`Sunday Times' article on GSM changes
Thought I'd forward this. ----- Begin Included Message -----
From libernet-request@dartmouth.edu Wed Feb 3 18:51:12 1993 Resent-Message-Id: <4fQ2vaH0BwxI41u9ED@transarc.com> Resent-Date: Wed, 3 Feb 1993 15:45:26 -0500 (EST) Resent-From: Lyle_Seaman@transarc.com Resent-To: libernet@dartmouth.edu X-Andrew-Widereply: netnews.sci.crypt Newsgroups: sci.crypt Path: andrew.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!howland.reston.ans.net!usenet.ins.cwru.edu!agate!doc.ic.ac.uk!rhbnc!andy From: andy@csqx.cs.rhbnc.ac.uk Subject: `Sunday Times' article on GSM changes Organization: RHBNC Date: Tue, 2 Feb 1993 16:07:01 GMT Lines: 94 Sender: libernet-request@dartmouth.edu X-Mailing-List: libernet@Dartmouth.EDU Content-Length: 4387
Having finally managed to track down a copy of last Sunday's `Sunday Times', here is the text of the article describing changes to the GSM mobile communications standard. The A5 `scrambling code' refered to in the article is the stream cipher between the mobile and base stations, which uses a 64-bit key derived from an initial authentication exchange. Whilst it's not exactly secret, as many people involved with developing GSM need to know the details, it is covered by non-disclosure agreements. `New Scientist' also have an article on GSM in this week's issue. andy -- `The Sunday Times', 31 January 1993. Main section, p. 12. (Home News) SPYMASTERS ORDER REDESIGN OF `TOO SECURE' MOBILE PHONES by Christopher Lloyd [Cartoon of a ridiculous mobile handset with various antennaea and dishes protruding. It is being held by a dismayed, purple-suited, man whilst a sign reads: "New! GCHQ-approved mobile phone".] The next generation of mobile telephones has proved so secure against tapping that it is to be made less safe on the advice of the intelligence services. The phones, based on coded digital technology, will have their technology modified so that spies can continue to eavesdrop on private conversations. The changes, ordered by a European Community (EC) telecommunications committee in Brussels, are being made at the insistance of European governments, including Britain's. They fear that surveillance operations against drug barons, the criminal underworld and foreign powers could be undermined. Digital mobiles phones, based on a system called GSM, are already replacing standard analogue networks across the world. They are equipped with a sophisticated scrambling code called A5, offering protection from interception equivelant to many military systems. It is this code that is to be replaced by one called A5X, to allow undercover eavesdropping to continue. Last week a Department of Trade and Industry spokesman confirmed changes were being introduced to make it easier for security agencies - ranging from GCHQ, the British government's listening post near Cheltenham, to the FBI in America - to eavesdrop. "Alternatice coding is being developed for the reasons you have outlined," he said. "There is a general desire for this among the governments of Europe." The department, which issues export licenses for the phones, is particularly concerned that the original A5 technology should not be sold to countries that may adapt it for military applications. In America, the FBI has voiced similar concern. Nestor Michnyak, spokesman for the FBI headquarters in Washington, said that digital technology was advancing so fast that counter-surveillance was in danger of being undermined. "We are trying to get companies and manufacturers to work with us to allow us to maintain the surveillance operations we have undertaken since the late 1960s," he said. "All we are asking is to be able to continue to do what we are currently doing and we want the same access we are having now." Manufacturers of GSM mobile phones will be forced to adapt products to work with the new codes. Motorola, one of the leading makers of the digital mobile handsets, complained that costs may rise as a result. "We are flying blind here," said Larry Conlee, the assistant general manager of Motorola's European cellular division. "The GSM system has ended up more secure than it should have been for the commercial market and now we're trying to recover from it." Vodafone, Britain's largest analogue mobile phone company, which has already installed 250 GSM base stations covering 50% of the UK population, said its network will need to be adapted to accept the new codes. "Government authorities have made it known that they don't want this high level of encoding," said Mike Caldwell, the spokesman for Vodafone. Caldwell said the problem with the original system was that it would take security services weeks rather than minutes to decode the conversations they wanted to bug. Despite the changes, it will be still virtually impossible for any amateur eavesdropper to intercept calls made on the digital mobile phones. -- Andy Thomas Information Security Group, Department of Computer Science Royal Holloway, University of London TW20 0EX, England Internet: andy@dcs.rhbnc.ac.uk phone: + 44 784 443696 ----- End Included Message -----
Speculation: The "A5 `scrambling code'" is used as the spreading code for a spread spectrum radio. Spread spectrum radio has some features cypherpunks may find interesting: both stegnagraphic and cryptographic. A Spread Spectrum signal is usualy based on xoring a very high rate "pseudorandom" bitstream with the intelligence to be transmitted. The resulting wide spectrum signal is usualy transmitted via radio. As a result the signal is very hard to notice since the watts/hz can be orders of magnitude under normal narrow band signals (stegnography). As a second result, once detected the signal cannot be understood without syncronizing an identicle "pseudorandom" bitstream at the reciever (cryptography). The reason that gov't types would fear the dispersal of the technology is obvious. Btw. many of the wireless lans use exactly this technology. j'
Caldwell said the problem with the original system was that it would take security services weeks rather than minutes to decode the conversations they wanted to bug. Despite the changes, it will be still virtually impossible for any amateur eavesdropper to intercept calls made on the digital mobile phones.
The quotes I've heard are more like "any county sherif with a radiomodem and a pc will be able to tap any conversation in range. It's probably just as well. Since end to end encryption is the only reasonable solution anyway. brad
Speculation: The "A5 `scrambling code'" is used as the spreading code for a spread spectrum radio.
It would seem that both the sender and reciever need to be exactly syncronized to within 1/4 of a bit for this to work. Since voice data requires about 64Khz, if you spread this by a factor of 32 (for a scrambling frequency of 2.048Mhz) this would mean the sender and reciever would need to be synced to well within 500ns of each other. Isn't this a bit difficult? How do they do it? brad
Brad Huntting <huntting@glarp.com> asks:
[...]this would mean the sender and reciever would need to be synced to well within 500ns of each other. Isn't this a bit difficult? How do they do it?
You are right. This is perhaps *the* central design issue of this kind of spread spectrum system. One standard solution is to use "gold codes". Gold codes are special in that they are very self dissilimar. That is they look very unlike any shifted version of themselves. So you can build a very simple corelator which tries all the possible shiftings of a code to the signal, until one pops up with "low frequency" data rather than "high frequency" noise. Another is to begin a transmission with a special sync header (and concievably intersperse additional ones bassed on the expected frequency of loss of lock). Currently available PLL's working at 900MHz have very low phase noise, and I can imagine the construction of fixed frequency PLL's with even lower phase noise. A third is to transmit BOTH the spreading code, and the data. You can think of this technique as sending two channels of data, one which is all 1's (or 0's), the other which is a little more interesting. The two channels are then combined at the reciever to yield the data. A fourth is to use an externaly generated sync signal -- for example a radio transmission that both sender and reciever can hear. (For this aplication, I don't see how this would be used...) Aditional solutions are possible. (What is this S.A.W. thing I read about??) j'
participants (3)
-
Brad Huntting
-
Jay Prime Positive
-
pmetzgerï¼ shearson.com