B. Driessen, R. Hund, Carsten Willems, C. Paar, Thorsten Holz
{"title":"An experimental security analysis of two satphone standards","authors":"B. Driessen, R. Hund, Carsten Willems, C. Paar, Thorsten Holz","doi":"10.1145/2535522","DOIUrl":null,"url":null,"abstract":"General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2.\n In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 232 to 221 steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations.\n The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"46 1","pages":"10"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2535522","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 9
Abstract
General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2.
In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 232 to 221 steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations.
The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.
通用通信系统,如GSM和UMTS,十多年来一直是安全研究人员关注的焦点。最近,那些只在更具体的情况下使用的技术也成为学术研究和黑客领域的焦点。一个显著的例子是最近的工作[Driessen et al. 2012],该工作分析了现有的两个ETSI卫星电话标准GMR-1和GMR-2中无线加密的安全性。对手持设备固件进行逆向工程,恢复了之前未知的流密码A5-GMR-1和A5-GMR-2。在第二步中,对两个密码进行加密分析,导致对A5-GMR-1的纯密文攻击和对A5-GMR-2的已知明文攻击。在这项工作中,我们以以下方式扩展了上述结果:首先,我们改进了对A5-GMR-1的攻击,并将其平均情况复杂度从232步降低到221步。其次,我们实施了一个实际的攻击,成功地记录了Thuraya网络中的通信,并表明它可以用大约5000美元的适度努力来完成。我们描述了修改后的攻击的实现以及使其实用的关键方面。使用我们的窃听设置,我们记录了30秒我们自己的卫星到卫星电话的通信,并表明我们能够在半小时内恢复Thuraya会话密钥(平均)。我们用实验来补充这些结果,以强调对卫星电话的发射进行窃听的可行性。本文的目的有三个:开发和演示针对A5-GMR-1的更实际的攻击,总结GMR-1和GMR-2安全领域的当前研究成果,并阐明从开始分析复杂系统到在现实世界中实际破坏它所需要的工作量和专业知识。
期刊介绍:
ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.