UMTS encryption also dented
A team of Israeli cryptologists have developed an attack against the second generation mobile phone encryption standard mainly used in UMTS networks. In certain circumstances, the "sandwich attack" developed by Orr Dunkelman, Nathan Keller and Adi Shamir enables attackers to crack the A5/3 algorithm, which is also known as Kasumi, within a practical length of time.
According to the researchers, a 128-bit Kasumi session key can be derived from a data set of magnitude 226 using 230 bytes of memory in a time of 232. Due to the small values, even simulating the attack on a normal PC reportedly only took two hours. For a successful attack, however, the data needs to be encrypted using four related keys. Related keys are only allowed to differ by certain specific bits.
According to crypto expert Christian Rechberger, this makes sandwich attacks difficult to carry out in practice. Rechberger says a proper implementation of A5/3 doesn't even allow attackers to obtain two such keys. He adds that, while obtaining the keys may have been possible in old GSM systems, this has since become a known security problem. The expert says the complexity requirements of the attack may be met by a PC simulation, but would prove too difficult for a practical attack on a mobile phone conversation.
- A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony, a paper from Dunkelman, Keller and Shamir.
- 26C3: GSM hacking made easy, a report from The H.