[GSMSecurity] Technion researchers crack GSM cellular phone encryption

["Will Spencer" <[EMAIL PROTECTED]>]

http://web.israelinsider.com/bin/en.jsp?enPage=ArticlePage&enDisplay=vie
w&enDispWhat=object&enDispWho=Article%5El2704&enZone=Security&enVersion=
0&


Technion researchers crack GSM cellular phone encryption
By Ellis Shuman  September 3, 2003

A team of researchers at the Technion Institute of Technology in Haifa
recently succeeded in cracking the encoding system used by 850 million
cellular phones - GSM (Global System for Mobile Communications) -
previously considered the most secure cellular system. The fault in the
GSM code could potentially allow thieves to steal calls and even
impersonate users. 

Prof. Eli Biham, doctoral student Elad Barkan, and master's degree
graduate Nathan Keller discovered a basic flaw in the encryption system
of the GSM, allowing them to crack its encoding system. The researchers
presented their research at Crypto, the 23rd Annual International
Cryptology Conference, held in Santa Barbara, California, last month.
The 450 participants at the conference were "shocked and astounded" at
the findings, the researchers said. 

"Elad found a serious fault in the security setup of the GSM network,"
Biham said. "He found that the GSM network does not work in proper
order: First, it inflates the information passing through it in order to
correct for interference and noise and only then encrypts it. At first,
I didn't believe it. We checked it, and it was true." 

Following this discovery, the three developed a system allowing them to
crack the GSM encryption code even at the ringing stage, before a
cellular call is answered. A new encryption system was recently chosen
as a response to previous attacks on encryption systems, but the
Technion researchers managed to overcome this improvement. 

The GSM encryption codes were kept as absolute secrets until an Italian
researcher by the name of Marc Briceno was able to reverse-engineer
their algorithms in 1999, Biham explained. "Since then many attempts
have been made to crack them, but these attempts required hearing the
call's content during its initial minutes in order to decrypt its
continuation, and afterward, to decrypt additional calls. Since there
was no way to know call content, these attempts never reached a
practical stage. Our research shows the existence of the possibility to
crack the codes without knowing anything about call content," he added. 

The Technion researchers sent a copy of their research to the GSM
Association so that the basic fault in the encryption system could be
corrected. The researchers also applied for a patent for their findings,
and vowed to only offer it only to legal users, such as law enforcement
agencies. 

GSM, developed two decades ago in Europe, is one of the two standards
widely used for cellular service. Today, with 850 million users, GSM
accounts for 71% of all cellular phone use in the world. 

"Someone else already demonstrated that the rival standard, CDMA [Code
Division Multiple Access], could be cracked," Biham said yesterday. "The
GSM code was considered stronger until now, but we've found a way to
crack it. I don't work for a commercial company that stands to make
profit from the discovery. I'm only attempting to check the strength of
the codes," he added. 

According to Biham, the security problem does not exist in the third
generation of cellular technology, but cellular operators will only
adopt those improvements in a few years. Until that time the only way to
solve the encryption problem, the researchers said, was to switch all
850 million cellular phones currently in use.


_______________________________________________
GSMSecurity mailing list
[EMAIL PROTECTED]
http://gsmsecurity.com/mailman/listinfo/gsmsecurity