Here i include the GSM Association feedback from the breaking of GSM. Below, my
comments.
http://www.gsmworld.com/newsroom/index.htm
GSMA Statement on Media Reports Relating to the Breaking of GSM
Encryption
30 December 2009
GSM networks use encryption technology to make it difficult for
criminals to intercept and eavesdrop on calls. On most GSM networks,
the communications link between the handset and the radio base station
uses the A5/1 privacy algorithm to scramble the signal.
Over the past few years, a number of
academic papers setting out, in theory, how the A5/1 algorithm could be
compromised have been published. However, none to date have led to a
practical attack capability being developed against A5/1 that can be
used on live, commercial GSM networks.
Reports of an imminent GSM
eavesdropping capability are common. The GSMA, which welcomes research
designed to improve the security of communications networks, routinely
monitors the work of groups in this area. In 2007-8, a hacking group
claimed to be building an attack on A5/1 by constructing a large
look-up table1 of approximately 2 Terabytes – this is equivalent to the
amount of data contained in a 20 kilometre high pile of books. In
theory, someone with access to the data in such a table could use it to
analyse an encrypted call and recover the encryption key.
Another group has announced similar
plans in 2009. However, before a practical attack could be attempted,
the GSM call has to be identified and recorded from the radio
interface. So far, this aspect of the methodology has not been
explained in any detail and we strongly suspect that the teams
attempting to develop an intercept capability have underestimated its
practical complexity. A hacker would need a radio receiver system and
the signal processing software necessary to process the raw radio data.
The complex knowledge required to develop such software is subject to
intellectual property rights, making it difficult to turn into a
commercial product.
Today, mobile networks are typically
configured to optimise call set-up times, capacity and other aspects
related to operational efficiency. But mobile operators could, if it
ever proved necessary, quickly alter these configurations to make the
interception and deciphering of calls considerably harder. Moreover,
intercepting a mobile call is likely to constitute a criminal offence
in most jurisdictions.
All in all, we consider this research,
which appears to be motivated in part by commercial considerations, to
be a long way from being a practical attack on GSM. More broadly, A5/1
has proven to be a very effective and resilient privacy mechanism. By
comparison, inexpensive and readily available radio scanners could be
used to intercept calls on the analogue cellular networks that
pre-dated GSM and which did not use encryption.
The mobile industry is committed to
maintaining the integrity of GSM services and the protection and
privacy of customer communications is at the forefront of operators’
concerns. The GSMA has been working to further enhance privacy
protection on GSM networks and has developed a new high-strength
algorithm, A5/3. Over the past decade, export control agencies have
removed many of the traditional barriers to the sale of cryptographic
technologies enabling the development and use of A5/3. This new privacy
algorithm is being phased in to replace A5/1.
----------------------
Comments:
1) "none to date have led to a
practical attack capability being developed against A5/1 that can be
used on live, commercial GSM networks" :
Reply: Yes. There are many commercial companies that are offering them for u$s
500.000.-!
For instance:
http://www.shoghi.co.in/passive_gsm_interception.htm
More here: http://gsm.my1.ru/load/
2) "a hacking group
claimed to be building an attack on A5/1 by constructing a large
look-up table1 of approximately 2 Terabytes – this is equivalent to the
amount of data contained in a 20 kilometre high pile of books".
Reply: What does it means 20 kilometers of books? je. It is a CHILD
comparison... :)
Or simply buy a hard disk from Western Digital (Less than u$s 900)
http://www.wdc.com/en/products/Products.asp?DriveID=733
3) The complex knowledge required to develop such software is subject to
intellectual property rights, making it difficult to turn into a
commercial product.
Reply: There is NO copyright materials in coding an Opensource software. GNU
Radio is a good example.
4) Moreover,
intercepting a mobile call is likely to constitute a criminal offence
in most jurisdictions.
Reply: Wrong Statement, completely wrong. Any judge or the justice could order
to intercept a call. Intercepting or decoding your own phone is not a crime (or
it is a crime that they encrpyt your voice without permission?). Intercepting
third-parties phones is a crime!. Some countries such as USA or Britain also
focus on the distribution process (same as distributing mp3 music files in
torrents, warez sites). That could be, from my side, the only precaution to
take.
5) This new privacy
algorythm is being phased in to replace A5/1.(In reference to A5/3 - KASUMI)
Reply: A5/3 is useless now. The algorythm is broken. Imaging in a near future
intercepting a young and beautiful neiborhood girl Live 3ggp video over 3G. :)
(some humour here)
Conclusion: GSM agency is not responding on the security issues that the
project advice. Maybe because it could take at least 18 months to update
worldwide the network, and ALL stations/base must be completely replaced. ($$$)
and customers must be forced to change their OBSOLETE phone.
Meanwhile, i strongly recommend to include in your phones, voice and sms
encryption tools in Java, Symbian, Windows Mobile, etc., to have a SECURE line
with your friends and family. Try to focus on Type I (Suite A), III DES or any
strong cryptos.
Any further information, do not hesitate to contact me.
Regards,
Javier
_________________________________________________________________
Toda la información que te interesa está en MSN Noticias. Clic aquí
http://noticias.latam.msn.com/ar_______________________________________________
A51 mailing list
[email protected]
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
