New Digital Cellular Phone Security Cracked!
No privacy on new
systems either. Was NSA to blame?
See NSA's Response
Telecommunications Industry Association algorithm for digital
telephones fails under simple cryptanalysis
MINNEAPOLIS, MN. AND BERKELEY, CA., March 20, 1997 - Counterpane
Systems and UC Berkeley jointly announced today that researchers have
discovered a flaw in the privacy protection used in today's most advanced
digital cellular phones. This discovery points to serious problems in the
chosed-door process used to develop these privacy measuers. This
announcement is a setback to the US cellular telephone industry, said
Bruce Schneier of Counterpane Systems, a Minneapolis, MN consulting firm
specializing in cryptography. The attack can be carried out in a few
minutes on a conventional personal computer.
Schneier and John Kelsey of Counterpane Systems, along with graduate
student David Wagner of the University of California at Berkeley, plan to
publish their analysis in a paper entitled "Cryptanalysis of the Cellular
Message Encryption Algorithm (CMEA)." Legislators are scheduled to hold
hearings today on Rep. Goodlatte's "SAFE" (Security And Freedom Through
Encryption) bill, HR695.
The problem affects numbers dialed on the key pad of a cellular
handset, including any telephone, PIN, or credit cards numbers dialed. The
system was supposed to protect the privacy of those dialed digits, but the
encryption is weak enough that those digits are accessible to
eavesdroppers with a digital scanner.
The cryptographers blame the closed-door design process and excessive
pressure from U.S. military interests for problems with the privacy
standard. The cellular industry attempted to balance national security
with consumer privacy concerns. In an attempt to eliminate recurring
security problems, the cellular standards arm of the Telecommunications
Industry Association (TIA) privately designed this new framework for
protecting cellular phones. The system uses encryption to prevent fraud,
scramble voice communications, and protect users' privacy. These new
protections are being deployed in today's digital cell phones, including
CDMA, NAMPS, and TDMA.
Not a new problem
As early as 1992, others - including noted
security expert Whitfield Diffie - pointed out fatal flaws in the new
standard's voice privacy feature. The two flaws provide a crucial lesson
for policy makers and consumers, the researchers said. These weaknesses
are symptomatic of broad underlying problems in the design process,
according to Wagner.
Many have criticized the National Security Agency (the U.S. military
intelligence agency in charge of electronically monitoring foreign powers)
for insinuating itself into the design process, pressuring designers to
cripple the security of the cellular encryption technique and hamstringing
emerging cellular security technology. "The result is weaker protection
for everybody," Kelsey said.
"This is another illustration of how U.S. government efforts to control
cryptography threaten the security and privacy of Americans," said David
Banisar, attorney for the Electronic Privacy Information Center in
Washington, D.C.
This is not the first report of security flaws in cellular telephony.
Today, most cellular phone calls can be intercepted by anyone in the area
listening to a scanner, as House Speaker Newt Gingrich learned this past
January when someone with a scanner recorded one of his cellular calls.
According to FCC estimates, the cellular telephony industry lost more that
$400 million to fraud and security problems last year.
CMEA Technology
CMEA is a symmetric cipher, like the Digital
Encryption Standard (DES). It uses a 64-bit key, but weaknesses in the
algorithm reduce the key to an effective length of 24 or 32 bits,
significantly shorter than even the weak keys the U.S. government allows
for export.
Greg Rose, program chair of the 1996 USENIX Security Symposium, put the
results in context: "This break does not weaken the digital cellular fraud
protections. And it's still true that digital cellular systems are much
harder to casually eavesdrop on than analog phones. But it's clear from
this break that a determined criminal with technical resources can
intercept these systems."
Counterpane Systems is a Minneapolis, MN-based consulting firm
specializing in cryptography and computer security. Bruce Schneier is
president of Counterpane and author of three books on cryptography and
security. David Wagner is a founding member of the ISAAC computer security
research group at UC Berkeley. In the Fall of 1995, the ISAAC group made
headlines by revealing a major flaw in Netscape's web browser. The authors
also hasten to thank Greg Rose for his advice.
CONTACTS:
| David Wagner |
Lori Sinton |
| University of California, Berkeley |
Jump Start Communications |
| 510-643-9435 (voice) |
415-938-2234 (voice) |
| 510-642-5775 (fax) |
415-938-2237 (fax) |
| daw@cs.berkeley.edu
(email) |
lsinton@aol.com (email)
|
More information is on my website: http://www.counterpane.com/
NSA's Response
from Dorothy Denning
NSA has released the following statement with regards to the news today
about the cryptographers who found the flaw in the digital cellular code.
"NSA had no role in the design or selection of the encryption algorithm
chosen by the Telecommunications Industry Association (TIA). NSA also had
no role in the design or manufacture of the telephones themselves. As we
understand the researchers' claim, it appears that the algorithm selected
and the way it was implemented in the system has led to the stated flaws.
NSA provided the TIA with technical advice on the exportability of
these devices under U.S. export regulations and processes."
Return
to top |
![[Bomb2]](New_Digital_files/bomb2_li.gif)
