GSM - A5 Strength

Markus Kuhn Markus.Kuhn at cl.cam.ac.uk
Wed, 08 Apr 1998 13:21:03 +0100 

Alec Muffett - SunLabs wrote on 1998-04-08 10:48 UTC:
>  >Why is there so much discussion about the security of GSM, which has a
>  >fairly well protected radio link, while many people use at home an
>  >analog cordless phone with either no encryption at all or a silly
>  >analog frequency inversion scheme that every owner of a scanner and a
>  >PC soundcard can descramble instantly?
> 
> Since most analogue cordless phone base-stations operate around
> 1600KHz FM, you wouldn't actually need a sexy VHF/UHF scanner to
> receive them.

Furthermore, let's have a quick look at the security of immobile
phone networks. The cable of your telephone connection is publicly
available in a small box around the next street corner to everyone
who has a suitable mechanical key (and these are usually master keys for
a whole city to which many people have access). These connection boxes
have usually a quite big interior (at least the ones in Germany I have
seen, where even the street addresses are nicely labeled inside),
such that it is easy to place there a transmitter or a tape recorder
and connect it to one or even many lines. Power supply is readily available
as well, so you do not even need a battery. You can retrieve the device
after a few weeks before it becomes likely to be discovered by a
technician. If I want to eavesdrop your telecommunications, why should
I spend a couple of 100 000 dollars to develop attack hardware for
the A5 encrypted radio link (sure it's possible), when I can
use 200 dollar hardware to tap your wired phone and get probably
the same information for 0.2 % of the cost?

Paul is right: Since tapping a normal phone is so trivial and lacks
so much academic challenge, few people perceive it as a risk in
paranoia discussions on mailing lists. Perception of risk is first of
all a marketing issue. You can't publish a scientific paper on tapping
phones in any respected crypto journal (not even in the NY Times :),
so it is not exciting and nobody talks about it. The other side of
this argument is that strong cryptography such as PGP gives people
a false perception of security, because people start to trust the
strongest link in the chain.

There is a huge gap between perceived security and real security in
telecommunications. "Everyone" knows today thanks to the press that
eavesdropping email is easy. I consider eavesdropping normal telephones
and bugging rooms to be an order of magnitude less complicated technically
than eavesdropping email.

Markus

-- 
Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org,  home page: <http://www.cl.cam.ac.uk/~mgk25/>