GSM MOBILE NETWORK SAFETY
Standard mobile phone calls are transmitted in encrypted form. That encryption is done by the “stream encryption method A5” which was developed in secret, but can nowadays be decrypted real time with a standard fast pc (Biryukow, Schamir, Wagner method). Thus all calls sent and received by a mobile phone can be intercepted.
Eavesdropping becomes even easier using a so-called IMSI catcher (see below) – every activated mobile phone in receiving range will automatically log into the nearest (strongest) base station of the mobile network. The IMSI catcher simulates a base station to the participants close to it it intercepts all calls and re-routes them (unnoticed by the participant) toward the ‘real’ base station.
At the same time, it will send the calls identified by the target’s identification (IMEI) to the listening post via a separate connection. Additionally, a simple order contained in the GSM standard suppresses encryption, making it possible to listen in on the call real time. On the grey market, devices of this kind are offered by retailers for mobile use at the price of several thousand pounds.
Using such a device can disturb the connection quality, as the frequencies used by the IMSI catcher are not in sync with the frequencies of the respective network.
IMSI
Each subscriber has a recognition number of up to 15 digits – IMSI (International Mobile Subscriber Identity), which is unique. It consists of a country code, a network code and a subscriber code. It is assigned to the SIM card by the network.
Through an order from the base station, the mobile phone will send the IMSI instead of a TMSI (Temporal Mobile Subscriber Identity) in order to gain information on its number and identity. The mobile phone (or, more precisely, the user’s SIM card) would be identifiable at any time. Additionally, each mobile phone has a device code, IMEI (International Mobile Equipment Identity) which is also unique.
How base stations and IMSI catchers work
With the GSM method, developed areas are always provided by several so-called base stations to assure complete coverage of the area. A mid-size town will have 10-20 base stations, depending on the network operator, each of them utilizing a different frequency. The mobile phone will seek the station that is best accessible when turned on, then keep checking during the call. In order to stabilise the connection even more, the base station will now transmit a frequency table with alternative frequencies of neighbouring base stations to the mobile phone. The phone steadily checks on those frequencies, so that it can switch quickly when needed e.g. in case of a change in location or interference in the working frequency. If one does not change locations during a call, the entire call will be accomplished on this one frequency.
For the purpose of listening in on mobile phone conversations, a portable transponder is taken near the mobile phone to be bugged and a strong signal is generated whose frequency corresponds to one of the alternative frequencies mentioned above. The phone will recognise this “better” carrier and report it to the network. A channel change to this new frequency will immediately carried out, rerouting the conversation to the transponder. The mobile to be listened in on will be recognised by its identification and encryption is turned off utilising a command contained in the GSM standard. Afterwards, all conversations taken with this mobile phone can be listened in on and recorded directly in place and/or via another connection.
At the same time, the IMSI catcher will reroute the connection to the base station via the old frequency. Neither the customer or the network would be aware of this manipulation.
Encryption and existing procedures
Cryptoanalysis is the art of getting at the content of secret data without knowledge of the keys and encryption methods. This process is called codebreaking or compromising..
In order to hide a secret message today, mathematics is used. Mathematical functions that make secret messages unrecognisable or serve to regain the message are called cryptographic algorithms.
Usually, two related functions are used, one to encrypt and one to decrypt. Modern cryptographic procedures lay their algorithms bare. Their safely is based solely on using keys. Without knowledge of the keys, no third party can read the message.
An algorithm including clear texts, ciphered texts and keys is called a cryptosystem. An essential element in judging encryption safety is the complete publishing of the crypto-algorithm, as this is the only way for the experts to analyise the cryptosystem for “backdoors” which would make unpermitted decrypting possible or for “weak spots” that would render it corruptible.
Note – In some countries e.g. USA, the only encryption procedures permitted are those that leave such “backdoors” open to the secret service. For this reason, the Sec-Tel mobile is not permitted for use in the USA and several other countries.
Existing encryption processes
The Symmetrical procedure
In this case, sender and receiver use the same (secret) key. The advantage of this is fast proceedings and no key management is necessary. The disadvantage is that anyone possessing the key can decrypt. A revealing or unnoticed loss of the key renders the encryption worthless. Also, safe transmission of the key to the communication partner casuses problems, or even the danger of non-secrecy.
There are mobile and stationary phones on the market that contain a standardised secret key built into the devices. Each device can achieve encrypted communication with the other parties without problems. However, since all these devices use the same key, there is a danger of the encrypted message being intercepted and listened in on using an identical device.
The asymmetrical procedure
In the case of the asymmetrical procedure, there are pairs of exactly two keys for each registered participant. One is the so-called private key of its proprietor, which is to be kept secret at all times, only to be used by him or her and must not be passed on to any other person.
The second key is the so-called public key of its proprietor, which is available to all communication partners as if in a directory.
Encryption is done using the addressee’s public key; decryption of the message sent is then only possible utilising the addressee’s private key. Even with the knowledge of the public key, the private key cannot be calculated. This ascertains that only the receiver – and nobody else – can decrypt the message. As an encrypted message is illegible, and therefore, cannot be manipulated, the receiver can be certain that the original message arrived. The uniqueness of the key pairs also leads to an easy yet unambiguous recognition of the communication partners.
The advantage of this method is extremely safe procedure, broad application and no direct key transmission between participants is necessary when registered in the trust centre. Also there is additional safety due to unambiguous identification of the communication partner.
The disadvantage of this system is the higher expense due to managing the public keys. Also, a lower decryption speed.
Combination of symmetrical and asymmetrical procedure (known as hybrid procedure)
The best of both worlds is achieved if both procedures are combined: A symmetrical one-time key is generated, valid only for the current communication, and safely transmitted ot the partner using the asymmetrical procedure. Encryption of the data exchange is then done utilising the symmetrical key known only to those two parties.
This approach guarantees the high speed necessary for real-time encryption and avoids the disadvantages of the symmetrical procedure while keeping the asymmetrical procedure’s advantage.
Explanation of a ‘key’
Cryptologically speaking, a key is a randomly generated character chain that can be transmitted electronically. The longer the character chain is, the safer the key will be. As in the real world, a key grants or denies access to space (message space). Daily life teaches us how saft the combination of key and lock is. There are actually no safe key/lock combinations in the real world. The only safe procedure would be like a padlock and key and only used once, then exchanged for a new pair and the old pair discarded.
|
