Cryptography Reference
In-Depth Information
Meanwhile, the prices for such equipment are in the range of less than
10 000 dollars, and it is no longer hard to find.
•
This means that man-in-the-middle attacks against cell phones are no
longer utopia, just as message forgery isn't.
•
The last point above addresses
replay attacks
, where data packets previ-
ously sent are resent to a cell phone or a base station. In a particularly
malicious attack, for example, the pretended base station sends a com-
mand to the cell phone asking the owner to send packets in unencrypted
form. The existence of this command emerged 'incidentally' during dis-
cussions on UMTS, by the way.
A GSM cell phone cannot defend itself against this type of active attack,
since signalization messages are not sufficiently protected. The base station
can check whether or not a cell phone is legal only at the beginning of a
communication, while all further packets are protected by the cipher only. For
example, a malicious attacker could prolong a victim's 0900 call (at exorbitant
rates per minute) for hours by copying the data packets in the first minute and
then sending them to the base station over and over again at a much higher
transmission rate than the cell phone.
Nevertheless, almost nothing has been changed in the GSM system to my
knowledge. But things are bound to get better with the advent of UMTS. The
ban on strong cryptography is no longer an issue, i.e., the algorithms will be
getting better and made public.
The UMTS security concept is very extensive and complicated, as you will see
when reading the text
txt/gsm/UMTS sec.pdf
on our Web site. I will mention
only a few differences here:
•
The authentication mechanism is identical with that of GSM, because the
basic principle was good, only the algorithms were too weak. The new
methods are essentially based on
KASUMI
, a variant of the hardware-
friendly
MISTY1
algorithm, developed by Matui (Mitsubishi) in 1996; it
is resistant to linear and differential cryptanalyses. KASUMI differs from
MISTY1 in that its key generation is simpler, its cryptanalysis is harder
(we know that this is not quite easy), featuring 'statistical improvements',
and higher speed as well as simpler hardware implementation. KASUMI
has been studied by expert teams, including famous names like Knudsen,
Preneel, Rijmen, and Vaudenay.
•
The 54-bit encryption of GSM was replaced by a 128-bit encryption. As
long as there are no serious weaknesses in KASUMI — and it doesn't
