Camp 2007 - 1.01

Chaos Communication Camp 2007
To infinity and beyond

David Hulton
Joshua Lackey
Day 3
Room Shelter Bar
Start time 15:30
Duration 01:00
ID 2015
Event type Lecture
Track Hacking
Language English

The A5 Cracking Project

Practical attacks on GSM using GNU Radio and FPGAs

A lot of work has been done on coding together GSM support for GNU Radio and now the next question is how to get past the A5 over-the-air encryption. In this talk we will present the GNU Radio software we've thrown together which let you monitor unencrypted GSM traffic and will go over the various published attacks on A5. The primary goal of this talk is to present our findings on building a practical and feasible A5/1 cracker that can decrypt GSM communications in a reasonable amount of time.

First, this presentation will present the code that has been developed for capturing GSM traffic and how you can use it on your GNU Radio hardware. Then we'll provide a brief overview of the GSM protocols, encryption, and the past attacks on GSM, and what you can really do once you're able to start sniffing GSM packets. The other half of the talk will focus on our A5/1 cracking project and on our current findings on attacking A5/1.

Many different attacks on A5/1 have been published, but most of them haven't been extremely practical. For our purposes, the known-plaintext attacks weren't as appealing as the ciphertext-only attacks so we try to focus only on these attacks. Additionally, attacks that require more than a few months to pre-compute or a day or two to reverse a key take too long for our purposes and seem impractical. We would also like to ideally implement this attack fully passively, mostly for legal reasons, but it isn't required.

Because of these requirements, we mostly focus on time-space tradeoff attacks since they can be pre-computed ahead of time and possibly using FPGAs. Some of the most promising attacks include implementing the ciphertext-only attack published by Barkan, Biham, and Keller and other variations that essentially build a rainbowtable for reversing parts of A5/1. We have also found that FPGAs have the potential of being able to brute force the A5/1 keyspace in a reasonable timeframe so we will also present on the feasibility and the amount of hardware required to brute force the keyspace in different scenarios.

The hope is that this talk will present a technical perspective on current state of GSM security and fuel a discussion on what's to come. Now that anyone with a GNU Radio board is able to start checking out GSM traffic, what does that mean to us and our privacy? Is it possible that there are a whole new set of vulnerabilities down at the lower protocol layers? What sort of useful things can we do now? At what point are we breaking the law? A lot of these questions should be answered now that software defined radio's are becoming more prevalent. Bring your thinking caps and join in on our discussion!