Re: [GSMSecurity] GSM security flaw uncovered

[Steven Murdoch <[EMAIL PROTECTED]>]

The paper in question is due to be published in Springer LNCS 2729
however this does not seem avilable on the web yet. For those who have
not read the paper, you may be interested in taking a look at the copy
which has been uploaded to Cryptome:

 http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 233KB)

"Instant Ciphertext-Only Cryptanalysis of GSM Encrypted
Communications" by Elad Barkan, Eli Biham, Nathan Keller.

Abstract:

"In this paper we present a very practical ciphertext only
cryptanalysis of GSM encrypted communications, and various active
attacks on the GSM protocols. These attacks can even break into GSM
networks that use "unbreakable" ciphers. We describe a ciphertext-only
attack on A5/2 that requires a few dozen milliseconds of encrypted
off-the-air cellular conversation and finds the correct key in less
than a second on a personal computer. We then extend this attack to a
(more complex) ciphertext-only attack on A5/1. We describe new attacks
on the protocols of networks that use A5/1, A5/3, or even GPRS. These
attacks are based on security flaws of the GSM protocols, and work
whenever the mobile phone supports A5/2. We emphasize that these
attacks are on the protocols, and are thus applicable whenever the
cellular phone supports a weak cipher, for instance they are also
applicable using the cryptanalysis of A5/1. Unlike previous attacks on
GSM that require unrealistic information, like long known plaintext
periods, our attacks are very practical and do not require any
knowledge of the content of the conversation. These attacks allow
attackers to tap conversations and decrypt them either in real-time,
or at any later time. We also show active attacks, such as call
hijacking, altering data messages and call theft."

Steven Murdoch.
_______________________________________________
GSMSecurity mailing list
[EMAIL PROTECTED]
http://gsmsecurity.com/mailman/listinfo/gsmsecurity