[17332] in cryptography@c2.net mail archive
Cell phone crypto aims to baffle eavesdroppers
daemon@ATHENA.MIT.EDU (Ian G)
Thu Jun 2 22:19:54 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Ian G <iang@systemics.com>
To: cryptography@metzdowd.com
Date: Fri, 3 Jun 2005 00:56:08 +0100
Cell phone crypto aims to baffle eavesdroppers
By Munir Kotadia, ZDNet Australia
Published on ZDNet News: May 31, 2005, 4:10 PM PT
An Australian company last week launched a security tool for GSM mobile
phones that encrypts transmissions to avoid eavesdroppers.
GSM, or Global System for Mobile Communications, is one of the most popular
mobile phone standards and is built to provide a basic level of security.
However, for more than five years the security has been "cracked," and
commercial scanners that can emulate GSM base stations are becoming more
common. That prompted Melbourne-based SecureGSM to launch its encryption
tool at the CeBit exhibition in Sydney last week.
Roman Korolik, managing director of SecureGSM, said that because GSM securi=
ty
was cracked so long ago, there was a lot of information and equipment
available that could be used for intercepting GSM calls.
"There are devices available for interception and decoding (GSM calls) in
real time...Although they are, strictly speaking, illegal in most countrie=
s,
you can buy them," said Korolik, who believes that these scanners are
already being used to intercept sensitive calls. "You can imagine that in
places like the stock exchange, where the traders are on their mobile
phones...there could be a few scanners there."
As far back as 1999, the security used by GSM has been questioned. In a pap=
er
published by Lauri Pesonen from the Department of Computer Science and
Engineering at Helsinki University of Technology, the GSM model was said to
have been "broken on many levels."
"The GSM security model is broken on many levels and is thus vulnerable to
numerous attacks targeted at different parts of an operator's network...If
somebody wants to intercept a GSM call, he can do so. It cannot be assumed
that the GSM security model provides any kind of security against a
dedicated attacker," Pesonen wrote in the paper.
However, additional GSM security is unlikely to be used by the masses,
according to Neil Campbell, national security manager of IT services compa=
ny
Dimension Data, who said companies are likely to have higher priorities.
"This is a security control like any other control--like a firewall or a
policy. An organization needs to believe it is appropriate for their risks
to implement this control. Obviously the military is one that you would
expect to have a need for secure communications, but I wouldn't expect the=
re
to be too many organizations in this country that would think it necessary
to encrypt their mobile phone conversations," said Campbell.
SecureGSM requires Windows Mobile Phone Edition
<http://news.zdnet.com/2100-1040_22-5697127.html?tag=3Dnl> with an ARM or
compatible processor running at 200MHz or better. It also requires 6Mb of
RAM (random access memory) and 2MB of storage space.
The SecureGSM application uses 256-bit, triple cipher, layered encryption
based on AES, Twofish and Serpent ciphers. According to SecureGSM, all of
these algorithms are considered "unbreakable" and the triple layer ensures
that "encrypted data is future proof." The product costs $188 (AU$249) for=
a
single-user license, and each "secure" device requires a license.
Dimension Data's Campbell said that companies thinking about implementing
such a solution will need to calculate how much they could lose if their
communications were intercepted.
"Share traders may need it, but this is for an organization that communicat=
es
by mobile telephone and understands that the risk of interception is
generally extremely low, but that risk is completely unacceptable," Campbe=
ll
said.
Munir Kotadia of ZDNet Australia reported from Sydney
Copyright =A92005 CNET Networks, Inc. All Rights Reserved.
http://news.zdnet.com/2100-1009_22-5726814.html
=2D-=20
Advances in Financial Cryptography:
https://www.financialcryptography.com/mt/archives/000458.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
