[LINK] Australia, and GSM A5/1/2/3 protocols
stephen at melbpc.org.au
stephen at melbpc.org.au
Sun Jan 3 17:36:16 AEDT 2010
GSM encryption is now effectively broken
by David Heath Friday, 01 January 2010
http://www.itwire.com/content/view/30293/53/
At the 26th Chaos Communication Congress (26C3) last week, Karsten Nohl
offered new insights and methods for cracking GSM encryption.
Security researchers have long considered GSM security to be weak and
there have been many projects aimed at exposing a variety of these
security weaknesses.
There are four levels of encryption available for GSM, discussed in
detail here: http://www.itwire.com/content/view/16824/1154/
Many countries were not given access to any form of encryption .. and
only the most friendly (mainly Western Europe and USA) were given access
to the strongest (called A5/1).
Australia was not considered a favoured country and was only permitted to
implement the fully broken A5/2 protocols.
A Wikipedia article gives good detail of the history of attacks on A5/1.
http://en.wikipedia.org/wiki/A5/1
There is an interesting report from 1994 of the political in-fighting
which led to the selection of the knowingly weak French solution over the
strong objections of the Germans who (at the time) shared a border with a
number of communist countries and would have preferred very strong
encryption.
http://groups.google.com/group/uk.telecom/msg/ba76615fef32ba32?pli=1
A recently reported project to create rainbow tables for GSM decryption
has reached its end the tables are available and at just 2TB, are
smaller than expected.
http://en.wikipedia.org/wiki/Rainbow_tables
Karsten Nohl's presentation at 26C3 outlines the work completed thus far
and also describes early efforts to fully crack the supposedly more
secure A5/3 protocol.
http://events.ccc.de/congress/2009/Fahrplan/attachments/1479_26C3.Karsten.
Nohl.GSM.pdf
Much of the project management is being handled through the Trac site
where news, source code and other resources are available.
http://reflextor.com/trac/a51
Message sent using MelbPC WebMail Server
More information about the Link
mailing list