Advertisement

Attacks on the DECT Authentication Mechanisms

  • Stefan Lucks
  • Andreas Schuler
  • Erik Tews
  • Ralf-Philipp Weinmann
  • Matthias Wenzel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)

Abstract

Digital Enhanced Cordless Telecommunications (DECT) is a standard for connecting cordless telephones to a fixed telecommunications network over a short range. The cryptographic algorithms used in DECT are not publicly available. In this paper we reveal one of the two algorithms used by DECT, the DECT Standard Authentication Algorithm (DSAA). We give a very detailed security analysis of the DSAA including some very effective attacks on the building blocks used for DSAA as well as a common implementation error that can practically lead to a total break of DECT security. We also present a low cost attack on the DECT protocol, which allows an attacker to impersonate a base station and therefore listen to and reroute all phone calls made by a handset.

Keywords

Block Cipher Mutual Authentication European Telecommunication Standard Institute Encrypt Communication Digital Enhance Cordless Telecommunication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  3. 3.
    Ettus, M.: USRP user’s and developer’s guide. Ettus Research LLC (February 2005)Google Scholar
  4. 4.
    European Telecommunications Standards Institute. ETSI EN 300 444 V1.4.2 (2003- 02): Digital Enhanced Cordless Telecommunications (DECT); Generic Access Profile (February 2003)Google Scholar
  5. 5.
    European Telecommunications Standards Institute. ETSI EN 300 175-7 V2.1.1: Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security Features (August. 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Stefan Lucks
    • 1
  • Andreas Schuler
    • 2
  • Erik Tews
    • 3
  • Ralf-Philipp Weinmann
    • 4
  • Matthias Wenzel
    • 5
  1. 1.Bauhaus-University WeimarGermany
  2. 2.Chaos Computer Club TrierGermany
  3. 3.FB InformatikTU DarmstadtGermany
  4. 4.FSTCUniversity of LuxembourgLuxembourg
  5. 5.Chaos Computer Club MünchenGermany

Personalised recommendations