reply to discussion

Post a reply to the thread: GSM insecure, additional encryption necessary

Your Message

If you are already a member Click here to log in
 
  • :)
  • :heart:
  • :(
  • ;)
  • :p
  • :cool:
  • :rolleyes:
  • :ah:
  • :evil:
  • :flamemad:
  • :sad:
  • :laugh:
  • :D
  • :smart:
  • :blush:

Send Trackbacks to (Separate multiple URLs with spaces)

You may choose an icon for your message from this list

Additional Options

  • Will turn www.example.com into [URL]http://www.example.com[/URL].

  • If selected, :) will not be replaced with smile

Subscription
Rate Thread

You may rate this thread from 1-star (Terrible) to 5-stars (Excellent) if you wish to do so.

Topic Review (Newest First)

  • 05-04-2007, 08:25 AM
    John Navas
    On Thu, 03 May 2007 20:53:53 -0700, SMS <[email protected]>
    wrote in <[email protected]>:

    >DTC wrote:
    >> SMS wrote:
    >>
    >>> LOL, since when has Navas _ever_ provided references or citations?!

    >>
    >> Quite often...to back peddle

    >
    >Pedal, not peddle.


    He had it right the first time.

    --
    Best regards, FAQ FOR CINGULAR WIRELESS:
    John Navas <http://en.wikibooks.org/wiki/Cingular_Wireless_FAQ>
  • 05-03-2007, 10:07 PM
    Scott
    SMS <[email protected]> wrote in news:463aae55$0$27241
    [email protected]:

    > DTC wrote:
    >> SMS wrote:
    >>
    >>> LOL, since when has Navas _ever_ provided references or citations?!

    >>
    >> Quite often...to back peddle

    >
    > Pedal, not peddle.
    >


    Think about it- peddle is much more appropriate.
  • 05-03-2007, 09:53 PM
    SMS
    DTC wrote:
    > SMS wrote:
    >
    >> LOL, since when has Navas _ever_ provided references or citations?!

    >
    > Quite often...to back peddle


    Pedal, not peddle.
  • 05-03-2007, 06:49 PM
    DTC
    SMS wrote:

    > LOL, since when has Navas _ever_ provided references or citations?!


    Quite often...to back peddle
  • 05-02-2007, 02:57 PM
    John Navas
    On Wed, 02 May 2007 07:49:53 -0700, SMS <[email protected]>
    wrote in <[email protected]>:

    >[email protected] wrote:
    >> On May 1, 10:03 am, John Navas <[email protected]> wrote:
    >>> On Tue, 01 May 2007 07:48:22 -0700, SMS <[email protected]>
    >>> wrote in <[email protected]>:

    >>
    >>> 1. W-CDMA is quite different from cdmaOne and CDMA2000, your repeated
    >>> attempts to confuse them notwithstanding.

    >>
    >> Aside from a 5 MHz bandwidth, and therefore a different signaling
    >> rate, what are the other differences in terms of
    >> modulation and channel coding?


    Both the system and infrastructure are completely incompatible. Google
    my prior posts for specifics.

    >The important issue is that they are both spread spectrum, which makes
    >eavesdropping extremely difficult (CDMA's roots are in the military).


    In fact CDMA-type systems are vulnerable to eavesdropping. Again,
    Google my prior posts.

    >> References? I hope they are technical, because a good technical
    >> discussion is needed to illuminate this.

    >
    >LOL, since when has Navas _ever_ provided references or citations?!


    Far more often than you.

    --
    Best regards, FAQ FOR CINGULAR WIRELESS:
    John Navas <http://en.wikibooks.org/wiki/Cingular_Wireless_FAQ>
  • 05-02-2007, 12:22 PM
    Dennis Ferguson
    On 2007-05-02, SMS <[email protected]> wrote:
    > [email protected] wrote:
    >>> 1. W-CDMA is quite different from cdmaOne and CDMA2000, your repeated
    >>> attempts to confuse them notwithstanding.

    >>
    >> Aside from a 5 MHz bandwidth, and therefore a different signaling
    >> rate, what are the other differences in terms of
    >> modulation and channel coding?

    >
    > The important issue is that they are both spread spectrum, which makes
    > eavesdropping extremely difficult (CDMA's roots are in the military).
    >
    > See
    > "http://www.comsec.uwaterloo.ca/~flchiu/CDMA/WCDMA%20and%20CDMA2000.pdf"
    > for a technical discussion of each. See table 36.1 on page 15. The
    > important issue to understand is that both W-CDMA and CDMA 2000 provide
    > inherent protection against eavesdropping. The two technologies are
    > extremely similar.


    I don't think that is quite right. Whether direct sequence spread
    spectrum is secure or not depends on the (un)predictability of the
    spreading code in use. The GPS C/A channel (i.e. what we all use)
    is spread spectrum but is also entirely insecure since the spreading
    codes are well known. 802.11 spread spectrum also uses predictable
    spreading codes. The GPS PPS channel, which the military controls,
    is considered secure because (as far as I know) the spreading sequence
    algorithm hasn't been broken.

    As I understand it both CDMA2000 and WCDMA generate private long codes
    to use for scrambling sequence generation, but I don't think either of
    these (and they may do it the same way) are claimed to be cryptographically
    "secure", perhaps since what they do is highly constrained by the
    need to keep the codes orthogonal. The papers all carefully call these
    an "extra" layer of security since ultimately they still depend on the
    quality of the cipher being used to encrypt the data for real security.

    I think the data ciper used by CDMA2000 1xRTT is ORYX. I think a known
    plain text attack on the basic cipher has been found, though I don't
    think there is a practical attack against its use in cell phones
    yet (particularly with the "extra" layer, I guess). The data cipher
    used by WCDMA, and GSM now, is the KASUMI algorithm, on which they
    did really extensive cryptanalysis (after the previous GSM disasters)
    and found it to be resistant to all currently known attack approaches.

    So I think WCDMA and CDMA2000 are pretty secure, but I also think
    GSM is just about as secure if modern standards are being used.
    I don't think the over-the-air GSM interface can be tapped if the
    most recent standards are in use. The article that talked about
    this doesn't say how this stuff was tapped, but either they had to
    be listening to old phones over the air, or they managed to get
    encryption keys off the SIMs, or (most likely) the tap was placed
    somewhere after the base stations where none of this helps.

    Of course the last bit is why, if you want real security, you need
    end-to-end encryption. Just encrypting the radio link doesn't help
    if the tapper has access to the equipment on the other side of the
    base station.

    Dennis Ferguson
  • 05-02-2007, 08:49 AM
    SMS
    [email protected] wrote:
    > On May 1, 10:03 am, John Navas <[email protected]> wrote:
    >> On Tue, 01 May 2007 07:48:22 -0700, SMS <[email protected]>
    >> wrote in <[email protected]>:

    >
    >> 1. W-CDMA is quite different from cdmaOne and CDMA2000, your repeated
    >> attempts to confuse them notwithstanding.

    >
    > Aside from a 5 MHz bandwidth, and therefore a different signaling
    > rate, what are the other differences in terms of
    > modulation and channel coding?


    The important issue is that they are both spread spectrum, which makes
    eavesdropping extremely difficult (CDMA's roots are in the military).

    See
    "http://www.comsec.uwaterloo.ca/~flchiu/CDMA/WCDMA%20and%20CDMA2000.pdf"
    for a technical discussion of each. See table 36.1 on page 15. The
    important issue to understand is that both W-CDMA and CDMA 2000 provide
    inherent protection against eavesdropping. The two technologies are
    extremely similar.

    > References? I hope they are technical, because a good technical
    > discussion is needed to illuminate this.


    LOL, since when has Navas _ever_ provided references or citations?!



    [Copied to alt.cellular.attws. Please post all alt.cellular.cingular
    posts to alt.cellular.attws as well. The Cingular name is going away,
    and alt.cellular.attws is the proper venue for posts regarding AT&T's
    Wireless Service.]
  • 05-01-2007, 09:03 AM
    John Navas
    On Tue, 01 May 2007 07:48:22 -0700, SMS <[email protected]>
    wrote in <[email protected]>:

    >[email protected] wrote:
    >> On Apr 30, 8:15 pm, "Chuck" <[email protected]> wrote:
    >>> I don't know why this should be a shock to anyone. In general, governments
    >>> do not want cell phones or anything else available to the general public to
    >>> have strong encryption.

    >>
    >> The other mobile technology widely available in the US doesn't need
    >> any extra encryption.
    >> It was available from the start. As Cingular/ATT Wireless migrates
    >> more areas to W-CDMA this technology
    >> will start to be available to more of their customers.

    >
    >Yes, eventually as the whole world moves to CDMA (in one form or
    >another) at least that part of the security issue will be resolved.


    1. W-CDMA is quite different from cdmaOne and CDMA2000, your repeated
    attempts to confuse them notwithstanding.

    2. CDMA-type systems are not immune to eavesdropping -- it's known that
    North Korea has operated mobile CDMA-based eavesdropping systems.

    >For the time being, if you care about privacy, the best option is to use
    >Sprint, Verizon, Alltel, or whatever other CDMA carrier is available in
    >your area, though of course this doesn't work in most of Europe.


    If you really care about privacy then you shouldn't be using _any_
    cellular system.

    >If CDMA had come along during the current U.S. administration it almost
    >certainly would not have been permitted to be deployed due to the
    >privacy it affords.


    Complacency is antithetical to security.

    >[Copied to alt.cellular.attws.


    Thereby trashing the attws group with confusing thread fragments.
    What you're doing is rude and counterproductive.

    >Please post all alt.cellular.cingular
    >posts to alt.cellular.attws as well.
    >The Cingular name is going away,


    Not yet.

    >and alt.cellular.attws is the proper venue for posts regarding AT&T's
    >Wireless Service.]


    That remains to be seen.

    --
    Best regards, FAQ FOR CINGULAR WIRELESS:
    John Navas <http://en.wikibooks.org/wiki/Cingular_Wireless_FAQ>

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •