Monday, January 11, 2010

Cell Phone GSM Ciphers Dropping Like Flies

With news that the KASUMI cipher, used to encrypt 3G GSM communications, has been broken, I'm beginning to wonder if anything transmitted wirelessly can be secured appropriately.

KASUMI is also known as A5/3, and word of its defeat comes just weeks after we learned that another cipher, A5/1, was also broken. Once again, related key attacks have proven successful.

From Emerging Chaos:

KASUMI is a modified version of the MISTY cipher. The KASUMI designers made MISTY faster and more hardware friendly by changing the key schedule and modifying some internal parameters. However, they also made it vulnerable to related key attacks.

Of all the weaknesses that a cipher can have, related key attacks are the ones to worry about least. Operationally, crypto engineers know that they should never reuse keys and when in doubt just pull another one off of the random number generator. Consequently, this doesn't mean that the guys at Weizmann Institute of Science are listening to 3G calls.

Nonetheless, related key attacks are bad to have because implementers do screw up, and related key attacks indicate that the cipher designers didn't have as tight a handle on things as they thought they did. It is no cause for panic, but it is no cause for either warmness or fuzziness (particularly since the DKS team point out that the KASUMI designers wrote that they'd taken care of related-key issues when they simplified MISTY into KASUMI).

Bruce Schneier calls this "lazy cryptography", and as more communication is moved to cellular networks, the need for highly-secure encryption solutions will grow. And the attackers will go where the traffic flows.

Hopefully, back-to-back cipher breaks will be a wakeup call to the digital security community, and we'll see some serious efforts to upgrade the environment.

No comments:

Post a Comment

Please tell me what you think.