Code breakers crack GSM cellphone encryption

R. A. Hettinga rah at shipwright.com
Sun Sep 7 15:32:44 EDT 2003 

<http://www.israel21c.org/bin/en.jsp?enPage=BlankPage&enDisplay=view&enDispWhat=object&enDispWho=Articles%5El496&enZone=Technology&enVersion=0&>


Israel21c

Code breakers crack GSM cellphone encryption
By ISRAEL21c staffšššSeptember 07, 2003



The faults discovered in the 850 million cellphones could be used by
thieves or eavesdroppers to listen in on calls, steal calls and even to
impersonate phone owners.


Company develops unbreakable data encryption code

š

Israeli counter-terrorism experts teams up with U.S. cyber-security firm

š


Technion

š
š

Experts at the Technion in Haifa who specialize in cryptography have
discovered that mobile phone calls made on the popular GSM network are
vulnerable to break-ins.  The faults discovered in the 850 million
cellphones could be used by thieves or eavesdroppers to listen in on calls,
steal calls and even to impersonate phone owners.

The team of researchers in Haifa, including Professor Eli Biham and
doctoral students Elad Barkan and Natan Keller, presented their findings at
the Crypto 2003 conference held two weeks ago at the University of
California, Santa Barbara.

The 450 participants, many of whom are leaders in encryption research,
'were shocked and astounded' by their revelation that most cellphones are
susceptible to misuse.  'They were very interested in our work and
congratulatory,' Biham said.

If the cellphone companies in 197 countries want to correct the code errors
that expose them to trickery and abuse, they will have to call in each
customer to make a change in the cellphone's programming, or replace all of
the cellular phones used by their subscribers.

Biham,  Barkan, and Keller's discovery involved a basic flaw in the
encryption system of the GSM (global system for mobile communications)
network, which is used by 71 percent of all cellphones.

"Elad discovered a serious flaw in the network's security system,"
explained Biham. "He found that the GSM network does not work in the proper
order: First, it inflates the information passing through it in order to
correct for interference and noise and only then encrypts it."

At first,"I told him (Barkan) that it was impossible," Biham told Reuters.
"I said such a basic mistake would already have been noticed by someone
else. But he was right, the mistake was there."

In the wake of this discovery, the three Technion researchers developed a
method that enables cracking the GSM encryption system at the initial
ringing stage, even before the call begins, and later on, listening in on
the call. With the aid of a special device that can also broadcast, it is
possible to steal calls and even to impersonate phone owners, even in the
middle of an ongoing call.

"We can listen in to a call while it is still at the ringing stage and
within a fraction of a second know everything about the user," Biham said.
"Then we can listen in to the call.

"Using a special device it's possible to steal calls and impersonate
callers in the middle of a call as it's happening," he said. GSM code
writers made a mistake in giving high priority to call quality, correcting
for noise and interference, and only then encrypting, Biham said.

Recently, a new and modern encryption system was chosen as a response to
previous attacks on existing encryption system. But the Technion
researchers also succeeded in overcoming this improvement. The new method
works for all GSM networks worldwide, including the U.S. and Europe.

Four years ago, a number of articles were published by Israel researchers -
including
Biham - warning of the possibility of cracking the GSM code. An even
earlier study on this potential problem was conducted by Professor Adi
Shamir of the Weizmann Institute of Science, a world expert in cryptography
whose encryption system is widely used in the field of satellite television.

The cellular companies responded to these earlier publications by
explaining that it would be very difficult to implement these theoretical
scenarios. To crack the codes, a hacker would need to tap into a
conversation at the  precise moment it began and there is really no chance
of doing this, the cellular firm said.

Biham explained  that encryption ciphers were kept absolutely secret until
1999 when a researcher called Marc Briceno succeeded to reverse engineer
their algorithms. "Since then many attempts have been made to crack them,
but these attempts required knowing the call's content during its initial
minutes in order to decrypt its continuation, and afterwards, to decrypt
additional calls. Since there was no way of knowing call content, these
attempts never reached a practical stage. Our research shows the existence
of the possibility to crack the codes without knowing anything about call
content," he notes.

A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.

The GSM Association, representing vendors who sell the world's largest
mobile system, which is used by more than 860 million consumers in 197
countries, confirmed the security hole but said it would be expensive and
complicated to exploit.

"This (technique) goes further than previous academic papers, (but) it is
nothing new or surprising to the GSM community. The GSM Association
believes that the practical implications of the paper are limited," it said
in a statement.

The GSM program was created some two decades ago and is now in its second
generation. A third generation is being developed, Biham said, 'and since
we told them about the fault, they will be able to produce it without
errors, but I don't know how long it will take before the new system is
released.'

Biham was not aware of any clever thief who has already used the fault to
cheat phone users, but 'any failure like this could eventually be
discovered and used for illegal purposes. That's why we made the
information known to GSM.'

Even if the cellular companies choose not to fix the breach discovered in
the GSM security system, this problem will disappear when the cellular
operators move to the third generation of cellular technology. According to
Biham, the problem does not exist in this next-generation standard. But it
will be several years before the third-generation technology is fully
deployed. Partner plans to begin trial use of the new technology next year,
with commercial operation starting only at the end of the year
or in 2005.


š
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list