Decoding GSM

Glendrange, Magnus; Hove, Kristian; Hvideberg, Espen

Glendrange, Magnus; Hove, Kristian; Hvideberg, Espen

Master thesis

View/Open

355716_COVER01.pdf (215.0Kb)

355716_FULLTEXT01.pdf (5.991Mb)

URI

http://hdl.handle.net/11250/262321

Date

2010

Metadata

Show full item record

Collections

Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1824]

Abstract

We have participated in the creation of almost two terabytes of tables aimed at cracking A5/1, the most common ciphering algorithm used in GSM. Given 114-bit of known plaintext, we are able to recover the session key with a hit rate of 19%. The tables are expected to be unique as they provide the best coverage yet known to the authors, and they are the first step in a real-world passive attack against GSM. An initial investigation and analysis into the air interface of GSM were performed, from both a theoretical and practical point of view. These examinations would be essential in order to utilize the generated tables in a practical attack.Additionally, a rogue GSM network was built and deployed without enabling ciphering and frequency hopping. This active attack was purely based on open-source software and hardware, implying that real GSM networks could be spoofed with resources available to the general public.

Publisher

Institutt for telematikk