GSM - A5 Strength

[David Wagner]

In article <E0yMtqj-0001mR-00@heaton.cl.cam.ac.uk>,
Markus Kuhn  <ukcrypto@maillist.ox.ac.uk> wrote:
> Furthermore, let's have a quick look at the security of immobile
> phone networks. [...]
> If I want to eavesdrop your telecommunications, why should
> I spend a couple of 100 000 dollars to develop attack hardware for
> the A5 encrypted radio link (sure it's possible), when I can
> use 200 dollar hardware to tap your wired phone and get probably
> the same information for 0.2 % of the cost?

Ahh, now that point I think I might be able to address, partially.

It's an issue of scale.

If I want to eavesdrop on your wired phone, I have to physically break
into stuff, and expose myself to some (very minimal) risk, and drive
all around town.  If I want to eavesdrop on 1000 people, that's not easy,
on wireline phones.

With mobile phones (and cordless phones to some extent), the incremental
cost of eavesdropping on additional people is quite low.  Snooping is
something Joe Schmoe can do from his living room couch, with beer in hand.
In other words, eavesdropping on 1000 people becomes merely a matter of
patience.  (And I estimate that perhaps nearly every US cellphone user
has had at least one of their conversations intercepted at some point.)

I like having the incremental costs of eavesdropping relatively high.
It provides safety in numbers, and increases the chances of discovering
wide-scale tapping.

(And we can talk about user interfaces for security systems.  UI folks
like to talk about the principle of least surprise.  Consumers expect
safety in numbers.  And it's probably a good thing if consumers intuitively
grasp the policy implications of emerging technology much as possible.)


I'll certainly buy your argument on the giant gap between perceived
security and real security.