[HGI-News-de] HGI Kolloquium: Don't Trust Satellite Phones - Benedikt Driessen und Ralf Hund - Donnerstag 2. Frebuar 2012

[Newsletter des Horst Görtz Instituts]

      HGI

Sehr geehrte Damen und Herren,


im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl Kryptologie und 
IT-Sicherheit (CITS), wird

_Benedikt Driessen und Ralf Hund__

_von der

        Ruhr UniversitätBochum

  am

         nächsten _Donnerstag, den 02. Februar 2012 um 11.00 Uhr s.t. in 
Raum ID 04/653

_über folgendes Thema referieren:


------------------------------------------------------------------------


  Don't Trust Satellite Phones

There is a rich body of work related to the security aspects of cellular 
mobile phones, in particular with respect to the GSM and UMTS systems. 
To the best of our knowledge, however, there has been no investigation 
of the security of satellite phones (abbr. satphones). Even though a 
niche market compared to the G2 and G3 mobile systems, there are several 
100,000 satphone subscribers worldwide. Given the sensitive nature of 
some of their application domains (e.g., natural disaster areas or 
military campaigns), security plays a particularly important role for 
satphones. In this paper, we analyze the encryption systems used in the 
two existing (and competing) satphone standards, GMR-1 and GMR-2. The 
first main contribution is that we were able to completely reverse 
engineer the encryption algorithms employed. Both ciphers had not been 
publicly known previously. We describe the details of the recovery of 
the two algorithms from freely available DSP-firmware updates for 
satphones, which included the development of a custom disassembler and 
tools to analyze the code, and extending prior work on binary analysis 
to efficiently identify cryptographic code. We note that these steps had 
to be repeated for both systems, because the available binaries were 
from two entirely different DSP processors. Perhaps somewhat 
surprisingly, we found that the GMR-1 cipher can be considered a 
proprietary variant of the GSM A5/2 algorithm, whereas the GMR-2 cipher 
is an entirely new design. The second main contribution lies in the 
cryptanalysis of the two proprietary stream ciphers. We were able to 
adopt known A5/2 ciphertext-only attacks to the GMR-
1 algorithm with an average case complexity of 232 steps. With respect 
to the GMR-2 cipher, we developed a new attack which is powerful in a 
known-plaintext setting. In this situation, the encryption key for one 
session, i.e., one phone call, can be recovered with approximately 50?65 
bytes of key stream and a moderate computational complexity. A major 
finding of our work is that the stream ciphers of the two existing 
satellite phone systems are considerably weaker than what is 
state-of-the-art in symmetric cryptography.

------------------------------------------------------------------------


Der Vortrag beginnt am Donnerstag um 11.00 Uhr s.t. im ID 04/653.

Zu diesem und sämtlichen weiteren Vorträgen im Rahmen des 
HGI-Kolloquiums sind alle Studierenden und Interessierten herzlich 
eingeladen! Eine Voranmeldung ist nicht erforderlich!

Weitere Informationen gibt es auf folgender Webseite:

http://hgi.rub.de/hgi/hgi-seminar/aktuelles/


Beste Grüße,
Saqib A. Kakvi




-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-deutschland/attachments/20120130/ce2d38dc/attachment.html>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : image/jpeg
Dateigröße  : 116679 bytes
Beschreibung: nicht verfügbar
URL         : <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-deutschland/attachments/20120130/ce2d38dc/attachment.jpe>