GSM Encryption Code Cracked

Posted on 28. Dec, 2009 by Katonda News Network

The big brother is always listening, no matter how quietly you speak. In case of cell phones, considering the encryption technology used by most of the GMS operators, it is like speaking on a public addressing system.

To bring this to the notice of the concerned bodies, Karsten Nohl started the most ambitious attempt to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl intended to go one big step further and planned to make the keys available to everyone on the Internet.
 
At the second day of the Chaos Communication Congress, he informed that he had cracked the code and published it for others to read and review. The GSM Association doesn't seem to be very happy with this development. According to NY Times, a GSM spokesperson told the newspaper that Nohl's activity is illegal in the UK and the United stated and that it was not in good faith -- " To do this while supposedly being concerned about privacy is beyond me.”
 
Security by obscurity is not considered to be a secure model. The best model is to double check all the locks and not to hide the locks you have. As Linus Torvalds, the creator of Linux said, "Given enough eye-balls all bugs are shallow." It is better to have security by design than Security through obscurity.
 
GSM cracking has a long history, which began in the late 1990s in academic circles and has since sprouted a handful of commercial businesses. Today, these companies legally sell GSM call-interception solutions–which are relatively expensive–mostly to government intelligence agencies. In general, supplying and using this software is illegal in the wider market, but no one can say for certain how many groups have illegally gained access to the technology.
 
That’s the point Nohl hopes to drive home: The A5/1 algorithm is a broken 64-bit encryption technology, a relic of the Cold War era, when laws prohibited the export of strong encryption technology from the United States. It needs to be replaced–ideally by the much stronger, 128-bit A5/3 system, which is already being used in newer-generation digital cellular systems, such as Universal Mobile Telecommunications System (UMTS). “If you go from the 64 bits of the A5/1 cipher to the 128 bits of A5/3,” says Nohl, cracking requires an amount of memory storage that is beyond what “is available on earth.”
 
A big problem with plugging the GSM encryption hole, according to the security expert, is that operators are unwilling to admit that a problem even exists. Many want to avoid spending additional money on upgrading aging and amortized GSM infrastructure, he says. The GSM Association, which represents the interests of GSM mobile operators around the world, says only that it is aware of various eavesdropping projects. In the same breath, it points to the complexities of identifying and recording calls from RF signals. 
 
Karsten Nohl currently lives and works in Berlin. He has been a graduate student at the University of Virginia from 2005 to 2008. His PhD thesis proposes techniques for realizing Implementable Privacy for RFID Systems. His current research focuses on cryptography for small devices and touches on microchip security, privacy protection, and the economics of information.