Route 66: Passively Breaking All GSM Channels
The A5/2 stream cipher used for encryption in the GSM mobile phone standard has previously been shown to have serious weaknesses. Due to a lack of key separation and flaws in the security protocols, these vulnerabilities can also compromise the stronger GSM ciphers A5/1 and A5/3. Despite GSM’s huge impact in the field, only a small selection of its channels have been analyzed. In this paper, we perform a complete practical-complexity, ciphertext-only cryptanalysis of all 66 encoded GSM channels. Moreover, we present a new passive attack which recovers the encryption key by exploiting the location updating procedure of the GSM protocol. This update is performed automatically even when the phone is not actively used. Interestingly, the attack potentially enables eavesdropping of future calls.
KeywordsStream Cipher Linear Feedback Shift Register Quadratic System Input Block Passive Attack
Unable to display preview. Download preview PDF.
- 2.ETSI: Digital cellular telecommunications system (Phase 2+); Channel coding (GSM 05.03). Technical report, ETSI (1999)Google Scholar
- 4.Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of the GSM A5/1 and A5/2 ‘voice privacy’ encryption algorithms (1999), http://cryptome.org/gsm-a512.htm
- 5.Goldberg, I., Wagner, D., Green, L.: The (Real-Time) Cryptanalysis of A5/2. Presented at the Rump Session of Crypto 1999 (1999)Google Scholar
- 6.Petrovic, S., Fster-Sabater, A.: Cryptanalysis of the A5/2 Algorithm. Cryptology ePrint Archive, Report 2000/052 (2000), http://eprint.iacr.org/
- 14.Albrecht, M.R., Pernet, C.: Efficient Dense Gaussian Elimination over the Finite Field with Two Elements. arXiv:1111.6549v1 (November 2011)Google Scholar
- 15.ETSI: Digital cellular telecommunications system (Phase 2+); Security related network functions (GSM 03.20). Technical report, ETSI (1998)Google Scholar
- 16.ETSI: Digital cellular telecommunications system (Phase 2+); Physical layer on the radio path; General description (GSM 05.01). Technical report, ETSI (1997)Google Scholar
- 17.ETSI: Digital cellular telecommunications system (Phase 2+); Mobile radio interface layer 3 specification (GSM 04.08). Technical report, ETSI (1998)Google Scholar