You are on page 1of 0

Mar2008

Intercepting GSM traffic
Mar2008
Agenda
• Receiving GSM signals
• Security
• Cracking A5/1
Mar2008
GSM Netwrk
Mar2008
!"S
Mar2008
Ca#uflage !"S
Mar2008
Su##ary GSM
• GSM is ld
• GSM is $ig
• GSM / %G / &M"S / '(G' / )C(MA / *
• !ase statins all ver t+e place
Mar2008
Receiving
• Nkia %%1, / 'ricssn / "SM
• &SR-
• "I.s /MA- dev kit
• C##ercial Interceptr
Mar2008
'0a#ple 1
Mar2008
'0a#ple 1
Mar2008
Su##ary Receiving
• It.s c+eap
• It.s easy
• It.s getting easier
Mar2008
Security
Mar2008
Security
Mar2008
Security
Mar2008
C##ercial Interceptin
• Active '2uip#ent3
4 56,k 7 55,,k* /rder via internet*
• -assive '2uip#ent3
4 51M
Mar2008
Radi Security
• A5/,8 A5/18 A5/1* All $rken in 199:*
• S#e algrit+#s prprietary
• IMSI / ;catin Infr#atin clear7te0t
• <ey is artificially weakened
• <ey #aterial is reused
• N indicatin t user
• <ey Recvery Syste#s availa$le
Mar2008
SIM "lkit
• "+ere is a =>M n yur SIM?
• "+e /peratr can install prgra#s via
/"A @AA re#tely8 wit+ut yu knwingB
• Scary standard3 Invisi$le flags8 $inary
updates8 call7cntrl8 prprietary8 ****
Mar2008
Security Su##ary
• Nne
Mar2008
A5/1 Cracking
A:@<iB A:@<iB
Aut+enticate
A5@<cB A5@<cB
Cnversatin
<c <c
Mar2008
A5/1 Cracking
A5@<c8Cra#eB A5@<c8Cra#eB
-lain7te0t -lain7te0t
+ +
Cra#e Cra#e
Cnversatin
-+ne Sending t !"S
Mar2008
A5/1 Cracking
• Clck in DE7$it <c and 117$it fra#e nu#$er
• Clck fr 1,, cycles
• Clck fr 11E ti#es t generate 11E7$its
Mar2008
Cracking A5/1
• /t+er attacks are acade#ic !S*
• %7E Cra#es* Cully passive*
• C#$inatin f Rain$w "a$le attack
and t+ers*
Mar2008
Cracking A5/1
• E fra#es f knwn7plainte0t
• A5/1 is a strea# cip+er
• )e can derive E fra#es f keystrea#
utput
Mar2008
Sliding )indw
F,G1G1G,G1G,HHHHHHHHH****H*H****H*G1G,G1G1I
F DE $it Cip+erstrea# , HHH*I
F DE $it Cip+erstrea# 1 HH******I
F DE $it Cip+erstrea# 1 **HHH*I
HHHHHHHHHH*
F DE $it Cip+erstrea# 5, **HHH*I
Mar2008
Sliding )indw
• "tal f E fra#es wit+ 11E7$its
• 11E 4 DE J 1 A 51 keystrea#s per fra#e
• 51 0 E fra#es A 1,E keystrea#s ttal
Mar2008
Rain$w "a$le
DE7$its keystrea#
-asswrd ;an#an Kas+
Mar2008
Rain$w "a$le
• !uild a ta$le t+at #aps DE7$its f
keystrea# $ack t DE7$its f internal
A5/1 state
• 1,E data pints #eans we nly need
1/DE
t+
f t+e w+le keyspace
• 1
5:
A 1::81%,8%6D8151861186EE
• A$ut 11,8,,, ti#es larger t+an t+e
largest ;an#an Rain$w "a$le
Mar2008
Kw d we d t+isLL
• 1 -C
4 55,8,,, A5/1.s per secnd
4 %%81%5 years
• Currently using D: -ic '71D C-GAs
4 6185%%8%%%8%%% A5/1.s per secnd
4 % #nt+s
• !uilding new +ardware t speed t+is up
Mar2008
Kardware
Mar2008
Rain$w "a$le
• C+eap Attack @M%, #inB
4 D %5,G! Kard (rives @1"!B
4 1 C-GA @r a $tnetB
• /pti#al Attack @M%, secB
4 1D 11:G! Clas+ Kard (rives @1"!B
4 %1 C-GAs
4 Can speed it up wit+ #re C-GAs
Mar2008
Rain$w "a$le
• 1,E data pints will give us 1,E / DE A %
A5/1 internal states
• S w+at d yu d nwL
Mar2008
Reverse Clcking
• ;ad A5/1 internal state
• Reverse clck wit+ knwn keystrea# $ack t
after <c was clcked in
• )ill reslve t #ultiple pssi$le A5/1 states
Mar2008
Reverse Clcking
• Reverse all % A5/1 internal states
• "+e c##n state will $e t+e crrect ne
• &se t+e internal state and clck frward
t decrypt r encrypt any packet
• Can slve linear e2uatins t derive key
• !ut isn.t really necessary
Mar2008
Cnclusins
• "a$les will $e finis+ed in Marc+
• C##ercial versin in N1/,:
• )ill $e scala$le t w+atever decryptin
ti#e perid is re2uired
Mar2008
"+reats O Cuture
• GSM security +as t $ec#e secure*
• (ata/Identity t+eft8 "racking
• &nlawful interceptin
• Attacks n GSM Infrastructure
• Receiving and cracking GSM will
$ec#e c+eaper and easier
Mar2008
"+ank Pu?
• Steve
4 +ttp3//wiki*t+c*rg/gs#
• (avid Kultn
4 +ttp3//www*picc#puting*c#
4 +ttp3//www*pencip+ers*rg
• NuestinsL