Escolar Documentos
Profissional Documentos
Cultura Documentos
History of GSM
Analysis of GMR
Conclusions
Breaking GSM and GMR Voice Encryption
Benedikt Driessen
Horst-G ortz Institute for IT Security
Ruhr-University Bochum, Germany
CSE Summer School, Bochum, Germany
5.9.2012
Benedikt Driessen Breaking GSM and GMR
Motivation
History of GSM
Analysis of GMR
Conclusions
Idea of this talk
Theoretical attacks
1
Practical attacks
1
COPACOBANA; Gendrullis08
Kraken; Nohl09
Benedikt Driessen Breaking GSM and GMR
Motivation
History of GSM
Analysis of GMR
Conclusions
Attacks on A5/2
Theoretical attacks
1
Encoding is linear
Encoding d into m
= d G
Encrypting m
z
Benedikt Driessen Breaking GSM and GMR
Motivation
History of GSM
Analysis of GMR
Conclusions
Background
GMR-1
GMR-2
.. attack on A5-GMR-1
(d G) z
= 0
z)
= Hm
=0
Hz = H z
Ax
= HA
S
x = S x
2
21
guesses and 16 frames of TCH3 speech data required
Benedikt Driessen Breaking GSM and GMR
Motivation
History of GSM
Analysis of GMR
Conclusions
Background
GMR-1
GMR-2
An experiment
L
-
B
a
n
d
15 m