Mar2008

Intercepting GSM traffic

Mar2008
Agenda
Receiving GSM signals
Security
Cracking A5/1
Mar2008
GSM Netwrk
Mar2008
!"S
Mar2008
Ca#uflage !"S
Mar2008
Su##ary GSM
GSM is ld
GSM is $ig
GSM / %G / &M"S / '(G' / )C(MA / *
!ase statins all ver t+e place
Mar2008
Receiving
Nkia %%1, / 'ricssn / "SM
&SR-
"I.s /MA- dev kit
C##ercial Interceptr
Mar2008
'0a#ple 1
Mar2008
'0a#ple 1
Mar2008
Su##ary Receiving
It.s c+eap
It.s easy
It.s getting easier
Mar2008
Security
Mar2008
Security
Mar2008
Security
Mar2008
C##ercial Interceptin
Active '2uip#ent3
4 56,k 7 55,,k* /rder via internet*
-assive '2uip#ent3
4 51M
Mar2008
Radi Security
A5/,8 A5/18 A5/1* All $rken in 199:*
S#e algrit+#s prprietary
IMSI / ;catin Infr#atin clear7te0t
<ey is artificially weakened
<ey #aterial is reused
N indicatin t user
<ey Recvery Syste#s availa$le
Mar2008
SIM "lkit
"+ere is a =>M n yur SIM?
"+e /peratr can install prgra#s via
/"A @AA re#tely8 wit+ut yu knwingB
Scary standard3 Invisi$le flags8 $inary
updates8 call7cntrl8 prprietary8 ****
Mar2008
Security Su##ary
Nne
Mar2008
A5/1 Cracking
A:@<iB A:@<iB
Aut+enticate
A5@<cB A5@<cB
Cnversatin
<c <c
Mar2008
A5/1 Cracking
A5@<c8Cra#eB A5@<c8Cra#eB
-lain7te0t -lain7te0t
+ +
Cra#e Cra#e
Cnversatin
-+ne Sending t !"S
Mar2008
A5/1 Cracking
Clck in DE7$it <c and 117$it fra#e nu#$er
Clck fr 1,, cycles
Clck fr 11E ti#es t generate 11E7$its
Mar2008
Cracking A5/1
/t+er attacks are acade#ic !S*
%7E Cra#es* Cully passive*
C#$inatin f Rain$w "a$le attack
and t+ers*
Mar2008
Cracking A5/1
E fra#es f knwn7plainte0t
A5/1 is a strea# cip+er
)e can derive E fra#es f keystrea#
utput
Mar2008
Sliding )indw
F,G1G1G,G1G,HHHHHHHHH****H*H****H*G1G,G1G1I
F DE $it Cip+erstrea# , HHH*I
F DE $it Cip+erstrea# 1 HH******I
F DE $it Cip+erstrea# 1 **HHH*I
HHHHHHHHHH*
F DE $it Cip+erstrea# 5, **HHH*I
Mar2008
Sliding )indw
"tal f E fra#es wit+ 11E7$its
11E 4 DE J 1 A 51 keystrea#s per fra#e
51 0 E fra#es A 1,E keystrea#s ttal
Mar2008
Rain$w "a$le
DE7$its keystrea#
-asswrd ;an#an Kas+
Mar2008
Rain$w "a$le
!uild a ta$le t+at #aps DE7$its f
keystrea# $ack t DE7$its f internal
A5/1 state
1,E data pints #eans we nly need
1/DE
t+
f t+e w+le keyspace
1
5:
A 1::81%,8%6D8151861186EE
A$ut 11,8,,, ti#es larger t+an t+e
largest ;an#an Rain$w "a$le
Mar2008
Kw d we d t+isLL
1 -C
4 55,8,,, A5/1.s per secnd
4 %%81%5 years
Currently using D: -ic '71D C-GAs
4 6185%%8%%%8%%% A5/1.s per secnd
4 % #nt+s
!uilding new +ardware t speed t+is up
Mar2008
Kardware
Mar2008
Rain$w "a$le
C+eap Attack @M%, #inB
4 D %5,G! Kard (rives @1"!B
4 1 C-GA @r a $tnetB
/pti#al Attack @M%, secB
4 1D 11:G! Clas+ Kard (rives @1"!B
4 %1 C-GAs
4 Can speed it up wit+ #re C-GAs
Mar2008
Rain$w "a$le
1,E data pints will give us 1,E / DE A %
A5/1 internal states
S w+at d yu d nwL
Mar2008
Reverse Clcking
;ad A5/1 internal state
Reverse clck wit+ knwn keystrea# $ack t
after <c was clcked in
)ill reslve t #ultiple pssi$le A5/1 states
Mar2008
Reverse Clcking
Reverse all % A5/1 internal states
"+e c##n state will $e t+e crrect ne
&se t+e internal state and clck frward
t decrypt r encrypt any packet
Can slve linear e2uatins t derive key
!ut isn.t really necessary
Mar2008
Cnclusins
"a$les will $e finis+ed in Marc+
C##ercial versin in N1/,:
)ill $e scala$le t w+atever decryptin
ti#e perid is re2uired
Mar2008
"+reats O Cuture
GSM security +as t $ec#e secure*
(ata/Identity t+eft8 "racking
&nlawful interceptin
Attacks n GSM Infrastructure
Receiving and cracking GSM will
$ec#e c+eaper and easier
Mar2008
"+ank Pu?
Steve
4 +ttp3//wiki*t+c*rg/gs#
(avid Kultn
4 +ttp3//www*picc#puting*c#
4 +ttp3//www*pencip+ers*rg
NuestinsL