Wednesday, December 30, 2009

Cracking GSM Encryption for Public

Few days ago, in 26th Chaos Communication Congress(26C3), researchers presented a live proof-of-concept for cracking GSM encryption protocol A5/1 that is used in many GSM networks worldwide nowadays.

- Security agencies worldwide are cracking the A5/1 for years, now it is publicly available
- It was previously cracked in 2008 by someone else, but the tables was never released
- The crack is using rainbow tables created by the community
- A5/1 is vulnerable to pre-computation attack
- Creation of pre-computed tables will take 100,000+ year on a single PC, or 3 months using 80 distributed CUDA nodes.
- The new table generation techniques and tools are released as open-source
- Pre-computed tables are publicly available on bittorrent networks
- The attack claim 50% success rate, without capturing data from the registered phone, 99% with data captured from the phone.
- Open Source interceptor: OpenBTS and Radio Receiver System (USRP2)
- The needed equipment cost 4000$
- The next generation protocol A5/3 is academically broken.

So what is new here?
Actually A5/1 is known to be a weak stream cipher for long time but details were only for closed groups, now it is public, relatively easy, and cheap. The interesting part is that many GSM operators are using this well-known weak encryption.

The moral of the story is ..... keep your mouth shut....


No comments: