Code breakers crack GSM cellphone encryption
David Wagner
daw at mozart.cs.berkeley.edu
Mon Sep 8 17:52:15 EDT 2003
John Doe Number Two wrote:
>It's nice to see someone 'discovering' what Lucky Green already figured-out
>years ago. I wonder if they'll cut him a check.
No, no, no! This is new work, novel and different from what was
previously known. In my opinion, it is an outstanding piece of research.
Barkan, Biham, and Keller establish two major results:
1. A5/2 can be cracked in real-time using a passive ciphertext only
attack, due to the use of error-correcting coding before encryption.
2. All other GSM calls (including those encoded using A5/1 and A5/3) can
be cracked using an active attack. This attack exploits a protocol flaw:
the session key derivation process does not depend on which encryption
algorithm was selected, hence one can mount an attack on A5/2, learn
the A5/2 key, and this will be the same key used for A5/1 or A5/3 calls.
(they also make other relevant observations, but the above two are
probably the most significant discoveries)
Their attacks permit eavesdropping as well as billing fraud.
See their paper at CRYPTO 2003 for more details. I am disappointed that
you seem to be criticizing their work before even reading their paper.
I encourage you to read the paper -- it really is interesting.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list