Mobile encryption is already broken

BIG BROTHER can rest easy in the knowledge that even the next generation of mobile encryption can be broken.

Currently the communications link between the handset and the radio base station during a GSM phone conversation is scrambled using the A5/1 and A5/2 stream ciphers - algorithms that are more than 20 years old and have been proven to be cryptographically weak.

These are set to be replaced in 3G networks at come as yet undetermined point in the future by a new A5/3 block cipher called Kasumi, a variant of the existing Misty cryptosystem.

However a recent report (PDF) by researchers at the Faculty of Mathematics and Computer Science at Weizmann Institute of Science in Israel suggests that it is this new system is already theoretically able to be compromised using a method dubbed a 'sandwich attack'.

According to the paper: "We start with a description of the basic (related-key) boomerang attack, and then we describe a new framework, which we call a (related-key) sandwich attack, that exploits the dependence between the underlying differentials to obtain a more accurate estimation of the probability of the distinguisher. Finally, we describe the chosen plaintext variant of the attack, which we call (related-key) rectangle-like sandwich attack."

20 pages of complex mathematics later and we're assured that the stream can in fact be broken with an amazingly high probability of 2 to the power of minus 14.

According to the researchers, the sandwich attack they use means they can simulate the attack in less than two hours on a single PC.

Interestingly, the approach doesn't work on Misty, suggesting that the GSM Association's planned transition from Misty to Kasumi could lead to a much weaker cryptosystem.

The GSMA is quick to point out that even the published works on compromising the A5/1 algorithm are only theoretical and that none have led to a practical attack that can be used on live, commercial networks.

The GSMA is set to meet next month to discuss the matter. µ