Silicon.fr reporting GSM crypto broken

[[EMAIL PROTECTED] (Brian Morrison)]

On Thu, 4 Sep 2003 11:44:32 +0100, Owen Blacker wrote:

>> However, it seems to me that the threat is not really from off air
>> monitoring of GSM calls but rather from our paid public servants (sic)
>> who are already able to listen in on production of whatever spurious
>> excuse they've thought of....
>
>Indeed, I agree completely.  My thoughts, though, were that a break like
>this (if it hits the mass media and people care sufficiently) might cause
>GSM to update their whole crypto with something a bit more, well, secure.
>Which would be A Good Thing(tm).

I remember that the original GSM crypto was watered down at the
suggestion of the spooks, although of course that is always denied.

>
>Not knowing all that much about phones, would it be possible for companies
>to do that with an over-the-air firmware update or would it need a hardware
>upgrade.  I'd guess the latter (just cos crypto in a phone feels like it
>ought be embedded on the chip in ROM), but I wouldn't honestly know.  Would
>any of the more telephony-minded listers care to exposit?

It might be possible to do it by issuing new SIM cards, quite a lot of
the crypto functions such as the A3 algorithm used during the
authentication phase of registering with a network are done in the
card, but when it comes to passing or generating the keys for in call
use I suspect that it relies on hardware in the various Sics used.

I never had much to do with this side of the equation, maybe someone
else knows more can comment further.....

-- 
Brian Morrison                                       [EMAIL PROTECTED]
              do you know how far this has gone?
               just how damaged have I become?
                                      'Even Deeper' by Nine Inch Nails