In all cryptography, there needs to be ample time to switch between algorithms, and even more time after the algorithms...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
are made publicly available for analysis. This public and open analysis in the cryptographic community is used to identify weaknesses in the cryptographic algorithms. The GSM industry should switch to the newer and more secure A5/3 algorithm. The GSM Association reports there are 4 billion GSM phones in use throughout the world, so this switchover will be a massive effort that won't happen overnight, and as of mid-2010, the planning doesn't appear to have even started on this massive effort. Researchers point out that "A5/1 is constantly being circumvented by intelligence, law enforcement and criminals" (pdf), so the real-world risk is the switch to A5/3 won't happen fast enough and eavesdropping on GSM phone calls could become trivial if someone has access to the hardware necessary to record the radio signals, which the GSM Association says is complex to perform, but researchers say can be assembled . Hopefully the ongoing GSM research will prompt the GSM industry to migrate as quickly as possible to show their concern for their customers' security and privacy.
Karsten Nohl's attack was generating hashes for the codebook for A5/1 and collecting the related research to show the world how risky it is to continue to use the current GSM encryption algorithm. The generated hashes for the codebook are essentially the decryption keys that can be used to decrypt the encrypted voice call and were created by hashing all of the potential encryption keys. While the GSM Association says specialized software and hardware are needed to be able to intercept calls, the researchers point out that by using the codebook, some open source projects and some hardware, someone could intercept GSM traffic (phone calls, etc) with only a radio receiver and signal processing software that the researcher specifies. The risk to enterprises is that GSM communications like phone calls or SMS messages secured using A5/1 will not be addressed before attackers are able to use it to attack their organizations.
Dig Deeper on Disk Encryption and File Encryption
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.