Attacks on the DECT Authentication Mechanisms

Authors:
Stefan Lucks;Andreas Schuler;Erik Tews;Ralf-Philipp Weinmann;Matthias Wenzel
Affiliations:
Bauhaus-University Weimar, Germany;Chaos Computer Club Trier, Germany;FB Informatik, TU Darmstadt, Germany;FSTC, University of Luxembourg,;Chaos Computer Club München, Germany
Venue:
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Year:
2009

Citing 1
Cited 4

Differential Cryptanalysis of DES-like Cryptosystems

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology

Cryptanalysis of the DECT standard cipher

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Interactive decryption of DECT phone calls

Proceedings of the fourth ACM conference on Wireless network security
Exposing iClass key diversification

WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
FPGA implementation of an improved attack against the DECT standard cipher

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Digital Enhanced Cordless Telecommunications (DECT) is a standard for connecting cordless telephones to a fixed telecommunications network over a short range. The cryptographic algorithms used in DECT are not publicly available. In this paper we reveal one of the two algorithms used by DECT, the DECT Standard Authentication Algorithm (DSAA). We give a very detailed security analysis of the DSAA including some very effective attacks on the building blocks used for DSAA as well as a common implementation error that can practically lead to a total break of DECT security. We also present a low cost attack on the DECT protocol, which allows an attacker to impersonate a base station and therefore listen to and reroute all phone calls made by a handset.