Hi Sylvain, On 30-Jul-10 23:14, Sylvain Munaut wrote: > Hi, > >> The presentation has been posted here: >> http://srlabs.de/research/decrypting_gsm/ > > Just a quick note about the mitigation steps mentioned in TS44.006 > (the 'random padding'). > > At least on my local networks this would have virtually no effect to > do only that. > The SI5 & SI5ter don't have any padding here so their content would be > known in anyway and they provide way enough plain text.
That's a correct observation: Randomizing filling bytes would force an attacker to use SI messages instead, thus increasing the attack complexity by at least an order of magnitude due to the variability in the SI content and placement. SI messages, too, should be randomized as you point out: > Randomizing the TA by +/-1, or randomizing the encoding of the BCCH > list, and randomizing the order of SI5/5ter/6 on SACCH would have more > effect. But that's still very limited (there is only so many way to > encode the same information), and would only slow down the attack a > little ... Beyond the ordering of the values, SI 5/6 messages, are filled with '00' bytes. My proposal would be to randomize those in the same way as the '2B' pattern. Even making a single byte unpredictable would increase the attack effort by two orders of magnitude. Cheers, -Karsten _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
