Cryptography Reference
In-Depth Information
Consequently, conversations in the D- and E-Plus wireless networks are much
more secure, compared with conventional wireline networks, for several rea-
sons. First, a 'hacker' can't get hold of the line as easily as they can get to your
telephone distribution panel in the basement, since base stations are intercon-
nected by radio relay or fiberglass cables. Second, he cannot run up your phone
bill as easily as in a wireline network, because digital networks authenticate
their users. We will get back to this issue in Section 6.1.3.
However, governments (and naturally all national intelligence agencies) can lis-
ten in on your conversations in spite of it all. The government may tap base sta-
tions. Though this was not possible when the D-networks were introduced, the
software was meanwhile changed at high cost upon the government's request.
A weak ciphering algorithm could be a theoretical threat to the confidentiality
of the communication within the D-network. And this is exactly the case. We
will be dealing with the A5 algorithm in the following, because it concerns an
important field: ciphering by means of shift registers.
LFSRs and the A5 Algorithm
All kinds of interesting rumors are woven around the A5 algorithm. I partic-
ularly refer to messages posted in the
sci.crypt
newsgroup on June 17, 1994,
which you can read on our Web site (see A.1,
algor/A5
directory). In the mid-
1980s, people discussed whether A5 should be strong or weak. Germany voted
in favor of a strong algorithm, since the Iron Curtain was very close back then.
Other countries feared an export ban to the Middle East due to the cryptography
used. The outcome was a stream cipher designed in France, which is obviously
weak. This very circumstance seems now to restrict its export.
2
Though A5 was kept secret for a long time, it eventually leaked to the Inter-
net over several channels (including Bradford University in Great Britain).
Dr Simon Shepherd of Bradford University wanted to lecture on a cryptanal-
ysis of this algorithm at an IEE colloquium to be held in London on June 3,
1994. However, his lecture was prevented at the very last minute. In 1997,
Jovan D. Golic presented another analysis at the EUROCRYPT [GolicA5], but
revealing the session key remained a costly enterprise, as it turned out. So
there was something out there to get credit for after all! The reduction of the
key length to 54 bits (see also Section 6.1.3), which wasn't discovered until
April 1998, could not be used in his cryptanalysis, as Golic himself stated. But
2
However, this is not a typically European problem — think of the 160-bit Vigen ere cipher
for US mobile phones (end of Chapter 3).
