On Sunday 30 January 2011 07:26 PM, jtd wrote: > On Sunday 30 January 2011 12:34:22 Rony wrote: > >> Hello, >> >> I was reading about tethering security when I came across this >> article in this link on the net. >> >> http://www.bit-tech.net/news/2008/02/25/gsm_encryption_broken/1 >> >> An important part of the text is reproduced below. >> >> "GSM encryption comes in four flavours: A5/0 is no encryption at >> all, and is the standard for GSM devices shipped to countries the >> distributors don't like all that much; A5/1 is the fairly robust >> 'default' encryption implementation used in the EU and the USA; >> A5/2 is a weakened version of A5/1 offered to countries the >> distributors have no strong feelings about but which the government >> may want to keep its eye on; A5/3 is a newcomer to the scene, >> offering a more robust scheme than A5/1 but currently not >> implemented for anyone who doesn't work for a three-letter-agency." >> >> >> I am curious to know, what security do we use in India? > A5/2 > Both A5/1 and 2 are broken and has been cracked in realtime using an > arm processor and standard Motorola phones > http://www.osmocom.org > > Besides as pointed out in the thread, only data can be encrypted. > Voice has to be transcoded with tighter compression for transport on > the backbone, before the process being reversed going back on the > air. Transcoding is lossy. Also every carrier has different > compression algos on their backbone, hence encrypting voice will > result in garbage at the backbone and consequently garbage at the > reciever. > > Ofcourse legacy phones did not have the horsepower to encrypt and > decrypt in realtime anyway - other than the standard algo that is. > That is not the case now. But due to the backbone requirements, one > would have to make a V110 call (facsimile frames), do compression > with low bandwidth codec, encrypt this and use the saved bandwidth > for the overhead of the cipher stream. > >> I could not >> get exact details on the net. Is the security of GSM equipment >> pre-set by foreign manufacturers (read: their Govts.) or do we as >> Indians have some say to modify it? > You could in principle modify it. But that would require all providers > in India agreeing, using only handsets with the new capability and > would yet leave you vulnerable for traffic outside India. > >
Thanks for the information JTD and others. What surprised me a little was the technology 'apartheid' towards non-US/EU nations. The Western company bosses and their Govts. decide what security level we must have in our own country to suit their requirements, as if they are giving equipment free or at a discount. We (Indian companies) pay through our noses in foreign currency for latest equipment, pay for the foreign engineers' luxurious stay in India and at the end of it all we are getting technology like donations. -- As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones. Regards, Rony. -- http://mm.glug-bom.org/mailman/listinfo/linuxers
