Cryptanalysis of the A5/1 GSM Stream Cipher
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication
Journal of Cryptology
A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A universal algorithm for sequential data compression
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2. In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 232 to 221 steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations. The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.