30 November 2009--If you're still using a cellphone based on early digital standards, you better be careful what you say. The encryption technology used to prevent eavesdropping in GSM (Global System for Mobile communications), the world's most widely used cellphone system, has more security holes than Swiss cheese, according to an expert who plans to poke a big hole of his own.
Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany's Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet.
Each GSM phone has its own secret key, which is known by the network. Every time a call is initiated, a new session key for that particular call is derived from the secret key and used to encrypt the call. Nohl aims to crack the session key.
The engineer has designed an open-source software program that participants in his A5/1 cracking project can install on their PCs and use to share the task of computing the lookup tables that make up the cryptography system. The final codebook with the computed tables will be shared across a peer-to-peer network. Therefore, no one computer contains all the files, making it difficult, if not impossible, to remove the cracking tool entirely from the Internet.
The aim of the project, he says, is not to "break anything" but rather to create an awareness of "a long-standing vulnerability" in GSM encryption technology and, ultimately, to push mobile phone operators still delivering calls over GSM networks either to phase in the more advanced voice and text-messaging encryption technology, A5/3, or upgrade to a newer-generation digital phone system.
Technically, Nohl's approach is based on the same techniques used in a GSM crack carried out in 2008 by security group The Hacker's Choice (THC). But Nohl's effort has a few twists.
The A5/1 cracking project aims to compress the 128-petabyte A5/1 codebook -- which would require more than 100 000 years of computing by a single PC to crack--to around 2 or 3 terabytes of data, and a computing time of around three months, with the help of about 80 computers. To speed up computing time, the project relies on some components not always found in your standard PC, such as Nvidia Corp.'s CUDA (Compute Unified Device Architecture) graphics cards and Xilinx Virtex field-programmable gate arrays (FPGAs).
"Graphics cards aren't necessarily faster than CPUs, but they are for a few specific applications, and computing the A5/1 cipher is one of them," Nohl says. While admitting that expensive Virtex chips aren't common in PCs, he says several groups with Virtex clusters have joined the project.