Decrypting GSM phone calls

Motivation. GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices. The security standards for voice and text messaging date back to 1990 and have never been overhauled. Our GSM Security Project creates tools to test and document vulnerabilities in GSM networks around the world so to ignite the discussion over whether GSM calls can and should be secured. The project is summarized in this BlackHat 2010 presentation.

Recording calls. GSM data can be recorded off the air using, for example, a programmable radio such as the USRP. GnuRadio provides the tools to record channels while Airprobe’s gsm-receiver decodes the control traffic and—in scenarios where no encryption is used or where the encryption key is known—also decodes voice traffic.

Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables for a total of 2TB. Further details on cracking A5/1 using rainbow tables are provided in this white paper: Attacking Phone Privacy.

Defenses. Short term protocol patches already exists that make cracking much harder by not disclosing known plaintext unnecessarily (3GPP TS44.006, Section 5.2). These patched should be deployed with high priority. In the long term, GSM (2G) will not provide sufficient security and stronger alternatives such as UMTS (3G) and LTE (4G) should be preferred.

Tools. The following tools are used to analyze voice calls

    • GnuRadio is included in recent Linux distributions
      Recording data requires a programmable radio receiver such as the USRP
    • Airprobe is available through:  git clone git://git.gnumonks.org/airprobe.git
      Please follow this tutorialto decode GSM traffic with Airprobe
    • Kraken is available through:  git clone git://git.srlabs.de/kraken.git
      Background on Kraken’s rainbow tables are provided on the project web page
      Kraken uses rainbow tables that are available through Bittorrent.

Please use these tools carefully and never intentionally record other people’s conversations. We do encourage you to use them to test the security of your cell phone service and discuss your results on the project mailing list.

GSM cell phone calls use outdated encryption that can now be cracked with rainbow tables on a PC的更多相关文章

  1. Timing advance of GSM(时间提前量)

    基本概念 时间提前量TA(Timing Advance)的作用是为了补偿电波传输延迟,而根本目的则是为了提高信道编解码效率.由于GSM采用TDMA,每载频8个时隙,应严格保持时隙间的同步,没有TA就无 ...

  2. BlackArch-Tools

    BlackArch-Tools 简介 安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 ...

  3. The Best Hacking Tools

    The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security pro ...

  4. 各种常见文件的hex文件头

    我们在做ctf时,经常需要辨认各种文件头,跟大家分享一下一些常见的文件头.   扩展名 文件头标识(HEX) 文件描述 123 00 00 1A 00 05 10 04 Lotus 1-2-3 spr ...

  5. RFID 基础/分类/编码/调制/传输

    不同频段的RFID产品会有不同的特性,本文详细介绍了无源的感应器在不同工作频率产品的特性以及主要的应用. 目前定义RFID产品的工作频率有低频.高频和甚高频的频率范围内的符合不同标准的不同的产品,而且 ...

  6. 论山寨手机与Android联姻 【7】 MTK手机软件系统

    MTK feature phone的基本功能是通话和短信,要了解MTK手机软件系统,首先需要简要回顾几个移动网络通讯的基本概念. Figure 38. GSM-GPRS Architecture Co ...

  7. neo1973 audio subsystem

    fhttp://wiki.openmoko.org/wiki/Neo_1973_audio_subsystem using Bluetooth headset with GSM NOTE none o ...

  8. Get started with IDA and disassembly SH7058

    http://www.romraider.com/forum/viewtopic.php?f=25&t=6303 All of the 16-bit guidance in the follo ...

  9. TelephonyManager&GsmCellLocation类的方法详解

    转载:http://blog.163.com/zhangzheming_282/blog/static/117920962011101944356511/ TelephonyManager类 主要提供 ...

随机推荐

  1. 1.3 ASP.NET MVC生命周期

    ASP.NET MVC的执行生命周期主要分为三个阶段,分别是网址路由对比.执行控制器与动作.执行视图并返回结果.从ASP.NET MVC接受HTTP请求到返回HTTP响应的过程如下图所示.

  2. [Java] 数据库连接管理类

    package com.wdcloud.monitoring.common; /** * @Description: TODO * @date: 2015��11��19�� ����10:23:16 ...

  3. Jquery 操作Html 控件 CheckBox、Radio、Select 控件 【转】http://www.cnblogs.com/lxblog/archive/2013/01/09/2853056.html

    Jquery 操作Html 控件 CheckBox.Radio.Select 控件   在使用 Javascript 编写前台脚本的时候,经常会操作 Html 控件,比如 checkbox.radio ...

  4. C++中静态数据成员

    类的静态成员不能由类的构造函数来初始化.因为即使不存在类的任何对象时,类的静态成员依然存在并且可以被使用.类的静态成员也不能访问任何类的非静态成员. 类名和类对象都可以直接调用静态数据成员.因为静态数 ...

  5. 读取Cookie及Cookie所有属性操作方法

    读取Cookie及Cookie所有属性操作方法 2013-08-04 22:21:43|  分类: 技术 |  标签:cookie  |举报|字号 订阅   要把Cookie发送到客户端,Servle ...

  6. struts2视频学习笔记 11-12(动态方法调用,接收请求参数)

    课时11 动态方法调用 如果Action中存在多个方法时,可以使用!+方法名调用指定方法.(不推荐使用) public String execute(){ setMsg("execute&q ...

  7. 六个前端开发工程师必备的Web设计模式/模块资源(转)

    [导读] Yahoo的设计模式库Yahoo的设计模式库包含了很多可以帮助开发设计人员解决遇到的问题的资源,包括开发中常常需要处理的导航,互动效果及其布局网格等大家常用的组件和模块响应式设计模式库这个响 ...

  8. GridView列的排序功能

    首先要给GridView设置三个属性 GridView4.AllowSorting = true; GridView4.Attributes.Add("SortExpression" ...

  9. centos ssh配置使用

    配置 数据阶梯 CentOS SSH配置 默认CentOS已经安装了OpenSSH,即使你是最小化安装也是如此.所以这里就不介绍OpenSSH的安装了. SSH配置: 1.修改vi /etc/ssh/ ...

  10. 在 Ubuntu 上配置高性能的 HHVM 环境

    HHVM全称为 HipHop Virtual Machine,它是一个开源虚拟机,用来运行由 Hack(一种编程语言)和 PHP 开发应用.HHVM 在保证了 PHP 程序员最关注的高灵活性的要求下, ...