Why "carnivore" type systems can't be (entirely) open source

[Owen Lewis]

----- Original Message -----
From: "Ross Anderson" <Ross.Anderson@cl.cam.ac.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: 06 February 2001 17:41
Subject: Re: Why "carnivore" type systems can't be (entirely) open source


> Owen:
>
> > > * From the point of view of the large-country intelligence agencies,
> > > GSM was fine. They have access to local and international traffic in
> > > the clear anyway, and A5/2 makes tactical signint against developing
> > > countries easier.
> >
> > Nah. Only the Sharks and the Jets (or equivalent ) could be thick enough
to
> > rely on GSM for COMSEC. Tac sigint would be a profligate overkill in
> > resource allocation.
>
> Come off it. During the last couple of coups in Fiji, USUKA dispatched
> a frigate (Australian, Kiwi) to monitor stuff. You're not telling me
> they didn't listen in to what officials said on their mobiles.

More likely listening to Georgie Speight and his merry band :-)

I suppose, yes, one could consider that tac sigint and it is hardly out of
the Sharks & Jets league.

Really no need to crack the cipher though. Just fit the boat as a super size
basestation with a rather better antenna system. Deader than meat in the
market.

> (Remember that case when a Northern Ireland minister got bollocked for
> referring to Mrs Thatcher on his mobile as a cow?)

That was ETACS :-) Intercepted by a junior journo with a hand held scanner
in Parliament Sq.
>
> My book also goes into 3gpp/UMTS security and how it's not that much
> different. MITM attacks now need a false visited network, not just a
> false base station, for example. But not much has changed really, even
> if the crypto now appears to be kosher

A key change is that the handset is never off. Appart from improved target
location, this allows much improved opportunity to switch the mic in
remotely.

> > The Gaussian Modified Shift Keying with time division multiplexing
within
> > the duplexed channels, together with a degree of frequency agility, are
> > quite sufficient to stop casual eavesdropping  with no need for cipher
at
> > all. The cipher is only necessary to defeat the organisations who could
> > afford to buy pretty sophisticated technical solutions. That's not my
> > definition of casual eavesdropping.
>
> If there hadn't been cipher, then within a year or two the usual
> suspects from Taiwan would have had a scanner on the market. It would
> have been sold initially to cops and spooks for thousands but I expect
> that fairly soon it would have been in Radio Shack for a few hundred.

Agreed that technical complexity sould never be confused with security but
technical complexity does cost.

One can make fearsome bugs out of GSM mobile units and, because the units
are mass market items and sold as loss leaders, they are cheap. A decoder
would never be a mass market iten and therefore, for a similar level of
technology, the price cound never be less than four figures sterling.

The necessary demuxing of the mobile transmit freq adds further cost as will
the computer to handle the deciphering (purpose designed VLSI chips could
never be cost effective, other than a cost-no-object market). No, it would
have to rune quite comfortably into four figures.

> ..... But most of this is `technical surveillance', i.e. room
> bugs. I was referring to phone taps, which are quite different (and I
> was not including cases where one of the participants does the tap).

Not always and necessarily so different.  I have on my desk a development of
the old Italian S.35 design which adapts from room to body to line fit
simply by changing a little four way adapter that conditions the inputs.
Neat package and very tough. Old hat these days though.

> Nonetheless, Owen, I am reassured that our analyses agree on 80% or
> so of the relevant issues!

Exactly so.

Owen