Security experts poke theoretical holes in 3G encryption

Security researchers on Wednesday suggested that the future encryption protocol deployed to protect 3G (UMTS/WCDMA) phone calls is as weak as the existing, and potentially flawed, system used for 2G telephony.

James Middleton

January 14, 2010

2 Min Read
Security experts poke theoretical holes in 3G encryption
Security experts poke theoretical holes in 3G encryption

Security researchers on Wednesday suggested that the future encryption protocol deployed to protect 3G (UMTS/WCDMA) phone calls is as weak as the existing, and potentially flawed, system used for 2G telephony.

A trio of security researchers from the Faculty of Mathematics and Computer Science at the Weizmann Institute of Science, Israel, said Wednesday that they had come up with a theoretical attack capable of cracking the encryption used on 3G telephony in two hours, using the processing power of a single PC.

At the end of December, another security researcher published material that he claimed is capable of cracking the 20 year old encryption cipher used to protect 2G GSM telephony. This could be carried out with a single high end PC and a few thousand pounds worth of radio kit, according to German security researcher Karsten Nohl.

This suggests that both encryption algorithms are as weak, or as strong, as each other and could be broken with equal resources. But like all these claims, the problem is that they’re largely theoretical and are not known to have led to a practical attack. The fact that the cracking of encryption ciphers sits in a legal grey area also doesn’t help.

2G GSM phone conversations are currently protected by the 22 year old A5/1 and A5/2 ciphers, which even before Nohl got involved, have been repeatedly shown to be cryptographically weak. These will replaced in 3G networks by a new A5/3 cipher called Kasumi, which is a modified version of the Misty cryptosystem.

But the Israeli researchers, Orr Dunkelman, Nathan Keller, and Adi Shamir, claim that the modifications made by the GSM Association to the Misty system, in order to create Kasumi, which is more hardware friendly – a useful feature for deployment on mobile devices – make the cryptosystem substantially weaker. In fact, their theoretical attack would not work on the Misty system at all.

According to the researchers, the A5/3 algorithm (Kasumi) is already implemented in about 40 per cent of three billion available handsets, leaving 60 per cent of the world’s mobile user base using the older security algorithms. Once fully adopted, A5/3 will become one of the most widely used cryptosystems in the world, and its security will become one of the most important practical issues in cryptography, which makes the findings of this kind of research a concern.

The GSM Association is understood to be looking at speeding up the transition to A5/3 in a bid to improve security, but this and related matters are set to be discussed in a meeting that will be held in February.

About the Author

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like