Related Links

Related Stories

  • GSM 64-bit encryption standard cracked and posted to web
    Mobile hardware vendors and carriers alike will have been less than pleased to learn that a German security researcher has not only cracked the GSM A5/1 encryption standard, but posted the resulting multi-terabyte decoded tables to the internet.
  • Watch out for more mobile trojans on the horizon says Fortify Software
    Fortify Software, the application vulnerability analysis firm, says that the recent faux pas by the Symbian Foundation - in which the foundation effectively `signed' a malicious application for release on its software referencing service - is an indicator of further slip-ups on the mobile malware front in the future.
  • SafeNet report decline in mobile safety
    Although almost half of UK business workers are required to access sensitive company data on a daily basis, one in three organisations lack the required mobile security, according to information security specialist SafeNet.

Top 5 Stories


3G encryption cracked in less than two hours

13 January 2010

In a jaw-dropping piece of research, a trio of researchers have published a paper explaining how the A5/3 encryption system – which is being phased in on many 3G cellular networks around the world – can be cracked in less than two hours.

The revelation by Orr Dunkelman, Nathan Keller and Adi Shamir, details of which have been published on the internet, comes hard on the heels of a very public cracking of the A5/1 encryption system widely used on GSM handsets the world over.

Like Karsten Nohl and his team – who published details of his findings at the Chaos Computer Club conference in Berlin between Christmas and New Year – Dunkelman, Keller and Shamir have 'gone public' with their findings, apparently without reference to GSM Association, which co-ordinates such matters

The A5/3 encryption system – known as KASUMI and a derivative of the MISTY Feistel crypto methodology – is reportedly dumbed down for use with 3G handsets, where "time and and processing power are in relatively short supply."

Whilst the A5/3 system is complex, it seems the researchers have capitalised on the fact that multiple keys are combined with a recursive process to speed up the rate at which data streams are encrypted on the 3G networks.

This appears to be the fatal flaw in A5/3, Infosecurity notes, since it makes the encryption systems "faster and more hardware-friendly" and allow decryption by inputting data into the encryption process, and then looking for patterns plus numeric differentials in the resultant encrypted data stream.

The trio's research notes that the "unoptimised implementation on a single PC recovered about 96 key bits in a few minutes, and the complete 128 bit key in less than two hours".

This attack methodology – which the researchers call a `sandwich attack' – works for 7 of the 8 crypto sessions that KASUMI uses and "by using this distinguisher and analysing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only four related keys in a relatively short space of time."

"Interestingly, neither our technique nor any other published attack can break MISTY in less than (an exhaustive search), which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem", the researchers say in their abstract.

The GSM Association has not yet responded to this latest crypto breakthrough on cellular networks.


This article is featured in:
Encryption  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×