Cryptography Reference
In-Depth Information
cryptanalyzing A5, however, this flaw cannot be exploited easily, according to
Golic (see [GolicA5]).
The official statement of the GSM providers on this 'short key' (you can read
it in
txt/gsm/gsm press.txt
on our Web site) seems somewhat strange: on the
one hand, it mentions only the authentication code (but not the A5 cipher);
on the other hand, the free bits allegedly enabled a 'more flexible response to
technical security threats'. It can't be taken seriously
...
However, there is general agreement on the fact that only national intelligence
organizations have an interest in such an intentional reduction of security. Marc
Briceno told me that, up to the end of April 1998, there had been no single
SIM card worldwide in which the A3/A8 algorithm had
not
produced 54-bit
keys. We can only sense dimly how much national intelligence organizations,
first and foremost surely the NSA, can influence the business world and the
security of all of us. You can find more hints in Section 6.7 in connection with
the Swiss company Crypto AG, and in Section 8.2.1.
6.1.4 UMTS: People Learned Their Lessons
GSM was the first wireless communication system that used cryptography in a
mass-market product. In view of the fact that there are several hundred million cell
phone owners worldwide (the widespread SMS hype not included), the number
of encrypted messages per year might be in excess of a trillion. Considering this
number, the weak A5/1 algorithm has left the much securer DES far behind.
The network providers themselves hadn't anticipated such a success, so it
appears even more important to point to the system's weaknesses:
•
A3/A8, the algorithms used for authentication, and A5 used for encryp-
tion, are weak, as we saw in Sections 6.1.3 and 5.7.2. I think the main
reason is that the algorithms had been kept secret. Officially, the ban
on strong cryptography in some countries (like France, for example) and
export regulations played an important role.
•
The concept envisions only one algorithm for encryption, namely A5.
•
Encryption always ends up in a base station. This means that unencrypted
phone conversations also traverse non-tamperproof relay networks.
•
A cell phone within GSM has to identify itself only toward the base
station, but not vice versa. Nobody seemed to have thought of
active
attacks — the equipment required was too expensive, so they argued.
