From: k_fluoride@venona.freeserve.co.uk (Klaus Fluoride) Subject: Re: mobile phone encryption Date: 1999/02/01 Message-ID: <36b5d51b.8497102@news.freeserve.net>#1/1 References: <791v53$7oq$2@news6.svr.pol.co.uk> <7949l4$8g6$1@jura.cc.ic.ac.uk> X-Complaints-To: abuse@theplanet.net X-Trace: news4.svr.pol.co.uk 917888791 4774 62.136.138.17 (1 Feb 1999 17:06:31 GMT) Organization: Project Venona - UG Research BBS (24:00 - 09:00 GMT) NNTP-Posting-Date: 1 Feb 1999 17:06:31 GMT Newsgroups: alt.ph.uk On Mon, 01 Feb 1999 13:19:33 GMT, sj@nospam.post1.com (Steve) wrote: > >On a GSM system, the "key" changes every time - the phone cannot send the real >key over the air, so the system works on a challenge / response method: Actually, the IMSI is sent to the AUC and VLR databases via the MSC _in_the_clear_ before A5 encryption of the radio path commences. The IMSI is an essential key to the generation of RAND, SRES, Ki and Kc. Afterwards, a psudo IMSI or TMSI is used for all further authentication, and is changed using a similar hopping algorithm to that used in Cableless Local Area Networks. Not only this, but it passes along the radio channel under A5. You'll need a microwave receiver to grab the inter-node communications, either that, or have a kilostream or similar leased line interface AUI. > >1. Base station sends a random number to the phone. The AUC generates a set of 'tuples' or authentication keys which are checked on the client side using A3/A8. The Base station is merely an entry point into the network, further controlled by a remote processor host or BSC. The challenge travels thus: MS-BTS-BSC-MSC-AUC-MSC-BSC-BTS-MS | | Clear Transmission Challenge Authentication Where: AUC Authentication Center MSC Mobile Switching Center BSC Base Station Controller BTS Base Transceiver Station MS Mobile Station >2. Phone encrypts this random number with its key and sends it back >3. A physically secure authentication server at the mobile company's HQ also >encrypts the random number with its stored copy of the phone's key. It >compares this encrypted number with the one received from the phone and if >they're the same, the phone is authenticated. > >I can't remember how they then initiate an encrypted exchange of data, but >suffice to say that nothing interesting is ever broadcast unencyphered. Wrong. With the right hardware, you can harvest IMSI numbers from the air and generate authentication requests with white/grey listed hardware. You could build the hardware to generate A3/A8 challenge responses on an embedded system, and whap that in the ass of the phone or on a seperate box. > >The point of all this is that even by cloning a base station, you'd only ever >be able to get encrypted random numbers back from the phone Aha, now, here's where grabbing the IMSI becomes an advantage. After all, the phone has to communicate in the clear at startup to establish a secure path with the network - the storage overhead for an individual dedicated auth path for each phone would just be ludicrous given the scale of use today. > =- effectively what >the CCC use in their GSM SIM-card crack. And that takes about 24 hours. Make >it about a week to crack a SIM over the air, and you're talking about a fairly >high probability of detection. The phone probably times out after a hundred >or so failures, anyway... > >Steve : "Voice of Reason" :-) > >---------------- >To reply by email, remove "nospam" from email address. I'm not attacking you, BTW - just starting a thread. It's good to see some interest in GSM at last. If I'm wrong on any point folks, please correct me. GSM can be hacked - the hardware may be a little over budgeted, but that doesn't mean it's impossible. L8r