Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

Published byLibby Whatley Modified over 9 years ago

Similar presentations

Presentation on theme: "GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation."— Presentation transcript:

1 GSM network and its privacy Thomas Stockinger

2 Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation Encryption: The A5 algorithm Attacks Conclusion

3 Why? From technical point of view Electromagnetic waves as communication media From customer’s point of view Privacy Cell phone cloning From operator’s point of view Billing fraud Loss of customer faith m-commerce applications

4 The GSM network 1982 – Start of design Group Spécial Mobile 1991 – Commerical start Global System for Mobile Communication Worldwide system Digital Cellular Subscriber Identity Module (SIM) Flexible design (SMS, MMS, 2.5G, 3G,...)

5

6 Security services Authentication Through challenge-response Identity protection Through temporary identification number User data protection Through encryption Signaling data protection Through encryption

7 Mobile Equipment A3 A5 A8 SIM GSM communication Encrypted data Radio Interface „over-the-air“ Base Station A3 A5 A8 K C (64 bit) Response SRES (32 bit) K I (128 bit) Challenge RAND (128bit) K I (128 bit) ?

8 Algorithms PurposeAlgorithmVariations AuthenticationA3COMP128... Key generationA8COMP128... EncryptionA5A5/0 A5/1 A5/2... Optimized for hardware Never officially published („security by obscurity“) A3 / A8 may be choosen by operator COMP128 is assumed to be only a „proof of concept“

9 Authentication: A3 Input: Random challenge RAND + Secret Key Ki Output: Signed response SRES Completely implemented in the SmartCard Ki never leaves the SIM COMP128 algorithm or variations A3 RAND (128 bit) Ki (128 bit) SRES (32 bit) SIM

10 Key generation: A8 Same algorithm as A3 Output: Cipher key Kc Only 56 bits of Kc are used A8 RAND (128 bit) Ki (128 bit) Kc (64 bit) SIM

11 Encryption: A5 stream cipher Input: 228-bit data-frame every 4.6 ms Framecounter Fn Secret Key Kc produced by A8 Clocked linear feedback shift registers (LFSRs) generate pseudo random bits PRAND Output: 114-bit ciphertext + 114-bit plaintext Same PRAND used for encoding and decoding

12 A5/1 scheme R1 1808131716 R2 0211020 R3 2201072021 Output C1 C2 C3 Clocking Unit

13 A5 sequence Zero registers 64 cycles: Shift-in Kc 22 cycles: Shift-in Fn 100 cycles: Diffuse, with irregular clocking 228 cycles: Generate output, with irregular clocking XOR PRAND and frame-data

14 A5/2 scheme R4 016371011 R1 180131716141512 R2 0212091316 R3 22 0720 21 131618 Output Majority Clocking Unit

15 Cryptanalytical attacks Algorithms kept secret After reverse-engineering, many attacks: Golic, 1997 (A5/1) Goldberg + Wagner, 1998 (COMP128) Goldberg + Wagner + Briceno, 1999 (A5/2) Biryukov+ Shamir + Wagner, 2000 (A5/1) Biham + Dunkelman, 2000 (A5/1) Ekdahl + Johansson, 2002 (A5/1) Barkan + Biham + Keller, 2003 (A5/2) COMP128 and A5/2 completely broken A5/1 very weak

16 Attacks in real life Knowledge and hardware needed Only on short distances More effective ways: Wiretapping Eavesdropping Microphones with directional effect...

17 Conclusion „Every chain is only as strong as its weakest link“ Good design, bad implementation Tradeoff because of limited hardware capabilities Future networks will use stronger ciphers 3G: A5/3 „Kasumi“ = „Misty“ block cipher Enough protection for everyday-users

18 Thank you! Questions? Thomas.Stockinger@nop.at http://www.nop.at

Download ppt "GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation."

Similar presentations

Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
Siyang Tian. TOPIC 1.SIM CARD card embedded with subscriber identity module 2. 3G network 3rd generation mobile telecommunications.

Siyang Tian. TOPIC 1.SIM CARD card embedded with subscriber identity module 2. 3G network 3rd generation mobile telecommunications.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Kingdom Special Operations SJS-KW

Kingdom Special Operations SJS-KW
GSM Security and Encryption

GSM Security and Encryption
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
GSM Security Overview (Part 3)

GSM Security Overview (Part 3)
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit

Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
AN IMPROVEMENT TO A CORRELATION ATTACK ON A5/1 H. Nikoonia, F. Amin, A. H. Jahangir Computer Engineering Department, Sharif University of Technology.

AN IMPROVEMENT TO A CORRELATION ATTACK ON A5/1 H. Nikoonia, F. Amin, A. H. Jahangir Computer Engineering Department, Sharif University of Technology.
GSM: SRSLY?. What’s coming up Overview of GSM arch & crypto –Hacking as we go... OpenBootTS-1.0 –GSM Base Station LiveCD Demo BTS is live – feel free.

GSM: SRSLY?. What’s coming up Overview of GSM arch & crypto –Hacking as we go... OpenBootTS-1.0 –GSM Base Station LiveCD Demo BTS is live – feel free.
CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.

CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.
GSM and UMTS Security.

GSM and UMTS Security.
GSM cracking ● Introduction. GSM cracking Scope of this lecture ● A (very) brief tour of GSM ● The Cryptography ● How it's possible to crack it ● What's.

GSM cracking ● Introduction. GSM cracking Scope of this lecture ● A (very) brief tour of GSM ● The Cryptography ● How it's possible to crack it ● What's.
GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.

GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.
Peter Howard Vodafone Group R&D

Peter Howard Vodafone Group R&D
BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.

BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

Similar presentations

Ads by Google