Security Market Segment LS
Friday, 01 January 2010 12:06

GSM encryption is now effectively broken

At the 26th Chaos Communication Congress (26C3) last week, Karsten Nohl offered new insights and methods for cracking GSM encryption.

Security researchers have long considered GSM security to be weak and there have been many projects aimed at exposing a variety of these security weaknesses. 

There are four levels of encryption available for GSM, discussed in detail here. Many countries were not given access to any form of encryption (a screen shot of a phone without security is shown here; go to the sub-heading 'Security') and only the most friendly (mainly Western Europe and USA) were given access to the strongest (called A5/1). 

Australia was not considered a favoured country and was only permitted to implement the fully broken A5/2 protocols. 

The Wikipedia article gives good detail of the history of attacks on A5/1.  There is an interesting report from 1994 of the political in-fighting which led to the selection of the knowingly weak French solution over the strong objections of the Germans who (at the time) shared a border with a number of communist countries and would have preferred very strong encryption.

A recently reported project to create rainbow tables for GSM decryption has reached its end – the tables are available and at just 2TB, are smaller than expected. 

Karsten Nohl's presentation at 26C3 outlines the work completed thus far and also describes early efforts to fully crack the supposedly more secure A5/3 protocol.  Much of the project management is being handled through the Trac site where news, source code and other resources are available.

What advice is the GSM Industry group offering?  Read on...

Despite blindingly obvious evidence to the contrary, GSM World, the website for the GSM Industry group seems intent on supporting the status quo.

In a press release dated December 30th, the group states the following:

GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls. On most GSM networks, the communications link between the handset and the radio base station uses the A5/1 privacy algorithm to scramble the signal.

[This isn't very true – the vast majority of customers are forced to use A5/2 (weak encryption) or A5/0 (no encryption).]

Over the past few years, a number of academic papers setting out, in theory, how the A5/1 algorithm could be compromised have been published. However, none to date have led to a practical attack capability being developed against A5/1 that can be used on live, commercial GSM networks.

[Again, untrue.  With a modest investment in hardware, a determined 'hacker' can easily decrypt conversations; possibly not in real-time, but certainly with reasonable ease.]

Reports of an imminent GSM eavesdropping capability are common. The GSMA, which welcomes research designed to improve the security of communications networks, routinely monitors the work of groups in this area. In 2007-8, a hacking group claimed to be building an attack on A5/1 by constructing a large look-up table of approximately 2 Terabytes – this is equivalent to the amount of data contained in a 20 kilometre high pile of books. In theory, someone with access to the data in such a table could use it to analyse an encrypted call and recover the encryption key.

[The 20 kilometre reference is particularly belittling, and entirely irrelevant.  Any modern computer can support the use of hard disks much larger than the quoted 2 Terabytes.]

Another group has announced similar plans in 2009. However, before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product.

[This knowledge is neither complex nor particularly rare.  More importantly, once one person has created a working implementation, commoditization is simple.  Nohl notes that "a full GSM interceptor to collect GSM data could hypothetically be built from open source components. We have not done so as it may be illegal in some countries."]

Today, mobile networks are typically configured to optimise call set-up times, capacity and other aspects related to operational efficiency. But mobile operators could, if it ever proved necessary, quickly alter these configurations to make the interception and deciphering of calls considerably harder. Moreover, intercepting a mobile call is likely to constitute a criminal offence in most jurisdictions.

[In more than one place, Nohl points out that it is quite obvious that state security organisations are already doing this – he simply wants to demonstrate how easy this is.]

All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM. More broadly, A5/1 has proven to be a very effective and resilient privacy mechanism. By comparison, inexpensive and readily available radio scanners could be used to intercept calls on the analogue cellular networks that pre-dated GSM and which did not use encryption.

[This is rubbish and they know it!]

The mobile industry is committed to maintaining the integrity of GSM services and the protection and privacy of customer communications is at the forefront of operators' concerns. The GSMA has been working to further enhance privacy protection on GSM networks and has developed a new high-strength algorithm, A5/3. Over the past decade, export control agencies have removed many of the traditional barriers to the sale of cryptographic technologies enabling the development and use of A5/3. This new privacy algorithm is being phased in to replace A5/1.

[A5/3 is already 'academically' broken and work is proceeding on making the attacks practical.  Nohl's paper describes much of the work being done in this area.  Worse, A5/3 has been available for at least a decade, yet there has been little impetus to upgrade to it.]

The GSM industry needs to abandon all flavours of A5/x and hire competent expertise to develop a properly secured algorithm; if the government security agencies permit, of course!

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News