Re: Code breakers crack GSM cellphone encryption/GNU Radio

2003-09-11 Thread Barry Wels
Actually, patenting the method isn't nearly as silly as it sounds.
Produced in quantity, a device to break GSM using this attack is not going 
to cost much more than a cellphone (without subsidies). Patenting the 
attack prevents the production of the radio shack (tm) gsm scanner, so 
that it at least requires serious attackers, not idle retirees or jealous 
teenagers.

 Not if they can type GNURadio into Google.

Eric Blossom of GNU Radio visited Europe one month ago.
Some radio enthusiasts in the Netherlands where interested in the
GNU radio project. So I asked Eric if it was ok to make a video for them.

The resulting two video clips are online (in MPG / VCD quality).

GNU-radio_intro.mpg and
GNU-radio _Q_and_A.mpg

A zip containing these two video files can be found on :

http://diorella.boppelans.net/gnu-radio.zip (108 Mb)

Enjoy, and feel free to mirror / distribute them ...

With regards,

Barry Wels.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-10 Thread bear


On Mon, 8 Sep 2003, Dave Emery wrote:

   Just to amplify this a bit, does anyone seriously think the
NSA's satellite and embassy based cellphone interception capability is
primarily targeted against - US - GSM calls ?   Or that they can
routinely get warrants to listen in using the wired tapping
infrastructure in say Russia or France or Iran ?

Of course the NSA's satellite and embassy based cellphone interception
capability isn't primarily targeted against - US - calls; that would
be illegal.  The snooping in the US is done by others and then handed
over to the NSA instead.  And of course the NSA does the same for
them.  This is what the UKUSA agreement is all about.

Bluntly, no matter who does the actual interception work, in the
modern world every intel agency's analytic and correlative resources
are targeted against everybody in the world.  To say that some
particular agency doesn't do intercepts in some particular country is
irrelevant; It's all just data. Remember lawmakers learning that the
internet treats censorship as damage and routes around it?  Well,
we're looking at the same phenomenon here: the worldwide intel
community treats privacy laws and operational restrictions as damage
and routes around them.  It's exactly the same thing.

I'd be willing to bet most nations even get intel on their own
citizens that's gathered by actively hostile countries: An actively
hostile nation, let's say, snoops on american citizens.  Then they
share the intel product with someone they've got a treaty with, and
then that country shares it with somebody they've got a treaty with,
and they share it with the US.  It's all just routing.  Someone has
information somebody else wants, somebody else has money or intel to
swap for it.  It doesn't take a genius to figure out, it's just going
to happen.  Anything an intel service shares with anybody, it's
putting into the network, and it's going to get around to everybody.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-09 Thread John Gilmore
 See their paper at CRYPTO 2003 for more details.  I am disappointed that
 you seem to be criticizing their work before even reading their paper.
 I encourage you to read the paper -- it really is interesting.

OK, then, where is it?  I looked on:

  www.iacr.org under Crypto 2003 -- no papers there.  The title of the
  paper, presented in Session 15, is:

Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication
Elad Barkan,  Eli Biham,  Nathan Keller

  www.iacr.org under Conference Proceedings -- Crypto 2003 not there.
  www.iacr.org under Cryptology ePrint archive -- no Biham or GSM papers there.
  www.cs.technion.ac.il/~biham/ -- latest paper is from 2000.
  www.cs.technion.ac.il/~barkan/ -- access denied
  www.cs.technion.ac.il -- a news item about the GSM crack, but no paper.

I'm even a dues-paying IACR member, but I don't seem to have online
access to the papers from recent conferences.  I'm sure a copy will
show up in the mail a few months from now.  Let me guess -- the devils
at Springer-Verlag have stolen IACR's copyrights and the researchers
were dumb enough to hand their copyright to IACR...

John

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-09 Thread David Wagner
Vin McLellan  wrote:
A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and 
developed as an export standard.

Yeah.  Except it would be more accurate to place A5/2's strength as
roughly equivalent to 17-bit DES.  A5/1's strength is roughly equivalent
to that of 40-bit DES.

Of course, the GSM folks didn't exactly do a great job of disclosing
these facts.  They did disclose that A5/2 was the exportable version.
However, when A5/2 was first designed, SAGE put out a report that claimed
years of security analysis on A5/2 had been done and no mathematical
weaknesses had been found.  Now that we've seen A5/2, that report suffers
from a certain credibility gap, to put it mildly...

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-09 Thread David Wagner
One point your analysis misses is that there are public policy
implications to deploying a phone system that enemy countries can
routinely intercept.  Not all attacks are financially motivated.

Is it a good thing for our infrastructure to be so insecure?
Do we want other countries listening to our GSM calls?  Do other
countries want us listening to their GSM calls?  Is it a good thing
if such interception is made easier?  Sure, it may be in the SIGINT
agencies' interests for GSM to be crackable, but is it in the
public interest?  It's not clear.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Olle Mulmo

DCMA comes to mind: it could potentially make it a little harder to get
your hands on any mass market eavesdropping tool.

If you are terribly concerned about this, there are end-to-end encryption
phones on the market that are used by military and others already today.
Such systems come with a price tag though: As for me, the ordinary end
user, I just have be as careful with what I say or trust when communicating
over the phone as when I'm using email.

But that should have already been the case, had I thought things through,
and shouldn't come as a shock.

/Olle

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Honig
Sent: den 8 september 2003 02:18
To: R. A. Hettinga; Clippable
Cc: [EMAIL PROTECTED]
Subject: Re: Code breakers crack GSM cellphone encryption

A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.

Laughing my ass off.  Since when do governments care about patents? 
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Greg Rose
At 05:18 PM 9/7/2003 -0700, David Honig wrote:
A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.
Laughing my ass off.  Since when do governments care about patents?
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.
Actually, patenting the method isn't nearly as silly as it sounds. Produced 
in quantity, a device to break GSM using this attack is not going to cost 
much more than a cellphone (without subsidies). Patenting the attack 
prevents the production of the radio shack (tm) gsm scanner, so that it 
at least requires serious attackers, not idle retirees or jealous teenagers.

Greg.

Greg Rose   INTERNET: [EMAIL PROTECTED]
Qualcomm Australia  VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Greg Rose
At 11:43 AM 9/8/2003 -0400, Anton Stiglic wrote:
I think this is different however.  The recent attack focused on the A5/3
encryption algorithm, while the work of Lucky, Briceno, Goldberg, Wagner,
Biryukov, Shamir (and others?) was on A5/1 and A5/2 (and other crypto
algorithms of GSM, such as COMP128, ...).
No, that's not right. The attack *avoids* A5/3, by making the terminal end 
of the call fall back to A5/2, solving for the key in real time, then 
continuing to use the same key with A5/3.

A5/3 (based on Kasumi, and essentially the same as the WCDMA algorithm 
UEA1) is not in any way compromised by this attack.

Greg.

Greg Rose   INTERNET: [EMAIL PROTECTED]
Qualcomm Australia  VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 02:37 AM 9/9/2003 +1000, Greg Rose wrote:
At 05:18 PM 9/7/2003 -0700, David Honig wrote:
A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.
Laughing my ass off.  Since when do governments care about patents?
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.
Actually, patenting the method isn't nearly as silly as it sounds. 
Produced in quantity, a device to break GSM using this attack is not going 
to cost much more than a cellphone (without subsidies). Patenting the 
attack prevents the production of the radio shack (tm) gsm scanner, so 
that it at least requires serious attackers, not idle retirees or jealous 
teenagers.
Not if they can type GNURadio into Google.

steve

A foolish Constitutional inconsistency is the hobgoblin of freedom, adored 
by judges and demagogue statesmen.
- Steve Schear 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Trei, Peter
 David Honig[SMTP:[EMAIL PROTECTED] wrote:
 
 At 02:37 AM 9/9/03 +1000, Greg Rose wrote:
 At 05:18 PM 9/7/2003 -0700, David Honig wrote:
 Laughing my ass off.  Since when do governments care about patents?
 How would this help/harm them from exploiting it?   Not that
 high-end LEOs haven't already had this capacity ---Biham et al
 are only the first *open* researchers to reveal this.
 
 Actually, patenting the method isn't nearly as silly as it sounds.
 Produced 
 in quantity, a device to break GSM using this attack is not going to cost
 
 much more than a cellphone (without subsidies). Patenting the attack 
 prevents the production of the radio shack (tm) gsm scanner, so that it
 
 at least requires serious attackers, not idle retirees or jealous
 teenagers.
 
Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, and all GSM calls travel
through 
the POTS land line system in the clear, where they are subject to 
warranted wiretaps.

Breaking GSM is only of useful if you have no access to the landline
portion of the system.

Peter Trei



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Ian Grigg
Trei, Peter wrote:

 Why the heck would a government agency have to break the GSM encryption
 at all?

Once upon a time, it used to be the favourite
sport of spy agencies to listen in on the
activities of other countries.  In that case,
access to the radio waves was much more juicy
than access to the POTS.

I've not heard anything explicitly on this,
but I'd expect satellites to be able to pick
up GSM calls.  (One of the things I have heard
is that the Chinese sold fibre networking to
Iraq, and the Russians sold special phones
with better crypto.  Don't know how true any
of that is.)

Also, the patent issue will work very well in
countries where there are laws against hacking
and cracking and so forth.  Rather than have
such laws subject to challenge in the supreme
court, a perp can be hit with both patent
infringement and illegal digital entry.  The
chances that anyone can defeat both of those
are slim.

(OTOH, I wonder if it is possible to patent or
licence something that depends on an illegal
act?)


iang

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Bill Stewart
Trei, Peter wrote:
Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, 
 and all GSM calls travel through the POTS land line system in the clear,
 where they are subject to warranted wiretaps.
Breaking GSM is only of useful if you have no access to the landline
portion of the system.
Some governments are more concerned about using warrants
than others are.  Sometimes the ones that are concerned about them
also have police agencies that like to avoid using them.
Some phone companies are pickier about paperwork than others.
Some phone companies are faster about responding than others.
Having governments that are officially less concerned about warrants
is often correlated with having monopoly phone companies,
which is often correlated with slow bureaucratic response -
they may be extremely happy to help out the police,
but that doesn't mean it doesn't take 18 steps to accomplish it.
Landline-based wiretaps work best if you know the phone number;
over-the-air systems can be more flexible about picking up
any phone nearby, so if you see your target pick up a phone,
but don't know its phone number, they're more convenient.
And in landline-tapping environments, clever law-evaders
can usually acquire the equipment to keep switching phones.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread David Wagner
John Doe Number Two  wrote:
It's nice to see someone 'discovering' what Lucky Green already figured-out
years ago.  I wonder if they'll cut him a check.

No, no, no!  This is new work, novel and different from what was
previously known.  In my opinion, it is an outstanding piece of research.

Barkan, Biham, and Keller establish two major results:

1. A5/2 can be cracked in real-time using a passive ciphertext only
attack, due to the use of error-correcting coding before encryption.

2. All other GSM calls (including those encoded using A5/1 and A5/3) can
be cracked using an active attack.  This attack exploits a protocol flaw:
the session key derivation process does not depend on which encryption
algorithm was selected, hence one can mount an attack on A5/2, learn
the A5/2 key, and this will be the same key used for A5/1 or A5/3 calls.

(they also make other relevant observations, but the above two are
probably the most significant discoveries)

Their attacks permit eavesdropping as well as billing fraud.

See their paper at CRYPTO 2003 for more details.  I am disappointed that
you seem to be criticizing their work before even reading their paper.
I encourage you to read the paper -- it really is interesting.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 05:04 PM 9/8/2003 -0400, Trei, Peter wrote:
 David Honig[SMTP:[EMAIL PROTECTED] wrote:

 At 02:37 AM 9/9/03 +1000, Greg Rose wrote:

 much more than a cellphone (without subsidies). Patenting the attack
 prevents the production of the radio shack (tm) gsm scanner, so that it

 at least requires serious attackers, not idle retirees or jealous
 teenagers.

Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, and all GSM calls travel
through
the POTS land line system in the clear, where they are subject to
warranted wiretaps.
Breaking GSM is only of useful if you have no access to the landline
portion of the system.
LE agencies have been known to eavesdrop on cellular communications over 
the air when a wiretap might cause trouble later.  They are also thought to 
possess cellular spoofing equipment so targeted subscriber instruments can 
be captured by mobile rouge cell sites for fun stuff (I seem to recall 
Harris Communications made these).

steve

A foolish Constitutional inconsistency is the hobgoblin of freedom, adored 
by judges and demagogue statesmen.
- Steve Schear 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Vin McLellan
At 05:04 PM 9/8/03 , Trei, Peter wrote:

Why the heck would a government agency have to break the GSM encryption at 
all? The encryption is only on the airlink, and all GSM calls travel 
through the POTS land line system in the clear, where they are subject to 
warranted wiretaps.
A government agency would be interested in breaking GSM crypto when it 
wants to target a phone call which is going through a switch and local 
wires that are under the control of another nation, or perhaps where it 
does not wish to go through whatever process might be required to gain 
legitimate or warranted access to the call's content.

A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and 
developed as an export standard.

I always thought that the important fact about the GSM secure crypto 
protocol, A5/1, was that it was reportedly chosen and adapted for this 
function by the (never identified) members of the GSM SAGE committee of 
European experts,  a multi-national group of industrial and government 
representatives.

I always presumed the SAGE group had a common interest in unwarranted 
access -- to (A5/1-secured) calls in Europe, as well as (A5/2) calls 
elsewhere -- which, for the various national security agencies involved, 
outweighed their individual interest in providing security to their 
respective citizenry.

As I recall, COMP128 came from German sources, and A5/1 was adapted from a 
French naval cipher.


Breaking GSM is only of useful if you have no access to the landline 
portion of the system.
That's right, of course.

Crypto aside, I was wondered if it might be somehow easier (legally, 
technically, procedurally) to attack the radio link of a roving GSM call -- 
even given the rapid pace of hand-off from one tower to another, as a 
mobile caller rapidly passes through several small microcell territories -- 
than would be to recover that call by tracking it through a large number of 
successive connections to the land-line telecom GSM switches.  A friend was 
telling me that he switches from one microcell to another every couple 
hundred yards in some communities.

Anyone know?

Suerte,

_Vin
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread David Honig
At 05:04 PM 9/8/03 -0400, Trei, Peter wrote:
Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, and all GSM calls travel
through 
the POTS land line system in the clear, where they are subject to 
warranted wiretaps.

Breaking GSM is only of useful if you have no access to the landline
portion of the system.

You forget that some regimes want to listen to GSM calls
in places that they don't control.







-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Dave Emery
On Mon, Sep 08, 2003 at 09:55:41PM +, David Wagner wrote:
 Trei, Peter wrote:
 Why the heck would a government agency have to break the GSM encryption
 at all?
 
 Well, one reason might be if that government agency didn't have lawful
 authorization from the country where the call takes place.
 
 (say, SIGINT on GSM calls made in Libya)
 
Just to amplify this a bit, does anyone seriously think the
NSA's satellite and embassy based cellphone interception capability is
primarily targeted against - US - GSM calls ?   Or that they can
routinely get warrants to listen in using the wired tapping
infrastructure in say Russia or France or Iran ?

And for that matter would you want the US government to grant
the Mossad or GCHQ or other allied spy agencies the right to ask for and
use CALEA wiretaps within the US on targets of interest only to THEM who
might well be law abiding US citizens minding their own business (at
least more or less) and not subject to legal US wiretaps ?

It is true that POLICE (eg law enforcement) wiretaps can be
mostly done with CALEA gear (and should be to ensure they aren't done
when not authorized by a suitable warrant), but national security and
intelligence wiretaps are a completely different kettle of fish,
particularly overseas.

And this says nothing at all about the need for tactical
military wiretaps on GSM systems under battlefield conditions when
soldiers lives may depend on determining what the enemy is saying over
cellphones used to direct attacks against friendly forces.


-- 
   Dave Emery N1PRE,  [EMAIL PROTECTED]  DIE Consulting, Weston, Mass 02493


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Code breakers crack GSM cellphone encryption

2003-09-07 Thread R. A. Hettinga
http://www.israel21c.org/bin/en.jsp?enPage=BlankPageenDisplay=viewenDispWhat=objectenDispWho=Articles%5El496enZone=TechnologyenVersion=0;


Israel21c

Code breakers crack GSM cellphone encryption
By ISRAEL21c staffšššSeptember 07, 2003



The faults discovered in the 850 million cellphones could be used by
thieves or eavesdroppers to listen in on calls, steal calls and even to
impersonate phone owners.


Company develops unbreakable data encryption code

š

Israeli counter-terrorism experts teams up with U.S. cyber-security firm

š


Technion

š
š

Experts at the Technion in Haifa who specialize in cryptography have
discovered that mobile phone calls made on the popular GSM network are
vulnerable to break-ins.  The faults discovered in the 850 million
cellphones could be used by thieves or eavesdroppers to listen in on calls,
steal calls and even to impersonate phone owners.

The team of researchers in Haifa, including Professor Eli Biham and
doctoral students Elad Barkan and Natan Keller, presented their findings at
the Crypto 2003 conference held two weeks ago at the University of
California, Santa Barbara.

The 450 participants, many of whom are leaders in encryption research,
'were shocked and astounded' by their revelation that most cellphones are
susceptible to misuse.  'They were very interested in our work and
congratulatory,' Biham said.

If the cellphone companies in 197 countries want to correct the code errors
that expose them to trickery and abuse, they will have to call in each
customer to make a change in the cellphone's programming, or replace all of
the cellular phones used by their subscribers.

Biham,  Barkan, and Keller's discovery involved a basic flaw in the
encryption system of the GSM (global system for mobile communications)
network, which is used by 71 percent of all cellphones.

Elad discovered a serious flaw in the network's security system,
explained Biham. He found that the GSM network does not work in the proper
order: First, it inflates the information passing through it in order to
correct for interference and noise and only then encrypts it.

At first,I told him (Barkan) that it was impossible, Biham told Reuters.
I said such a basic mistake would already have been noticed by someone
else. But he was right, the mistake was there.

In the wake of this discovery, the three Technion researchers developed a
method that enables cracking the GSM encryption system at the initial
ringing stage, even before the call begins, and later on, listening in on
the call. With the aid of a special device that can also broadcast, it is
possible to steal calls and even to impersonate phone owners, even in the
middle of an ongoing call.

We can listen in to a call while it is still at the ringing stage and
within a fraction of a second know everything about the user, Biham said.
Then we can listen in to the call.

Using a special device it's possible to steal calls and impersonate
callers in the middle of a call as it's happening, he said. GSM code
writers made a mistake in giving high priority to call quality, correcting
for noise and interference, and only then encrypting, Biham said.

Recently, a new and modern encryption system was chosen as a response to
previous attacks on existing encryption system. But the Technion
researchers also succeeded in overcoming this improvement. The new method
works for all GSM networks worldwide, including the U.S. and Europe.

Four years ago, a number of articles were published by Israel researchers -
including
Biham - warning of the possibility of cracking the GSM code. An even
earlier study on this potential problem was conducted by Professor Adi
Shamir of the Weizmann Institute of Science, a world expert in cryptography
whose encryption system is widely used in the field of satellite television.

The cellular companies responded to these earlier publications by
explaining that it would be very difficult to implement these theoretical
scenarios. To crack the codes, a hacker would need to tap into a
conversation at the  precise moment it began and there is really no chance
of doing this, the cellular firm said.

Biham explained  that encryption ciphers were kept absolutely secret until
1999 when a researcher called Marc Briceno succeeded to reverse engineer
their algorithms. Since then many attempts have been made to crack them,
but these attempts required knowing the call's content during its initial
minutes in order to decrypt its continuation, and afterwards, to decrypt
additional calls. Since there was no way of knowing call content, these
attempts never reached a practical stage. Our research shows the existence
of the possibility to crack the codes without knowing anything about call
content, he notes.

A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.

The GSM Association, representing vendors who sell the world's

Re: Code breakers crack GSM cellphone encryption

2003-09-07 Thread John Doe Number Two
It's nice to see someone 'discovering' what Lucky Green already figured-out
years ago.  I wonder if they'll cut him a check.

-JD, II

Also sprach R. A. Hettinga aka [EMAIL PROTECTED] on 07.9.03 14:32 :

 http://www.israel21c.org/bin/en.jsp?enPage=BlankPageenDisplay=viewenDispWha
 t=objectenDispWho=Articles%5El496enZone=TechnologyenVersion=0
 
 
 Israel21c
 
 Code breakers crack GSM cellphone encryption
 By ISRAEL21c staffšššSeptember 07, 2003
 
 
 
 The faults discovered in the 850 million cellphones could be used by
 thieves or eavesdroppers to listen in on calls, steal calls and even to
 impersonate phone owners.
 
 
 Company develops unbreakable data encryption code
 
 š
 
 Israeli counter-terrorism experts teams up with U.S. cyber-security firm
 
 š
 
 
 Technion
 
 š
 š
 
 Experts at the Technion in Haifa who specialize in cryptography have
 discovered that mobile phone calls made on the popular GSM network are
 vulnerable to break-ins.  The faults discovered in the 850 million
 cellphones could be used by thieves or eavesdroppers to listen in on calls,
 steal calls and even to impersonate phone owners.
 
 The team of researchers in Haifa, including Professor Eli Biham and
 doctoral students Elad Barkan and Natan Keller, presented their findings at
 the Crypto 2003 conference held two weeks ago at the University of
 California, Santa Barbara.
 
 The 450 participants, many of whom are leaders in encryption research,
 'were shocked and astounded' by their revelation that most cellphones are
 susceptible to misuse.  'They were very interested in our work and
 congratulatory,' Biham said.
 
 If the cellphone companies in 197 countries want to correct the code errors
 that expose them to trickery and abuse, they will have to call in each
 customer to make a change in the cellphone's programming, or replace all of
 the cellular phones used by their subscribers.
 
 Biham,  Barkan, and Keller's discovery involved a basic flaw in the
 encryption system of the GSM (global system for mobile communications)
 network, which is used by 71 percent of all cellphones.
 
 Elad discovered a serious flaw in the network's security system,
 explained Biham. He found that the GSM network does not work in the proper
 order: First, it inflates the information passing through it in order to
 correct for interference and noise and only then encrypts it.
 
 At first,I told him (Barkan) that it was impossible, Biham told 
 Reuters-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-07 Thread David Honig
At 03:32 PM 9/7/03 -0400, R. A. Hettinga wrote:
If the cellphone companies in 197 countries want to correct the code errors
that expose them to trickery and abuse, they will have to call in each
customer to make a change in the cellphone's programming, or replace all of
the cellular phones used by their subscribers.

I've read that the lifecycle of a cell phone is about 2 years, 
FWIW.

During a kids-channel TV show, I saw that if you buy 4 dolls
you get a prepaid phone free.  Took me a while to get over
that future-shock.

A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.

Laughing my ass off.  Since when do governments care about patents? 
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.









-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]