Re: encrypted cellphones
Well, I'm discouraged. I'm looking for strongly encrypted cellular telephones, but I can't seem to find many. Are you looking for cellphones, or cordless phones? There aren't a lot of strongly encrypted cordless phones out there, but there may be some. Digital spread spectrum is probably the best that's easy to find; other kinds of "digital" phones usually pick a not-too-busy frequency and transmit digitized voice, which is mildly secure against other people using your base unit to make their phone calls, but doesn't protect your
At 07:18 PM 1/30/96 -0500, prmoyer@magpage.com (Philip R. Moyer) wrote: privacy against anyone with digital-capable equipment. The middle ground between cordless phones and cellphones includes cordless phones with ranges of about a mile (AT&T and some other vendors have sold them); they're typically in the $300-500 range, and use spread spectrum to avoid interference to/from other phones. It also includes phone services that can handle portable phones that you have to stay in one place to use (i.e. once you start your phone call, if you go out of range your call gets dropped rather than handed off to another cell.) I'm not aware of commercial service like this in the US, but there are wireless PBXs that work this way (which can be cheaper than stringing phone wires around buildings.) Cellphones, of course, can only (usefully) use encryption if the cellular service provider uses it (i.e. if the end that's listening to your radio transmission can decode it :-) American cell-phone providers don't. The GSM phones used in much of the world have encryption, but it's apparently not very strong.
I would really like to avoid using a GAK enabled product, if there's any way to avoid it (even if it means paying lots of extra $$$).
I'm not aware of any GAKed cordless phones, though I supposed there could be such. US cellular phones don't need GAK because the government's strong-armed the standards committees into using appallingly trivial crypto - none of this strong 40-bit RC for you :-) #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 # http://www.idiom.com/~wcs
On Wed, 31 Jan 1996, Bill Stewart wrote:
providers don't. The GSM phones used in much of the world have encryption, but it's apparently not very strong.
GSM A5 security is supposed to have effective key length of 40 bits, although according to some sources 64-bit session key is used. The algorithms are not freely available, so you never know. I would say GSM security is still better than nothing. The problem is of course that only tha radio link is encrypted, not the connection out into public telephone network. Juri Kaljundi, DigiMarket jk@digit.ee
Juri Kaljudi wrote:
On Wed, 31 Jan 1996, Bill Stewart wrote:
providers don't. The GSM phones used in much of the world have encryption, but it's apparently not very strong.
As the A5 algorithm has so far not been publically disclosed, no one outside of the spook community really knows if has a backdoor or what computational effort might be involved in brute forcing it. One can certainly suppose that there was a lot of pressure to weaken it, but whether that was accomplished by installing trapdoors or simply by making special purpose hardware brute forcers simple, fast, and cheap is not known.
I would say GSM security is still better than nothing. The problem is of course that only tha radio link is encrypted, not the connection out into public telephone network.
I have seen news stories about some shady "spy-shop" type companies in England who are selling microwave receivers capable of intercepting and decoding the microwave backhaul links that connect most GSM cell sites to the mobile switching offices. Apparently even some supposedly secure GSM systems use unencrypted backhauls which can be relatively easily intercepted by someone with the right gear from places near enough the towers to have a line of sight view of them. Dave Emery die@die.com
I would say GSM security is still better than nothing. The problem is of course that only tha radio link is encrypted, not the connection out into public telephone network.
As I remember from discussions with a GSM encryption programmer (which I posted to this list months ago) GSM is secure enough to prevent real-time decryption, as keys are changed frequently using another secure protocol (A8 I believe). GSM encryption is only supposed to make people like Princess Diana more secure, that's all. This was enough for Pakistan to temporarily shut down Motorola's GSM network in Karachi last February, until they discovered they could intercept calls simpply by sitting at the base stations where they're decrypted... Rishab
Juri Kaljundi, DigiMarket jk@digit.ee
Cellphones, of course, can only (usefully) use encryption if the cellular service provider uses it (i.e. if the end that's listening to your radio transmission can decode it :-) American cell-phone providers don't. The GSM phones used in much of the world have encryption, but it's apparently not very strong.
Don't forget the more attractive option: End-to-end. Why leave the plaintext available for the cellular provider? Eric
participants (5)
-
Bill Stewart -
Dave Emery -
Eric Blossom -
Jyri Kaljundi -
Rishab Aiyer Ghosh