GSM A5/1 cracking

Well, it’s finally happened. The encryption standard for GSM communications is really broken. I myself cannot wait until there is a paper released which describes the inner workings of the attack. But, it is true, it will put a very powerful capability in a lot of hands. It’s very questionable if we really want that.

3GPP (UMTS) is using A5/3, which is not currently mentioned in all the articles. Calling via UMTS is safe(r) then?

From the blackhat introduction:

11. Presentation Title: Build your own GSM interceptor for $900

Presentation Details:

This presentation is an introduction to the GSM Scanner Project. I will will present the hardware and software required to build your own GSM interceptor. I will explain how the protocol works and how to intercept GSM packets. I will show some example packets that should make us worried worried. I will then explain weaknesses in A5/1 and discuss some ideas of how to (practicaly) crack A5/1. The last part of the presentation focuses on various ideas of what else you can do with a GSM interceptor.

This presentation will open the eyes of the audience who still believe that GSM is secure. It will spark some ideas of future attack and research on the GSM network. It will explain how to use hardware for 900 USD to build your own GSM receiver. The goal of the talk is to make the audience never again make a gsm phone call without beeing worried that 3 other people are listening in and to give new ideas on how to attack a gsm network.


Ok method for memory dumping

The newsaricles all mention the fact that several well-known cryptographic products (Bitlocker, FileVault and dm-crypt) are broken because the cells inside a DRAM maintain their value through reboots (not an entire powerdown for a prolonged period of time). One of the things maintained in RAM is the cryptographic keys needed to decrypt the contents of these cryptographic protocols. It was a well-accepted belief that DRAM did not maintain its content long enough to survive a reboot. It does, so now we need different means to protect our assets in this scenario.

This will take some thinking, I guess.

Try to do anything where you consider the RAM to be corrupted. What remains is keeping the key inside the processor. That’s not entirely possible, as far as I know right now, because there is always a stage where a key is constructed (in RAM). To make that secure, it should happen inside the processor.

Challenges are nice.

Fingerprint databases

The FBI, the Dutch Government and the EU are all considering the development of large fingerprint databases. As a private person I’m not altogether happy with this decision. There are a number of reasons for this:

  • Fingerprints are quite good for solving crimes. However, the art (yes, not science) of recognizing fingerprints is dodgy, to say the least. Only recently real scientists are starting to take an interest in fingerprints. Numerous cases are known where fingerprints were used as the final evidence only to be discovered later on that they were not identified correctly. When you get larger databases the chance of an accidental match increases and more innocent people are investigated.
  • To make up for the dodgy science of fingerprints, it’s a small step to also include DNA. Currently, at least in the Netherlands, if you are convicted of a crime (IIRC, no matter what crime) you have to hand in your DNA for inclusion in the criminals database. So far so good. It increases the database and because of that also the random match in the database chance. Include innocent individuals as well and things are starting to get hairy.
  • Combine the traces with the RFID patterns left when you take the train or bus or your travelpatterns on all the camera’s noting everyone going in or out any city or highway.
  • I want to roam free. But this is only the government. Who always have a larger need for currency. What if we could sell all this information as a second source of income?
  • The DNA database can, and utimately will, be used for finding out your life expectency and vulnerability for certain diseases thus increasing your insurance premium.
  • Silly?
  • Albert Heyn (a supermarket, like Sainsbury) and Agis (an insurance company) started a cooperation last year where AH sells Agis insurance and you get a ‘health food packaged’ for free. Hey, if AH and Agis now combine their sales information it becomes obvious that they can adjust their sales to these individuals who aren’t likely to die soon because of their food-sales pattern. Now AH can boost their sales if they can tell you that your health-pattern and DNA are not good for you and you should buy such and such stuff.
  • Ok, I know I’m paranoid.

Maybe I’m being silly on the sunny day, but somewhere I have this nagging feeling that we’re progressing quite rapidly in the area of Demolition Man where society is totally controlled. But I want to roam free, without the government or an insurance company or whoever that I can’t eat a ratburger. So, to end this posting, I’ll quote Edgar Friendly:

You see, according to Cocteau’s plan I’m the enemy, ’cause I like to think; I like to read. I’m into freedom of speech and freedom of choice. I’m the kind of guy likes to sit in a greasy spoon and wonder – “Gee, should I have the T-bone steak or the jumbo rack of barbecued ribs with the side order of gravy fries?” I WANT high cholesterol. I wanna eat bacon and butter and BUCKETS of cheese, okay? I want to smoke a Cuban cigar the size of Cincinnati in the non-smoking section. I want to run through the streets naked with green Jell-o all over my body reading Playboy magazine. Why? Because I suddenly might feel the need to, okay, pal?