Advertisement

Route 66: Passively Breaking All GSM Channels

  • Philip S. Vejre
  • Andrey Bogdanov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8544)

Abstract

The A5/2 stream cipher used for encryption in the GSM mobile phone standard has previously been shown to have serious weaknesses. Due to a lack of key separation and flaws in the security protocols, these vulnerabilities can also compromise the stronger GSM ciphers A5/1 and A5/3. Despite GSM’s huge impact in the field, only a small selection of its channels have been analyzed. In this paper, we perform a complete practical-complexity, ciphertext-only cryptanalysis of all 66 encoded GSM channels. Moreover, we present a new passive attack which recovers the encryption key by exploiting the location updating procedure of the GSM protocol. This update is performed automatically even when the phone is not actively used. Interestingly, the attack potentially enables eavesdropping of future calls.

Keywords

Stream Cipher Linear Feedback Shift Register Quadratic System Input Block Passive Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Association, G.: Brief History of GSM and the GSMA (May 5, 2011), gsmworld.com, http://www.webcitation.org/5yRQRGPgH
  2. 2.
    ETSI: Digital cellular telecommunications system (Phase 2+); Channel coding (GSM 05.03). Technical report, ETSI (1999)Google Scholar
  3. 3.
    Barkan, E., Biham, E., Keller, N.: Instant Ciphertex-Only Cryptanalysis of GSM Encrypted Communication. Journal of Cryptology 21, 392–429 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of the GSM A5/1 and A5/2 ‘voice privacy’ encryption algorithms (1999), http://cryptome.org/gsm-a512.htm
  5. 5.
    Goldberg, I., Wagner, D., Green, L.: The (Real-Time) Cryptanalysis of A5/2. Presented at the Rump Session of Crypto 1999 (1999)Google Scholar
  6. 6.
    Petrovic, S., Fster-Sabater, A.: Cryptanalysis of the A5/2 Algorithm. Cryptology ePrint Archive, Report 2000/052 (2000), http://eprint.iacr.org/
  7. 7.
    Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Golić, J.D.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Barkan, E., Biham, E.: Conditional Estimators: An Effective Attack on A5/1. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM Stream Cipher. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Dunkelman, O., Keller, N., Shamir, A.: A Practical-time Related-key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Bogdanov, A., Eisenbarth, T., Rupp, A.: A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 394–412. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Albrecht, M.R., Pernet, C.: Efficient Dense Gaussian Elimination over the Finite Field with Two Elements. arXiv:1111.6549v1 (November 2011)Google Scholar
  15. 15.
    ETSI: Digital cellular telecommunications system (Phase 2+); Security related network functions (GSM 03.20). Technical report, ETSI (1998)Google Scholar
  16. 16.
    ETSI: Digital cellular telecommunications system (Phase 2+); Physical layer on the radio path; General description (GSM 05.01). Technical report, ETSI (1997)Google Scholar
  17. 17.
    ETSI: Digital cellular telecommunications system (Phase 2+); Mobile radio interface layer 3 specification (GSM 04.08). Technical report, ETSI (1998)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Philip S. Vejre
    • 1
  • Andrey Bogdanov
    • 1
  1. 1.Technical University ofDenmark

Personalised recommendations