tubage1234的博客 - 圈网你我他

博客

<%@ page pageEncoding="GBK" %>

Cracking GSM encryption just got easier ( 2008-12-7 10:36 )

For all intents and purposes most everyone including the GSMA—an organization representing most of the mobile phone operators—considered and still considers GSM very secure. In reality A5/1, the technology used to encrypt GSM communications has been vulnerable for at least a decade. The sense of security seems to be based on the fact that the original attack venues require a great deal of computing power, time, and therefore money to accomplish the crack. So an organization would have to be particularly motivated to even want to crack GSM traffic. Care to guess who has enough motivation?

It appears that researchers David Hulton and Steve Miller have recently developed techniques to greatly reduce the time and required computing power needed to crack A5/1 encryption. The two researchers have even patented their work personally. The efficient modifications of the original crack open all sorts of doors making it easier for both black and white hat types to decode GSM conversations. Because of the implied uses for this technology, I was hoping to find out what motivates people to do this kind of research as it is certainly controversial.

Purpose?

Both Hulton and Muller claim that their goal was to bring attention to the inherent weakness in GSM A5/1 encryption and some agree with them. Bruce Schneier a well-known security expert is in accord and mentions:

“The new technique may serve as a wake-up call for mobile carriers, which have long been in denial about the vulnerabilities of GSM security. This is a nice piece of work, but it isn’t a surprise,” he says. “We’ve been saying that this algorithm is weak for years. The mobile industry kept arguing that the attack was just theoretical. Well, now it’s practical.”

Others, who are more cynical point out that Hulton works for Pico Computing. The company makes field-programmable gate arrays (FPGA) which are the high end processors needed to speed up the decryption process. The same people also mention that Muller works for CellCrypt, which specializes in encryption products for cell phones.

The attack process

The initial step is to learn the subscripttion identification number and equipment ID of the target phone. That can be accomplished by initiating a phone call to the target phone. Since this information is sent in the clear, it can be easily obtained using the appropriate receiver. An alternative method is to wait for the target phone to originate a phone call and receive the required information when the phone contacts the provider’s closet cell tower. With this information the attacker then has the capability to focus on calls from that specific phone. The ability to obtain this—unique to each cell phone—information is where many experts are a bit miffed at the mobile carriers, since the GSM technical specification mentions that this information should be encrypted as well.

The next step is very similar to what is required to crack WEP. The cell networks send enough plain text frames repeatedly, which when obtained and recorded allows the attacker to use the all too familiar “Rainbow Tables” attack. Then it is just a matter of time until the encrypted conversation is converted to useable information.

Final thoughts

It once again points out the axiom that any voice or data communications traveling over the public airwaves should be considered public. For more details about the findings, the article “Research May Hasten Death of Mobile Privacy Standard” in the Washington Post or the article “Wiretapping Made Easy” at Forbes.com maybe of interest.

[0]阅读 | [0]评论 | 推荐 | 引用 | 置顶 | 编辑 | 删除 | 宗教

台政坛加密手机想破译需花10年 ( 2008-12-7 10:10 )

新快报讯 (钟新) 如今，政治人物间的通信保密显得格外重要，比如在博鳌论坛期间，根据透露，当时的台当局“副总统”当选人萧万长就有一个“国安局”支持的保密手机。

　　据透露，萧万长在4月份出席博鳌论坛时，就靠这一个保密手机和马英九秘密通话。侦防专家李浩纶称：“这种加密手机基本上是一对一，也就是所谓的点对点，它只能够是A针对B这种形式的特定对象通话。”

　　最高等级的加密手机产自瑞士，1组2个要价新台币74万(约合人民币18.5万元)，而且必须出示证明才能买，传言有台湾高层曾想买被拒绝。关于加密手机的原理，就如同一般手机会先将音源编成信号传送，再译码还原，而加密手机在编码过程，则会产生超过上亿组的“扰码”，传统情报就算拦截到电波，撷取到的也只是某种噪音。

　　李浩纶称：“只要有加密就可以解密，加密手机的好坏，取决于它被解密的时间长短，1亿多组密码的加密手机，也许你要破译它的时间至少就得10年。”

……

查看全文

[2]阅读 | [0]评论 | 推荐 | 引用 | 置顶 | 编辑 | 删除 | 宗教