GSM Security 2

On the previous article on GSM security here. We have briefly discussed about the network element and the network architecture of GSM, including the encryption that are widely used in GSM network.

At the end of that article as we have discussed about how the network identify the SIM (Subscriber identity module), this is an important part of the GSM security. 

At this point you must think about the algorithm that are used in GSM network, have the A3 and A8 algorithm been broken.

"Ian Goldberg and David Wagner of the University of California at Berkeley demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The A8 algorithm takes a 64-bit key, but ten key bits were set to zero. The attack on the A8 algorithm demonstrated by Goldberg and Wagner takes just 2^19 queries to the GSM SIM *Subscriber Identity Module), which takes roughly 8 hours."
                                                                                                        -www.gsm-security.net
Hacks
Now authentication center (AuC) generates RAND(128-bit random) and uses along with Ki(128-bit individual) to check the expected response of user.If the response is equal to expected response means the SIM is authentic.

Now where is the problem, The first is that the voice data is only encrypted up to the base station, which sits between the ME and the MSC. If the link between the base station and the MSC is wireless (for example, via microwave dish), the data will be sent unencrypted, and anyone with the proper sniffing equipment can gather unencrypted voice data. Another problem is that it is not unfeasible for a malicious user (or more likely, a government or security agency) to obtain a microcell, or base station, which can be configured to act as a man-in-the-middle. 



GSM Hacked Claims German Scientist Karsten Nohl


Karsten Nohl and his team claimed to break the GSM code, the 24-person team spent five months trying to decrypt the algorithm that prevents eavesdropping on GSM networks, finding allow anyone to listen the private conversion on phone. Billions of mobile user's around the world are at risk of having their calls recorded.

The team actually broken the A5/1 algorithm that used to encrypt GSM cell phone conversation.



Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.