3G encryption cracked in less than two hours

The revelation by Orr Dunkelman, Nathan Keller and Adi Shamir, details of which have been published on the internet, comes hard on the heels of a very public cracking of the A5/1 encryption system widely used on GSM handsets the world over.

Like Karsten Nohl and his team – who published details of his findings at the Chaos Computer Club conference in Berlin between Christmas and New Year – Dunkelman, Keller and Shamir have 'gone public' with their findings, apparently without reference to GSM Association, which co-ordinates such matters

The A5/3 encryption system – known as KASUMI and a derivative of the MISTY Feistel crypto methodology – is reportedly dumbed down for use with 3G handsets, where "time and and processing power are in relatively short supply."

Whilst the A5/3 system is complex, it seems the researchers have capitalised on the fact that multiple keys are combined with a recursive process to speed up the rate at which data streams are encrypted on the 3G networks.

This appears to be the fatal flaw in A5/3, Infosecurity notes, since it makes the encryption systems "faster and more hardware-friendly" and allow decryption by inputting data into the encryption process, and then looking for patterns plus numeric differentials in the resultant encrypted data stream.

The trio's research notes that the "unoptimised implementation on a single PC recovered about 96 key bits in a few minutes, and the complete 128 bit key in less than two hours".

This attack methodology – which the researchers call a `sandwich attack' – works for 7 of the 8 crypto sessions that KASUMI uses and "by using this distinguisher and analysing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only four related keys in a relatively short space of time."

"Interestingly, neither our technique nor any other published attack can break MISTY in less than (an exhaustive search), which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem", the researchers say in their abstract.

The GSM Association has not yet responded to this latest crypto breakthrough on cellular networks.


What’s hot on Infosecurity Magazine?