Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication |
| |
Authors: | Elad Barkan Eli Biham Nathan Keller |
| |
Affiliation: | (1) Computer Science Department, Technion—Israel Institute of Technology, Haifa, 32000, Israel;(2) Einstein Institute of Mathematics, The Hebrew University of Jerusalem, Jerusalem, 91904, Israel |
| |
Abstract: | In this paper we present a very practical ciphertext-only cryptanalysis of GSM (Global System for Mobile communications) encrypted
communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “unbreakable”
ciphers. We first describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air
cellular conversation and finds the correct key in less than a second on a personal computer. We extend this attack to a (more
complex) ciphertext-only attack on A5/1. We then describe new (active) attacks on the protocols of networks that use A5/1,
A5/3, or even GPRS (General Packet Radio Service). These attacks exploit flaws in the GSM protocols, and they work whenever
the mobile phone supports a weak cipher such as A5/2. We emphasize that these attacks are on the protocols, and are thus applicable
whenever the cellular phone supports a weak cipher, for example, they are also applicable for attacking A5/3 networks using
the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known-plaintext
periods, our attacks are very practical and do not require any knowledge of the content of the conversation. Furthermore,
we describe how to fortify the attacks to withstand reception errors. As a result, our attacks allow attackers to tap conversations
and decrypt them either in real-time, or at any later time. We present several attack scenarios such as call hijacking, altering
of data messages and call theft.
An earlier version of this paper appears in Barkan et al. (Advances in Cryptology, Proceedings of Crypto 2003, Lecture Notes
in Computer Science, vol. 2729, pp. 600–616, 2003). |
| |
Keywords: | GSM Cellular Ciphertext-only Cryptanalysis GPRS SMS SIM A5/2 A5/1 |
本文献已被 SpringerLink 等数据库收录! |
|