Thought I'd forward this. ----- Begin Included Message -----

From libernet-request@dartmouth.edu Wed Feb 3 18:51:12 1993 Resent-Message-Id: <4fQ2vaH0BwxI41u9ED@transarc.com> Resent-Date: Wed, 3 Feb 1993 15:45:26 -0500 (EST) Resent-From: Lyle_Seaman@transarc.com Resent-To: libernet@dartmouth.edu X-Andrew-Widereply: netnews.sci.crypt Newsgroups: sci.crypt Path: andrew.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!howland.reston.ans.net!usenet.ins.cwru.edu!agate!doc.ic.ac.uk!rhbnc!andy From: andy@csqx.cs.rhbnc.ac.uk Subject: `Sunday Times' article on GSM changes Organization: RHBNC Date: Tue, 2 Feb 1993 16:07:01 GMT Lines: 94 Sender: libernet-request@dartmouth.edu X-Mailing-List: libernet@Dartmouth.EDU Content-Length: 4387

Having finally managed to track down a copy of last Sunday's `Sunday Times', here is the text of the article describing changes to the GSM mobile communications standard. The A5 `scrambling code' refered to in the article is the stream cipher between the mobile and base stations, which uses a 64-bit key derived from an initial authentication exchange. Whilst it's not exactly secret, as many people involved with developing GSM need to know the details, it is covered by non-disclosure agreements. `New Scientist' also have an article on GSM in this week's issue. andy -- `The Sunday Times', 31 January 1993. Main section, p. 12. (Home News) SPYMASTERS ORDER REDESIGN OF `TOO SECURE' MOBILE PHONES by Christopher Lloyd [Cartoon of a ridiculous mobile handset with various antennaea and dishes protruding. It is being held by a dismayed, purple-suited, man whilst a sign reads: "New! GCHQ-approved mobile phone".] The next generation of mobile telephones has proved so secure against tapping that it is to be made less safe on the advice of the intelligence services. The phones, based on coded digital technology, will have their technology modified so that spies can continue to eavesdrop on private conversations. The changes, ordered by a European Community (EC) telecommunications committee in Brussels, are being made at the insistance of European governments, including Britain's. They fear that surveillance operations against drug barons, the criminal underworld and foreign powers could be undermined. Digital mobiles phones, based on a system called GSM, are already replacing standard analogue networks across the world. They are equipped with a sophisticated scrambling code called A5, offering protection from interception equivelant to many military systems. It is this code that is to be replaced by one called A5X, to allow undercover eavesdropping to continue. Last week a Department of Trade and Industry spokesman confirmed changes were being introduced to make it easier for security agencies - ranging from GCHQ, the British government's listening post near Cheltenham, to the FBI in America - to eavesdrop. "Alternatice coding is being developed for the reasons you have outlined," he said. "There is a general desire for this among the governments of Europe." The department, which issues export licenses for the phones, is particularly concerned that the original A5 technology should not be sold to countries that may adapt it for military applications. In America, the FBI has voiced similar concern. Nestor Michnyak, spokesman for the FBI headquarters in Washington, said that digital technology was advancing so fast that counter-surveillance was in danger of being undermined. "We are trying to get companies and manufacturers to work with us to allow us to maintain the surveillance operations we have undertaken since the late 1960s," he said. "All we are asking is to be able to continue to do what we are currently doing and we want the same access we are having now." Manufacturers of GSM mobile phones will be forced to adapt products to work with the new codes. Motorola, one of the leading makers of the digital mobile handsets, complained that costs may rise as a result. "We are flying blind here," said Larry Conlee, the assistant general manager of Motorola's European cellular division. "The GSM system has ended up more secure than it should have been for the commercial market and now we're trying to recover from it." Vodafone, Britain's largest analogue mobile phone company, which has already installed 250 GSM base stations covering 50% of the UK population, said its network will need to be adapted to accept the new codes. "Government authorities have made it known that they don't want this high level of encoding," said Mike Caldwell, the spokesman for Vodafone. Caldwell said the problem with the original system was that it would take security services weeks rather than minutes to decode the conversations they wanted to bug. Despite the changes, it will be still virtually impossible for any amateur eavesdropper to intercept calls made on the digital mobile phones. -- Andy Thomas Information Security Group, Department of Computer Science Royal Holloway, University of London TW20 0EX, England Internet: andy@dcs.rhbnc.ac.uk phone: + 44 784 443696 ----- End Included Message -----