key for an encrypted conversation. More on this attack From speech to signal
• Naturally, the main function of the GSM network is transmitting voice
data from phone to phone. When someone speaks this generates an analog sound wave. Because GSM is a digital system this sound wave has to be transformed to a digital signal via an ADC. This signal then goes through several processing stages before it is ready to be transmitted over the air to the nearest BTS using radio waves. In order to send the signal, it ironically has to again be converted to an analog signal, this time using a DAC. From speech to signal • FDMA • F(up) = 890.0 + 0.2 × ARFCN F(down) = F(up) + 45 • GSM networks can offer several security features through encryption. The most important of these are authorized network usage and call confidentiality. For these goals three generic algorithms are defined • A5/1 • The GSM encryption is used to encrypt bursts over the Um interface. These bursts contain 114 bits • of plain text (section 4.3). For each burst A5/1 generates 228 bits of keystream. The last 114 bits of • this keystream are XOR-ed with the plain text, in effect encrypting it into cipher text. The other 114 • bits are used to decrypt an incoming burst, by XORing the keystream with the cipher text, yielding • the plain text layer 1 burst. II. Breaking the Encryption • SIM cloning • An attacker can try to clone the SIM of a subscriber • Fake base station attack
Echo on a Chip - Secure Embedded Systems in Cryptography: A New Perception for the Next Generation of Micro-Controllers handling Encryption for Mobile Messaging