GSM & A5

[Owen Lewis]

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of
> anthony.naggs@atrial.com
> Sent: 23 May 2001 15:17
> To: ukcrypto@chiark.greenend.org.uk
> Subject: RE: GSM & A5
>
> > All GSM communication uses time division multiplexed Gaussian
> Modified Shift
> > Keying. This means that even unenciphered, communications are safe from
> > unsophisticated eavesdropping (commercial cost of equipment c. 50-100K).
>
> Vulnerability of the cipher is not the same as vulnerability of the
> comms, but it is at least interesting both in the abstract.
>
> Analysing GSM communications is somewhat beyond my, (wired),
> comms knowledge.  A determined attacker will either fund the
> necessary equipment, or find another a more cost effective point of
> attack such as the unencrypted traffic on the service provider's
> backbone.

Certainly, one can buy transportable code division and time division signal
analysers they are standard tools in the wireless  communications industry.
But pimply youths can't but them from Tandy's (RIP).
>
> > For their own reasons, govts are not about to placed a voice cipher
> > equipment into the hands of the general public where that
> cipher cannot - if
> > push comes to shove, be broken. E.g. were an unfriendly country
> to adapt the
> > system to support operations of an offensive nature. Regional/national
> > variations in cipher quality would simply not address this
> point because the
> > global market in consumer items is not strictly controllable.
>
> The ciphers deployed in mobile phones are operate in a well
> defined point to multi-point network.  They are certainly difficult to
> extract and reuse for another purpose, especially in comparison to
> developing proprietary encrypted channels.

No need to. Simply buy or rip off what you need to set up an area
communication system for military use, mount the base stations on mobile
platforms and away you go. Its much what the nations with a more developed
military capability have been doing since.... oh a long time ago.

>  In the extreme
> targetting and disabling key points in a cellphone network will force
> communications onto other media.

Quite so. This would be the standard tactics were you to add electronic
jamming. Countermeasures are developed from such things as mobility,
deception, redundancy and strict discipline over use.
>

(snip)
> GSM phones support all three encryption schemes, selected from
> information broadcast by the base station.
>
> > The variation is simply a 'backdoor'? Or, de facto, we all use
> A5/0? Or, all
> > phones are built A5/X capable with a base station capable
> setting a mobile
> > to /1 /2 /0 as required?
> >
> > One is left wondering. If I had to guess, I'd opt for the last. This in
> > turn raises more questions than it provides answers.
>
> The base station equipment is (was?) produced in North America
> and Europe.  Although export rules are more relaxed now at the
> time when most GSM networks were setup the COCOM export
> rules were quite paranoid. Hence the demarkation of non-crypto
> systems to countries aligned with the USSR, and token weak
> encryption to other untrusted countries. (Allowing Western
> intelligence services to relatively discretely intercept traffic.)

Now here's a thought. In addition to broadcast of a command as to which
cipher/no cipher to use, suppose the command was addressable by cell, if not
by individual handset. I can think of some folks who would be very
appreciative of such a facility. I wonder whether anyone has yet given that
facility any consideration for UTMS?
>
> Ross's book, ("Security Engineering"), is a very good read, but I
> haven't reached his chapter on GSM yet.

It's a very good and welcome addition to the literature.

ATB,

Owen