1994-11-28 - Re: Cell Phones Security??

Header Data

From: “Ian Farquhar” <ianf@sydney.sgi.com>
To: cypherpunks@toad.com
Message Hash: 66d535dd3a74595bf9140dbb02009f13d4271531877f59df4adb44a485152835
Message ID: <9411281101.ZM1069@wiley.sydney.sgi.com>
Reply To: <m0rAGBX-000SgAC@mserve>
UTC Datetime: 1994-11-28 00:09:27 UTC
Raw Date: Sun, 27 Nov 94 16:09:27 PST

Raw message

From: "Ian Farquhar" <ianf@sydney.sgi.com>
Date: Sun, 27 Nov 94 16:09:27 PST
To: cypherpunks@toad.com
Subject: Re: Cell Phones Security??
In-Reply-To: <m0rAGBX-000SgAC@mserve>
Message-ID: <9411281101.ZM1069@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Nov 24, 12:48am, Chris Wedgwood wrote:
>I guess in theory GSM is the most secure. Only in practice its not. Many of
the
>signals from GSM calls can and in some places (e.g. where I live in NZ) go via
>analogue repeaters so the call can still be heard of scanners....

*Sigh*  Alas too often true.

Even so, I am not at all convinced of the security of A5/1.  The version of
the algorithm which was "leaked" to the network looked like an undergraduate's
toy cipher, with (reportedly) 40 bits of key entropy at best.  I have spoken
to two people who are officially familiar with the cipher, one of whom
led me to believe that the leaked version was genuine, and the other who
said it was a very early design and bore little resemblence to the final
released A5/1.

Four other observations don't lead me to have much confidence in it:

1. The reason for it remaining confidential has gone from it being too
   secure for the public to see, onto it being too insecure and thus needing
   a security by obscurity protection.
2. The cipher design process was quite contentious, and had the involvement
   of a lot of people who did not want the public to have decent security.
3. The cipher was originally a French design.  Disregarding the well-known
   hostility of the French government to domestic cryptography, I read a
   rather interesting comment in "Tower of Secrets" (written by a former
   KGB cipher-expert) that he wouldn't defect to the French because their
   ciphers were an "open book" to the Soviets.  Note that this was at the time
   that the KGB computer base could be counted on one hand, and they certainly
   were not in general use.
4. Although a lot of countries are not happy about it, it looks like A5/1
   will be allowed to be imported into China.

A5/1 was described to be as a cipher suitable for "tactical security", where
the tactical value of the information transmitted encoded with it was
only usable for less than six weeks.  I really would like to ram this comment
up Telecom's advertising department, which describes conversations over
GSM phones as "unbreakable".

> If someone does really want to listen in on your calls though, they can even
> with it being encrypted. The encryption is believe to be a crippled version
> of A5 and many people claim to have made devices (usually be re-programming
> and hack GSM phones themselves) to decrypt the messages anyway....

A5/1 is the "strong" version, A5/2 (formerly A5/X) is the crippled version.
According to the person I spoke to at Austel, base station equipment which
implements A5/2 is just not available, and so everyone is installing A5/1.
All three carriers in Australia use A5/1.  I confirmed this via Austel,
not via the carriers themselves.  Telecom and Optus did not get back to me
with an answer, although the Optus reps gave a valiant attempt.  The Vodaphone
people quite rudely told me that this information was "classified", and that
I wasn't allowed to know.

I've heard rumors of a Xilinx-based GSM cracker, but I've never met or
spoken to anyone who has actually seen one, or anything more solid than
a rumor about the device.

						Ian.







Thread