SlideShare a Scribd company logo

Gsm attacks

Download as PPT, PDF
M
maicuong8

GSM security - part 3

Engineering
1 of 32
GSM Security OverviewGSM Security Overview (Part 3)(Part 3) Gregory Greenman
AgendaAgenda A5 Overview :A5 Overview :  LFSR (Linear Feedback Shift Registers)LFSR (Linear Feedback Shift Registers)  A5/1 DescriptionA5/1 Description Attack on A5 :Attack on A5 :  Space-Time Attacks Overview (Space-Time Attacks Overview (by Babbageby Babbage))  Cryptanalysis of A5/1 (Cryptanalysis of A5/1 (by Shamir, Biryukov, Wagnerby Shamir, Biryukov, Wagner)) Other Attacks on GSMOther Attacks on GSM ConclusionConclusion
LFSR structureLFSR structure PurposePurpose -- to produce pseudo random bit sequenceto produce pseudo random bit sequence Consists of two parts :Consists of two parts :  shift register – bit sequenceshift register – bit sequence  feedback functionfeedback function Tap Sequence :Tap Sequence :  bits that are input to the feedback functionbits that are input to the feedback function bb11 bb22 bb33 bb44 ...... bbn-1n-1 bbnn Feedback Function : XOR output new value
LFSR FeaturesLFSR Features LFSR Period –LFSR Period – the length of the output sequencethe length of the output sequence before it starts repeating itself.before it starts repeating itself. n-bit LFSR can be in 2n-bit LFSR can be in 2nn -1 internal states-1 internal states  the maximal period is also 2the maximal period is also 2nn -1-1 the tap sequence determines the periodthe tap sequence determines the period the polynomial formed by a tap sequence plusthe polynomial formed by a tap sequence plus 1 must be a primitive polynomial (mod 2)1 must be a primitive polynomial (mod 2)
LFSRLFSR Example :Example : xx1212 +x+x66 +x+x44 +x+1 corresponds to LFSR of length 12+x+1 corresponds to LFSR of length 12 bb11 b2 b3 bb44 b5 bb66 b7 b8 b9 b10 b11 bb1212
A5/1 OverviewA5/1 Overview A5/1 is a stream cipher, which is initialized allA5/1 is a stream cipher, which is initialized all over again for every frame sent.over again for every frame sent. Consists of 3 LFSRs of 19,22,23 bits length.Consists of 3 LFSRs of 19,22,23 bits length. The 3 registers are clocked in a stop/goThe 3 registers are clocked in a stop/go fashion using the majority rule.fashion using the majority rule. “Cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you.” - Ian Cassells, a former Bletchly Park cryptanalyst.
1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 clock control 18 17 16 0 21 20 0 02122 20 C3 C2 C1 R2 R1 R3 11 0 0 10 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 1 0 0 1
A5/1 : OperationA5/1 : Operation All 3 registers are zeroedAll 3 registers are zeroed 64 cycles (without the stop/go clock) :64 cycles (without the stop/go clock) :  Each bit of K (lsb to msb) is XOR'ed in parallel intoEach bit of K (lsb to msb) is XOR'ed in parallel into the lsb's of the registersthe lsb's of the registers 22 cycles (without the stop/go clock) :22 cycles (without the stop/go clock) :  Each bit of FEach bit of Fnn (lsb to msb) is XOR'ed in parallel into(lsb to msb) is XOR'ed in parallel into the lsb's of the registersthe lsb's of the registers 100 cycles with the stop/go clock control,100 cycles with the stop/go clock control, discarding the outputdiscarding the output 228 cycles with the stop/go clock control which228 cycles with the stop/go clock control which produce the output bit sequence.produce the output bit sequence.
The ModelThe Model The internal state of A5/1 generator is the state of allThe internal state of A5/1 generator is the state of all 64 bits in the 3 registers, so there are 264 bits in the 3 registers, so there are 26464 -1 states.-1 states. The operation of A5/1 can be viewed as a stateThe operation of A5/1 can be viewed as a state transition :transition : S0 S1 S2 St k0 k2k1 kt Standard attack assumes the knowledge of about 64Standard attack assumes the knowledge of about 64 output bits (64 bits →2output bits (64 bits →26464 different sequences).different sequences).
Space/Time Trade-Off AttackSpace/Time Trade-Off Attack II Get keystream bits kGet keystream bits k11,k,k22,…,k,…,kM+nM+n and prepare Mand prepare M subsequences :subsequences : k1,…,kn k2, …,kn+1 … kM,…,kn+M M • generate random state Si • generate n-bit keystream • look for it in the prepared keystream subsequences
Space/Time Trade-Off AttackSpace/Time Trade-Off Attack IIII Select R random states SSelect R random states S11,..,S,..,SRR and for eachand for each state generate an n-bit keystreamstate generate an n-bit keystream S1 : k1,1 … k1,n S2 : k2,1 … k2,n … SR : kR,1 … kR,n R • Get keystream bits k1,k2, …,kM+n and prepare M subsequences • Look for a prepared state
Shamir/Biryukov Attack OutlineShamir/Biryukov Attack Outline 2 disks (73 GB) and 2 first minutes of the conversation2 disks (73 GB) and 2 first minutes of the conversation are needed. Can find the key in less than a second.are needed. Can find the key in less than a second. This attack based on the second variation of theThis attack based on the second variation of the space/time tradeoff.space/time tradeoff. There are n = 2There are n = 26464 total statestotal states A – the set of prepared states (and relevant prefixes)A – the set of prepared states (and relevant prefixes) B – the set of states through which the algo. proceedsB – the set of states through which the algo. proceeds The main idea :The main idea :  Find stateFind state ss in A∩ B (the states are identified by prefix)in A∩ B (the states are identified by prefix)  Run the algorithm in the reverse directionRun the algorithm in the reverse direction
Biased Birthday AttackBiased Birthday Attack Birthday paradox : A ∩ BBirthday paradox : A ∩ B ≠≠ oo if |A| ∙ |B| ≈ nif |A| ∙ |B| ≈ n Each state is chosen for A with probability PEach state is chosen for A with probability PAA(s) and for B(s) and for B with probability Pwith probability PBB(s). Then, the intersection will not be(s). Then, the intersection will not be empty ifempty if ΣΣss PPAA(s) ∙ P(s) ∙ PBB(s) ≈ 1(s) ≈ 1 The idea is to choose the states from A and B with 2The idea is to choose the states from A and B with 2 non-uniformnon-uniform distributions that have correlation betweendistributions that have correlation between themthem
Disk StorageDisk Storage state prefix The prefixes can be sorted and thus serve as indices into the states array The registers are small, we can precompute all their states and store them in 3 cyclic arrays But, for each state we can store only two bits : the clock bit and the output bit (I, j, k) At each step we only have to know which of the three indices should be incremented. This could be implemented by a precomputed table with 3 input bits (clocks) and the increment vector as the output. No shift operations ! c1 c2 c3 inc1 inc2 inc3 0 1 0 1 1 0 State Transition :
Special StatesSpecial States Disk access is very time-consuming!Disk access is very time-consuming! Keep on disk (set A) only those states, which produce aKeep on disk (set A) only those states, which produce a sequence that starts with a certain patternsequence that starts with a certain pattern αα, |, | αα| = k| = k Access the disk only whenAccess the disk only when αα is encounteredis encountered 22kk prefixes can start withprefixes can start with αα, so we reduce the number of, so we reduce the number of total possible states (n) by 2total possible states (n) by 2kk and the number of diskand the number of disk access times by 2access times by 2kk . The size of A, however, is unchanged,. The size of A, however, is unchanged, and we only insert the states that satisfy the conditionand we only insert the states that satisfy the condition there. Thus, we don't miss intersectionsthere. Thus, we don't miss intersections..
Generation of Special StatesGeneration of Special States Choose from all 2Choose from all 26464 states the needed 2states the needed 24848 ??  It's too time-consuming and unrealistic.It's too time-consuming and unrealistic. The solution is to generate them :The solution is to generate them : C3 C2 C1 11 bits 12 bits 19 bits 11 bits 11 bits 241 chosen bits Each register moves approximately ¾ of the cycles.
Reversing A5/1Reversing A5/1 Forward state transition is deterministic …Forward state transition is deterministic … In the reverse direction could be up to 4 predecessorsIn the reverse direction could be up to 4 predecessors (majority clock control).(majority clock control). Example :Example : 101 010 101 C3 C2 C1 What was the clock majority bit at the previous round ? Here we see that there are no predecessors !
Estimations …Estimations … We need 5 bytes per state to store on disk (73 G), so we canWe need 5 bytes per state to store on disk (73 G), so we can afford 146afford 146 ∙∙ 223030 /5 = 2/5 = 23535 statesstates We use 51 bit length prefixes (16 first bits areWe use 51 bit length prefixes (16 first bits are αα)) How many times willHow many times will αα be encountered in the data ?be encountered in the data ?  there are 228 bits of data, that is, 177 (there are 228 bits of data, that is, 177 (228-51228-51) "relevant offsets") "relevant offsets"  2 minutes of operation, that is, 1202 minutes of operation, that is, 120 ∙∙ 1000/4.5 frames1000/4.5 frames  22-16-16 is the fraction of all possible states which start withis the fraction of all possible states which start with αα  so, the number of occurrences is 2so, the number of occurrences is 2-16-16 ∙∙ 177177 ∙∙ 120120 ∙∙ 1000/4.5 ≈ 711000/4.5 ≈ 71
Tree ExplorationTree Exploration A state isA state is redred if the sequence of output bits produced from theif the sequence of output bits produced from the statestate startsstarts withwith αα. There are 2. There are 24848 red states.red states. A state isA state is greengreen if the sequence produced from the stateif the sequence produced from the state containscontains anan αα--occurrence between bit positions 101 – 277occurrence between bit positions 101 – 277 There are 177There are 177 ∙∙ 224848 green statesgreen states We can assume that the short path (of length 277 ) will containWe can assume that the short path (of length 277 ) will contain only one occurrence ofonly one occurrence of αα, so the mapping is many-to-1, so the mapping is many-to-1 red : green :α α
Tree Exploration IITree Exploration II The set of relevant states can be viewed as a collectionThe set of relevant states can be viewed as a collection of disjoint trees with red state as the root and the rest ofof disjoint trees with red state as the root and the rest of nodes are green states.nodes are green states. We're interested in trees with green states at levelsWe're interested in trees with green states at levels 101-277. The weight of tree, W(s) is the number of green101-277. The weight of tree, W(s) is the number of green states at those levels.states at those levels. sequence generatio n reverse direction
Tree Exploration IIITree Exploration III It is experimentally found that W(s) has highly non-It is experimentally found that W(s) has highly non- uniform distribution :uniform distribution :  85% of the trees die before reaching the level 10085% of the trees die before reaching the level 100  15% of the trees have 1 ≤ W(s) ≤ 260015% of the trees have 1 ≤ W(s) ≤ 2600 Choose 2Choose 23535 states (biased probability) with particularlystates (biased probability) with particularly heavy trees (average weightheavy trees (average weight 1250012500) from overall of 2) from overall of 24848 red statesred states The expected number of collisions :The expected number of collisions : 235 ∙ 12500 ∙ 71 177 ∙ 248 ≈ 0.61
Tree Exploration IVTree Exploration IV Heavy trees → large number of green state candidates?Heavy trees → large number of green state candidates?  We know the exact location ofWe know the exact location of αα in the sequence, so we knowin the sequence, so we know the exact depth in the tree.the exact depth in the tree.  The trees are narrow, so the total number of states we'll haveThe trees are narrow, so the total number of states we'll have to check is less than 100 !to check is less than 100 !
Attack SummaryAttack Summary DueDue to frequent reinitialization (for every new frame),to frequent reinitialization (for every new frame), it's possible to efficiently run the algorithm backwardsit's possible to efficiently run the algorithm backwards (328 steps).(328 steps). Poor choice of the clocking taps.Poor choice of the clocking taps. Each one of the registers is so small that it's possible toEach one of the registers is so small that it's possible to precompute all its states.precompute all its states.
Attacks on Signaling NetworkAttacks on Signaling Network The transmissions are encrypted only between MS andThe transmissions are encrypted only between MS and BTS. After the BTS, the protocols between MSC andBTS. After the BTS, the protocols between MSC and BSCBSC ((BSSAPBSSAP)) and inside the operator's networkand inside the operator's network ((MAPMAP)) are unencrypted, allowing anyone who has access to theare unencrypted, allowing anyone who has access to the signaling system to read or modify the data on the fly !signaling system to read or modify the data on the fly ! So, the SS7 signaling network is completely insecure.So, the SS7 signaling network is completely insecure. The attacker can gain the actual phone call, RAND &The attacker can gain the actual phone call, RAND & SRES…SRES…
Attacks on Signaling NetworkAttacks on Signaling Network If the attacker can access the HLR, s/he will be able toIf the attacker can access the HLR, s/he will be able to retrieve the Kretrieve the Kii for all subscribers of that particularfor all subscribers of that particular network.network.
Retrieving KRetrieving Kii over Airover Air The KThe Kii key can be retrieved from SIM over the air :key can be retrieved from SIM over the air :  MS is required to respond to every challenge made by GSMMS is required to respond to every challenge made by GSM network (there is no authentication of BTS).network (there is no authentication of BTS).  Attack based on differential cryptanalysis could take 8-15Attack based on differential cryptanalysis could take 8-15 hours and require that the signal from the legitimate BTS behours and require that the signal from the legitimate BTS be disabled for that time, but it's still real …disabled for that time, but it's still real … The same attack could be applied to AuCThe same attack could be applied to AuC  It also has to answer the requests made by the GSM networkIt also has to answer the requests made by the GSM network  It's much faster than SIMIt's much faster than SIM
SMS ArchitectureSMS Architecture SMS is a "store andSMS is a "store and forward" message systemforward" message system  the message is sent fromthe message is sent from the originator to SMSthe originator to SMS Center, and then on to theCenter, and then on to the recipient.recipient. SMS messages can be upSMS messages can be up to 160 characters lengthto 160 characters length Sent in clear (but differentSent in clear (but different formats).formats).
SMS AttacksSMS Attacks Instructions to SIM Message Body Instructions to HandSet Instructions to SMSC Instructions to Air Interface sms packet Broken UDHBroken UDH ((user data hdr) in an sms message caused crash inuser data hdr) in an sms message caused crash in some Nokia phones. It required the user to put its SIM into a non-some Nokia phones. It required the user to put its SIM into a non- affected phone and delete the offending message.affected phone and delete the offending message. Spoofing SMS MessagesSpoofing SMS Messages :: Originating Address field can beOriginating Address field can be arbitrarily set to anything.arbitrarily set to anything. The applications using sms should take care of authenticationThe applications using sms should take care of authentication and also encrypt their messages !and also encrypt their messages !
ConclusionsConclusions ProsPros  It's the most secure cellular telecommunication system availableIt's the most secure cellular telecommunication system available todaytoday (2-2.5G)(2-2.5G)  Good framework for reasonably secure communicationsGood framework for reasonably secure communications  The security model has minimal impact on manufacturersThe security model has minimal impact on manufacturers SIM – keys,A3,A8,etcSIM – keys,A3,A8,etc SIM Toolkit – additional SIM functionalitySIM Toolkit – additional SIM functionality Mobile Equipment – A5Mobile Equipment – A5  The future - 3GPP :The future - 3GPP : the design is publicthe design is public mutual authentication (EAP-SIM Authentication), key-length increased,mutual authentication (EAP-SIM Authentication), key-length increased, security within and between networks, etc.security within and between networks, etc.
Conclusions (cont.)Conclusions (cont.) ConsCons  Security by ObscuritySecurity by Obscurity  Only access security – doesn't provide end-to-end securityOnly access security – doesn't provide end-to-end security  GSM Security is broken at many levels, vulnerable toGSM Security is broken at many levels, vulnerable to numerous attacksnumerous attacks  Even if security algorithms are not broken, the GSMEven if security algorithms are not broken, the GSM architecture will still be vulnerable to attacks from inside orarchitecture will still be vulnerable to attacks from inside or attacks targeting the operator's backboneattacks targeting the operator's backbone  No mutual authenticationNo mutual authentication  Confidential information requires additional encryptionConfidential information requires additional encryption over GSMover GSM
ReferencesReferences GSM Association, http://www.gsmworld.comGSM Association, http://www.gsmworld.com M. Rahnema, “Overview of the GSM System and Protocol Architecture”,M. Rahnema, “Overview of the GSM System and Protocol Architecture”, IEEE Communication Magazine, April 1993IEEE Communication Magazine, April 1993 L. Pesonen, “GSM Interception”, November 1999L. Pesonen, “GSM Interception”, November 1999 J.Rao, P. Rohatgi, H. Scherzer, S. Tinguely, “Partitioning Attack: Or How toJ.Rao, P. Rohatgi, H. Scherzer, S. Tinguely, “Partitioning Attack: Or How to Rapidly Clone Some GSM Cards”, IEEE Symposium on Security andRapidly Clone Some GSM Cards”, IEEE Symposium on Security and Privacy, May 2002.Privacy, May 2002. P.Kocher, J. Jaffe, “Introduction to Differential Power Analysis and RelatedP.Kocher, J. Jaffe, “Introduction to Differential Power Analysis and Related Attacks”, Cryptography Research, 1998Attacks”, Cryptography Research, 1998 S. Babbage, “A Space/Time Trade-off in Exhaustive Search Attacks onS. Babbage, “A Space/Time Trade-off in Exhaustive Search Attacks on Stream Ciphers”, Europian Convention on Security and Detection, IEEStream Ciphers”, Europian Convention on Security and Detection, IEE Conference publication, No. 408, May 1999.Conference publication, No. 408, May 1999. A. Biryukov, A. Shamir, D. Wagner, “Real Time Cryptanalysis of A5/1 on aA. Biryukov, A. Shamir, D. Wagner, “Real Time Cryptanalysis of A5/1 on a PC”, Preproceedings of FSE ‘7, pp. 1-18, 2000PC”, Preproceedings of FSE ‘7, pp. 1-18, 2000 ISAAC, University of California, Berkeley, “GSM Cloning”,ISAAC, University of California, Berkeley, “GSM Cloning”, http://www.isaac.cs.berkeley.edu/iChansaac/gsm-faq.htmlhttp://www.isaac.cs.berkeley.edu/iChansaac/gsm-faq.html S. Chan, “An Overview of Smart Card Security”,S. Chan, “An Overview of Smart Card Security”, http://home.hkstar.com/~alanchan/papers/smartCardSecurity/http://home.hkstar.com/~alanchan/papers/smartCardSecurity/
Thank You !

Recommended

Programmable PN Sequence Generators
Programmable PN Sequence GeneratorsProgrammable PN Sequence Generators
Programmable PN Sequence GeneratorsRajesh Singh
 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
 
Agilent ADS 模擬手冊 [實習2] 放大器設計
Agilent ADS 模擬手冊 [實習2] 放大器設計Agilent ADS 模擬手冊 [實習2] 放大器設計
Agilent ADS 模擬手冊 [實習2] 放大器設計Simen Li
 
Usage, Performance and Future Of PL1 at NRB Benoit Ebner
Usage, Performance and Future Of PL1 at NRB Benoit EbnerUsage, Performance and Future Of PL1 at NRB Benoit Ebner
Usage, Performance and Future Of PL1 at NRB Benoit EbnerNRB
 
Digital Modulation
Digital Modulation Digital Modulation
Digital Modulation Ridwanul Hoque
 
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計Simen Li
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
Siphon
SiphonSiphon
SiphonUniversität Rostock
 

Recommended

Programmable PN Sequence Generators
Programmable PN Sequence GeneratorsProgrammable PN Sequence Generators
Programmable PN Sequence GeneratorsRajesh Singh
 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
 
Agilent ADS 模擬手冊 [實習2] 放大器設計
Agilent ADS 模擬手冊 [實習2] 放大器設計Agilent ADS 模擬手冊 [實習2] 放大器設計
Agilent ADS 模擬手冊 [實習2] 放大器設計Simen Li
 
Usage, Performance and Future Of PL1 at NRB Benoit Ebner
Usage, Performance and Future Of PL1 at NRB Benoit EbnerUsage, Performance and Future Of PL1 at NRB Benoit Ebner
Usage, Performance and Future Of PL1 at NRB Benoit EbnerNRB
 
Digital Modulation
Digital Modulation Digital Modulation
Digital Modulation Ridwanul Hoque
 
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計
Agilent ADS 模擬手冊 [實習1] 基本操作與射頻放大器設計Simen Li
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
Siphon
SiphonSiphon
SiphonUniversität Rostock
 
Theory of Computation Unit 4
Theory of Computation Unit 4Theory of Computation Unit 4
Theory of Computation Unit 4Jena Catherine Bel D
 
Lecture17
Lecture17Lecture17
Lecture17Jjun Tan
 
Code GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principleCode GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principleMarina Kolpakova
 
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power PlantFPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plantdongjidong
 
High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018Zahari Dichev
 
Isaac stream cipher
Isaac stream cipherIsaac stream cipher
Isaac stream cipherAnoop Betigeri
 
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuningB1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuningPei-Che Chang
 
The Enigma and How it was Cracked
The Enigma and How it was CrackedThe Enigma and How it was Cracked
The Enigma and How it was CrackedAkash Chakraborty
 
High-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep LearningHigh-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep LearningIntel Nervana
 
Advd lecture 7 logical effort
Advd lecture 7 logical effortAdvd lecture 7 logical effort
Advd lecture 7 logical effortHardik Gupta
 
555 timer lab projects
555 timer lab projects555 timer lab projects
555 timer lab projectsBien Morfe
 
Ping to Pong
Ping to PongPing to Pong
Ping to PongMatt Provost
 
50 hz lines
50 hz lines50 hz lines
50 hz linesGuido Sterbini
 
Concurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papersConcurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papersSubhajit Sahu
 
An Analysis of Convolution for Inference
An Analysis of Convolution for InferenceAn Analysis of Convolution for Inference
An Analysis of Convolution for InferenceIntel Nervana
 
Bpsk simulation
Bpsk simulationBpsk simulation
Bpsk simulationraji1993
 
Robotics lec7
Robotics lec7Robotics lec7
Robotics lec7Mahmoud Hussein
 
RF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave NetworkRF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave NetworkSimen Li
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms상문 오
 
Lfsr report
Lfsr report Lfsr report
Lfsr report Nandana Priyanka Eluri
 
Gsm Security and Attacks
Gsm Security and AttacksGsm Security and Attacks
Gsm Security and AttacksAbdullah Mohamed
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)Wang Hsiangkai
 

More Related Content

What's hot

Code GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principleCode GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principleMarina Kolpakova
 
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power PlantFPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plantdongjidong
 
High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018Zahari Dichev
 
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuningB1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuningPei-Che Chang
 
The Enigma and How it was Cracked
The Enigma and How it was CrackedThe Enigma and How it was Cracked
The Enigma and How it was CrackedAkash Chakraborty
 
High-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep LearningHigh-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep LearningIntel Nervana
 
Advd lecture 7 logical effort
Advd lecture 7 logical effortAdvd lecture 7 logical effort
Advd lecture 7 logical effortHardik Gupta
 
555 timer lab projects
555 timer lab projects555 timer lab projects
555 timer lab projectsBien Morfe
 
Concurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papersConcurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papersSubhajit Sahu
 
An Analysis of Convolution for Inference
An Analysis of Convolution for InferenceAn Analysis of Convolution for Inference
An Analysis of Convolution for InferenceIntel Nervana
 
Bpsk simulation
Bpsk simulationBpsk simulation
Bpsk simulationraji1993
 
RF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave NetworkRF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave NetworkSimen Li
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms상문 오
 

What's hot (20)

Theory of Computation Unit 4
Theory of Computation Unit 4Theory of Computation Unit 4
Theory of Computation Unit 4
 
Lecture17
Lecture17Lecture17
Lecture17
 
Code GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principleCode GPU with CUDA - Device code optimization principle
Code GPU with CUDA - Device code optimization principle
 
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power PlantFPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
FPS 레벨 디자인_포트폴리오_폭파미션 Nuclear Power Plant
 
High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018High Performance Systems Without Tears - Scala Days Berlin 2018
High Performance Systems Without Tears - Scala Days Berlin 2018
 
Isaac stream cipher
Isaac stream cipherIsaac stream cipher
Isaac stream cipher
 
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuningB1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
B1 b3 b2_row_b20_b28a_and_b28b_tx_load_pull_matching_tuning
 
The Enigma and How it was Cracked
The Enigma and How it was CrackedThe Enigma and How it was Cracked
The Enigma and How it was Cracked
 
High-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep LearningHigh-Performance GPU Programming for Deep Learning
High-Performance GPU Programming for Deep Learning
 
Advd lecture 7 logical effort
Advd lecture 7 logical effortAdvd lecture 7 logical effort
Advd lecture 7 logical effort
 
555 timer lab projects
555 timer lab projects555 timer lab projects
555 timer lab projects
 
Ping to Pong
Ping to PongPing to Pong
Ping to Pong
 
50 hz lines
50 hz lines50 hz lines
50 hz lines
 
Concurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papersConcurrency in Distributed Systems : Leslie Lamport papers
Concurrency in Distributed Systems : Leslie Lamport papers
 
An Analysis of Convolution for Inference
An Analysis of Convolution for InferenceAn Analysis of Convolution for Inference
An Analysis of Convolution for Inference
 
Bpsk simulation
Bpsk simulationBpsk simulation
Bpsk simulation
 
Robotics lec7
Robotics lec7Robotics lec7
Robotics lec7
 
RF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave NetworkRF Circuit Design - [Ch3-1] Microwave Network
RF Circuit Design - [Ch3-1] Microwave Network
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms
 
Lfsr report
Lfsr report Lfsr report
Lfsr report
 

Similar to Gsm attacks

LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)Wang Hsiangkai
 
Advanced Encryption Standard Report
Advanced Encryption Standard ReportAdvanced Encryption Standard Report
Advanced Encryption Standard Reportbrakanjero
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptAbhayGill3
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptRaja Shekar
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptAjayRaj912848
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptraju980973
 
quantumComputers (1).ppt
quantumComputers (1).pptquantumComputers (1).ppt
quantumComputers (1).pptharithasahasra
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptTrushaKyada
 
quantumComputers.pptICICI-An HR perspective
quantumComputers.pptICICI-An HR perspectivequantumComputers.pptICICI-An HR perspective
quantumComputers.pptICICI-An HR perspectiveBenjinkumarNimmala
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.pptAdnan kHAN
 
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdh
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdhhddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdh
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdhzoobiarana76
 
Telecom SS7 basic
Telecom SS7 basicTelecom SS7 basic
Telecom SS7 basicKhem Raj
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Hsien-Hsin Sean Lee, Ph.D.
 
射頻電子 - [第一章] 知識回顧與通訊系統簡介
射頻電子 - [第一章] 知識回顧與通訊系統簡介射頻電子 - [第一章] 知識回顧與通訊系統簡介
射頻電子 - [第一章] 知識回顧與通訊系統簡介Simen Li
 
Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Kshitij Singh
 

Similar to Gsm attacks (20)

Gsm Security and Attacks
Gsm Security and AttacksGsm Security and Attacks
Gsm Security and Attacks
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
 
Advanced Encryption Standard Report
Advanced Encryption Standard ReportAdvanced Encryption Standard Report
Advanced Encryption Standard Report
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers (1).ppt
quantumComputers (1).pptquantumComputers (1).ppt
quantumComputers (1).ppt
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
quantumComputers.pptICICI-An HR perspective
quantumComputers.pptICICI-An HR perspectivequantumComputers.pptICICI-An HR perspective
quantumComputers.pptICICI-An HR perspective
 
quantumComputers.ppt
quantumComputers.pptquantumComputers.ppt
quantumComputers.ppt
 
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdh
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdhhddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdh
hddhdhdhdhdhdhdhdhdhddhddhdhdhdhddhdhdddhdhdh
 
FF and Latches.ppt
FF and Latches.pptFF and Latches.ppt
FF and Latches.ppt
 
3.pdf
3.pdf3.pdf
3.pdf
 
Telecom SS7 basic
Telecom SS7 basicTelecom SS7 basic
Telecom SS7 basic
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
 
射頻電子 - [第一章] 知識回顧與通訊系統簡介
射頻電子 - [第一章] 知識回顧與通訊系統簡介射頻電子 - [第一章] 知識回顧與通訊系統簡介
射頻電子 - [第一章] 知識回顧與通訊系統簡介
 
Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1
 

Recently uploaded

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 

Recently uploaded (20)

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 

Gsm attacks

  • 1. GSM Security OverviewGSM Security Overview (Part 3)(Part 3) Gregory Greenman
  • 2. AgendaAgenda A5 Overview :A5 Overview :  LFSR (Linear Feedback Shift Registers)LFSR (Linear Feedback Shift Registers)  A5/1 DescriptionA5/1 Description Attack on A5 :Attack on A5 :  Space-Time Attacks Overview (Space-Time Attacks Overview (by Babbageby Babbage))  Cryptanalysis of A5/1 (Cryptanalysis of A5/1 (by Shamir, Biryukov, Wagnerby Shamir, Biryukov, Wagner)) Other Attacks on GSMOther Attacks on GSM ConclusionConclusion
  • 3. LFSR structureLFSR structure PurposePurpose -- to produce pseudo random bit sequenceto produce pseudo random bit sequence Consists of two parts :Consists of two parts :  shift register – bit sequenceshift register – bit sequence  feedback functionfeedback function Tap Sequence :Tap Sequence :  bits that are input to the feedback functionbits that are input to the feedback function bb11 bb22 bb33 bb44 ...... bbn-1n-1 bbnn Feedback Function : XOR output new value
  • 4. LFSR FeaturesLFSR Features LFSR Period –LFSR Period – the length of the output sequencethe length of the output sequence before it starts repeating itself.before it starts repeating itself. n-bit LFSR can be in 2n-bit LFSR can be in 2nn -1 internal states-1 internal states  the maximal period is also 2the maximal period is also 2nn -1-1 the tap sequence determines the periodthe tap sequence determines the period the polynomial formed by a tap sequence plusthe polynomial formed by a tap sequence plus 1 must be a primitive polynomial (mod 2)1 must be a primitive polynomial (mod 2)
  • 5. LFSRLFSR Example :Example : xx1212 +x+x66 +x+x44 +x+1 corresponds to LFSR of length 12+x+1 corresponds to LFSR of length 12 bb11 b2 b3 bb44 b5 bb66 b7 b8 b9 b10 b11 bb1212
  • 6. A5/1 OverviewA5/1 Overview A5/1 is a stream cipher, which is initialized allA5/1 is a stream cipher, which is initialized all over again for every frame sent.over again for every frame sent. Consists of 3 LFSRs of 19,22,23 bits length.Consists of 3 LFSRs of 19,22,23 bits length. The 3 registers are clocked in a stop/goThe 3 registers are clocked in a stop/go fashion using the majority rule.fashion using the majority rule. “Cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you.” - Ian Cassells, a former Bletchly Park cryptanalyst.
  • 7. 1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 clock control 18 17 16 0 21 20 0 02122 20 C3 C2 C1 R2 R1 R3 11 0 0 10 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 1 0 0 1
  • 8. A5/1 : OperationA5/1 : Operation All 3 registers are zeroedAll 3 registers are zeroed 64 cycles (without the stop/go clock) :64 cycles (without the stop/go clock) :  Each bit of K (lsb to msb) is XOR'ed in parallel intoEach bit of K (lsb to msb) is XOR'ed in parallel into the lsb's of the registersthe lsb's of the registers 22 cycles (without the stop/go clock) :22 cycles (without the stop/go clock) :  Each bit of FEach bit of Fnn (lsb to msb) is XOR'ed in parallel into(lsb to msb) is XOR'ed in parallel into the lsb's of the registersthe lsb's of the registers 100 cycles with the stop/go clock control,100 cycles with the stop/go clock control, discarding the outputdiscarding the output 228 cycles with the stop/go clock control which228 cycles with the stop/go clock control which produce the output bit sequence.produce the output bit sequence.
  • 9. The ModelThe Model The internal state of A5/1 generator is the state of allThe internal state of A5/1 generator is the state of all 64 bits in the 3 registers, so there are 264 bits in the 3 registers, so there are 26464 -1 states.-1 states. The operation of A5/1 can be viewed as a stateThe operation of A5/1 can be viewed as a state transition :transition : S0 S1 S2 St k0 k2k1 kt Standard attack assumes the knowledge of about 64Standard attack assumes the knowledge of about 64 output bits (64 bits →2output bits (64 bits →26464 different sequences).different sequences).
  • 10. Space/Time Trade-Off AttackSpace/Time Trade-Off Attack II Get keystream bits kGet keystream bits k11,k,k22,…,k,…,kM+nM+n and prepare Mand prepare M subsequences :subsequences : k1,…,kn k2, …,kn+1 … kM,…,kn+M M • generate random state Si • generate n-bit keystream • look for it in the prepared keystream subsequences
  • 11. Space/Time Trade-Off AttackSpace/Time Trade-Off Attack IIII Select R random states SSelect R random states S11,..,S,..,SRR and for eachand for each state generate an n-bit keystreamstate generate an n-bit keystream S1 : k1,1 … k1,n S2 : k2,1 … k2,n … SR : kR,1 … kR,n R • Get keystream bits k1,k2, …,kM+n and prepare M subsequences • Look for a prepared state
  • 12. Shamir/Biryukov Attack OutlineShamir/Biryukov Attack Outline 2 disks (73 GB) and 2 first minutes of the conversation2 disks (73 GB) and 2 first minutes of the conversation are needed. Can find the key in less than a second.are needed. Can find the key in less than a second. This attack based on the second variation of theThis attack based on the second variation of the space/time tradeoff.space/time tradeoff. There are n = 2There are n = 26464 total statestotal states A – the set of prepared states (and relevant prefixes)A – the set of prepared states (and relevant prefixes) B – the set of states through which the algo. proceedsB – the set of states through which the algo. proceeds The main idea :The main idea :  Find stateFind state ss in A∩ B (the states are identified by prefix)in A∩ B (the states are identified by prefix)  Run the algorithm in the reverse directionRun the algorithm in the reverse direction
  • 13. Biased Birthday AttackBiased Birthday Attack Birthday paradox : A ∩ BBirthday paradox : A ∩ B ≠≠ oo if |A| ∙ |B| ≈ nif |A| ∙ |B| ≈ n Each state is chosen for A with probability PEach state is chosen for A with probability PAA(s) and for B(s) and for B with probability Pwith probability PBB(s). Then, the intersection will not be(s). Then, the intersection will not be empty ifempty if ΣΣss PPAA(s) ∙ P(s) ∙ PBB(s) ≈ 1(s) ≈ 1 The idea is to choose the states from A and B with 2The idea is to choose the states from A and B with 2 non-uniformnon-uniform distributions that have correlation betweendistributions that have correlation between themthem
  • 14. Disk StorageDisk Storage state prefix The prefixes can be sorted and thus serve as indices into the states array The registers are small, we can precompute all their states and store them in 3 cyclic arrays But, for each state we can store only two bits : the clock bit and the output bit (I, j, k) At each step we only have to know which of the three indices should be incremented. This could be implemented by a precomputed table with 3 input bits (clocks) and the increment vector as the output. No shift operations ! c1 c2 c3 inc1 inc2 inc3 0 1 0 1 1 0 State Transition :
  • 15. Special StatesSpecial States Disk access is very time-consuming!Disk access is very time-consuming! Keep on disk (set A) only those states, which produce aKeep on disk (set A) only those states, which produce a sequence that starts with a certain patternsequence that starts with a certain pattern αα, |, | αα| = k| = k Access the disk only whenAccess the disk only when αα is encounteredis encountered 22kk prefixes can start withprefixes can start with αα, so we reduce the number of, so we reduce the number of total possible states (n) by 2total possible states (n) by 2kk and the number of diskand the number of disk access times by 2access times by 2kk . The size of A, however, is unchanged,. The size of A, however, is unchanged, and we only insert the states that satisfy the conditionand we only insert the states that satisfy the condition there. Thus, we don't miss intersectionsthere. Thus, we don't miss intersections..
  • 16. Generation of Special StatesGeneration of Special States Choose from all 2Choose from all 26464 states the needed 2states the needed 24848 ??  It's too time-consuming and unrealistic.It's too time-consuming and unrealistic. The solution is to generate them :The solution is to generate them : C3 C2 C1 11 bits 12 bits 19 bits 11 bits 11 bits 241 chosen bits Each register moves approximately ¾ of the cycles.
  • 17. Reversing A5/1Reversing A5/1 Forward state transition is deterministic …Forward state transition is deterministic … In the reverse direction could be up to 4 predecessorsIn the reverse direction could be up to 4 predecessors (majority clock control).(majority clock control). Example :Example : 101 010 101 C3 C2 C1 What was the clock majority bit at the previous round ? Here we see that there are no predecessors !
  • 18. Estimations …Estimations … We need 5 bytes per state to store on disk (73 G), so we canWe need 5 bytes per state to store on disk (73 G), so we can afford 146afford 146 ∙∙ 223030 /5 = 2/5 = 23535 statesstates We use 51 bit length prefixes (16 first bits areWe use 51 bit length prefixes (16 first bits are αα)) How many times willHow many times will αα be encountered in the data ?be encountered in the data ?  there are 228 bits of data, that is, 177 (there are 228 bits of data, that is, 177 (228-51228-51) "relevant offsets") "relevant offsets"  2 minutes of operation, that is, 1202 minutes of operation, that is, 120 ∙∙ 1000/4.5 frames1000/4.5 frames  22-16-16 is the fraction of all possible states which start withis the fraction of all possible states which start with αα  so, the number of occurrences is 2so, the number of occurrences is 2-16-16 ∙∙ 177177 ∙∙ 120120 ∙∙ 1000/4.5 ≈ 711000/4.5 ≈ 71
  • 19. Tree ExplorationTree Exploration A state isA state is redred if the sequence of output bits produced from theif the sequence of output bits produced from the statestate startsstarts withwith αα. There are 2. There are 24848 red states.red states. A state isA state is greengreen if the sequence produced from the stateif the sequence produced from the state containscontains anan αα--occurrence between bit positions 101 – 277occurrence between bit positions 101 – 277 There are 177There are 177 ∙∙ 224848 green statesgreen states We can assume that the short path (of length 277 ) will containWe can assume that the short path (of length 277 ) will contain only one occurrence ofonly one occurrence of αα, so the mapping is many-to-1, so the mapping is many-to-1 red : green :α α
  • 20. Tree Exploration IITree Exploration II The set of relevant states can be viewed as a collectionThe set of relevant states can be viewed as a collection of disjoint trees with red state as the root and the rest ofof disjoint trees with red state as the root and the rest of nodes are green states.nodes are green states. We're interested in trees with green states at levelsWe're interested in trees with green states at levels 101-277. The weight of tree, W(s) is the number of green101-277. The weight of tree, W(s) is the number of green states at those levels.states at those levels. sequence generatio n reverse direction
  • 21. Tree Exploration IIITree Exploration III It is experimentally found that W(s) has highly non-It is experimentally found that W(s) has highly non- uniform distribution :uniform distribution :  85% of the trees die before reaching the level 10085% of the trees die before reaching the level 100  15% of the trees have 1 ≤ W(s) ≤ 260015% of the trees have 1 ≤ W(s) ≤ 2600 Choose 2Choose 23535 states (biased probability) with particularlystates (biased probability) with particularly heavy trees (average weightheavy trees (average weight 1250012500) from overall of 2) from overall of 24848 red statesred states The expected number of collisions :The expected number of collisions : 235 ∙ 12500 ∙ 71 177 ∙ 248 ≈ 0.61
  • 22. Tree Exploration IVTree Exploration IV Heavy trees → large number of green state candidates?Heavy trees → large number of green state candidates?  We know the exact location ofWe know the exact location of αα in the sequence, so we knowin the sequence, so we know the exact depth in the tree.the exact depth in the tree.  The trees are narrow, so the total number of states we'll haveThe trees are narrow, so the total number of states we'll have to check is less than 100 !to check is less than 100 !
  • 23. Attack SummaryAttack Summary DueDue to frequent reinitialization (for every new frame),to frequent reinitialization (for every new frame), it's possible to efficiently run the algorithm backwardsit's possible to efficiently run the algorithm backwards (328 steps).(328 steps). Poor choice of the clocking taps.Poor choice of the clocking taps. Each one of the registers is so small that it's possible toEach one of the registers is so small that it's possible to precompute all its states.precompute all its states.
  • 24. Attacks on Signaling NetworkAttacks on Signaling Network The transmissions are encrypted only between MS andThe transmissions are encrypted only between MS and BTS. After the BTS, the protocols between MSC andBTS. After the BTS, the protocols between MSC and BSCBSC ((BSSAPBSSAP)) and inside the operator's networkand inside the operator's network ((MAPMAP)) are unencrypted, allowing anyone who has access to theare unencrypted, allowing anyone who has access to the signaling system to read or modify the data on the fly !signaling system to read or modify the data on the fly ! So, the SS7 signaling network is completely insecure.So, the SS7 signaling network is completely insecure. The attacker can gain the actual phone call, RAND &The attacker can gain the actual phone call, RAND & SRES…SRES…
  • 25. Attacks on Signaling NetworkAttacks on Signaling Network If the attacker can access the HLR, s/he will be able toIf the attacker can access the HLR, s/he will be able to retrieve the Kretrieve the Kii for all subscribers of that particularfor all subscribers of that particular network.network.
  • 26. Retrieving KRetrieving Kii over Airover Air The KThe Kii key can be retrieved from SIM over the air :key can be retrieved from SIM over the air :  MS is required to respond to every challenge made by GSMMS is required to respond to every challenge made by GSM network (there is no authentication of BTS).network (there is no authentication of BTS).  Attack based on differential cryptanalysis could take 8-15Attack based on differential cryptanalysis could take 8-15 hours and require that the signal from the legitimate BTS behours and require that the signal from the legitimate BTS be disabled for that time, but it's still real …disabled for that time, but it's still real … The same attack could be applied to AuCThe same attack could be applied to AuC  It also has to answer the requests made by the GSM networkIt also has to answer the requests made by the GSM network  It's much faster than SIMIt's much faster than SIM
  • 27. SMS ArchitectureSMS Architecture SMS is a "store andSMS is a "store and forward" message systemforward" message system  the message is sent fromthe message is sent from the originator to SMSthe originator to SMS Center, and then on to theCenter, and then on to the recipient.recipient. SMS messages can be upSMS messages can be up to 160 characters lengthto 160 characters length Sent in clear (but differentSent in clear (but different formats).formats).
  • 28. SMS AttacksSMS Attacks Instructions to SIM Message Body Instructions to HandSet Instructions to SMSC Instructions to Air Interface sms packet Broken UDHBroken UDH ((user data hdr) in an sms message caused crash inuser data hdr) in an sms message caused crash in some Nokia phones. It required the user to put its SIM into a non-some Nokia phones. It required the user to put its SIM into a non- affected phone and delete the offending message.affected phone and delete the offending message. Spoofing SMS MessagesSpoofing SMS Messages :: Originating Address field can beOriginating Address field can be arbitrarily set to anything.arbitrarily set to anything. The applications using sms should take care of authenticationThe applications using sms should take care of authentication and also encrypt their messages !and also encrypt their messages !
  • 29. ConclusionsConclusions ProsPros  It's the most secure cellular telecommunication system availableIt's the most secure cellular telecommunication system available todaytoday (2-2.5G)(2-2.5G)  Good framework for reasonably secure communicationsGood framework for reasonably secure communications  The security model has minimal impact on manufacturersThe security model has minimal impact on manufacturers SIM – keys,A3,A8,etcSIM – keys,A3,A8,etc SIM Toolkit – additional SIM functionalitySIM Toolkit – additional SIM functionality Mobile Equipment – A5Mobile Equipment – A5  The future - 3GPP :The future - 3GPP : the design is publicthe design is public mutual authentication (EAP-SIM Authentication), key-length increased,mutual authentication (EAP-SIM Authentication), key-length increased, security within and between networks, etc.security within and between networks, etc.
  • 30. Conclusions (cont.)Conclusions (cont.) ConsCons  Security by ObscuritySecurity by Obscurity  Only access security – doesn't provide end-to-end securityOnly access security – doesn't provide end-to-end security  GSM Security is broken at many levels, vulnerable toGSM Security is broken at many levels, vulnerable to numerous attacksnumerous attacks  Even if security algorithms are not broken, the GSMEven if security algorithms are not broken, the GSM architecture will still be vulnerable to attacks from inside orarchitecture will still be vulnerable to attacks from inside or attacks targeting the operator's backboneattacks targeting the operator's backbone  No mutual authenticationNo mutual authentication  Confidential information requires additional encryptionConfidential information requires additional encryption over GSMover GSM
  • 31. ReferencesReferences GSM Association, http://www.gsmworld.comGSM Association, http://www.gsmworld.com M. Rahnema, “Overview of the GSM System and Protocol Architecture”,M. Rahnema, “Overview of the GSM System and Protocol Architecture”, IEEE Communication Magazine, April 1993IEEE Communication Magazine, April 1993 L. Pesonen, “GSM Interception”, November 1999L. Pesonen, “GSM Interception”, November 1999 J.Rao, P. Rohatgi, H. Scherzer, S. Tinguely, “Partitioning Attack: Or How toJ.Rao, P. Rohatgi, H. Scherzer, S. Tinguely, “Partitioning Attack: Or How to Rapidly Clone Some GSM Cards”, IEEE Symposium on Security andRapidly Clone Some GSM Cards”, IEEE Symposium on Security and Privacy, May 2002.Privacy, May 2002. P.Kocher, J. Jaffe, “Introduction to Differential Power Analysis and RelatedP.Kocher, J. Jaffe, “Introduction to Differential Power Analysis and Related Attacks”, Cryptography Research, 1998Attacks”, Cryptography Research, 1998 S. Babbage, “A Space/Time Trade-off in Exhaustive Search Attacks onS. Babbage, “A Space/Time Trade-off in Exhaustive Search Attacks on Stream Ciphers”, Europian Convention on Security and Detection, IEEStream Ciphers”, Europian Convention on Security and Detection, IEE Conference publication, No. 408, May 1999.Conference publication, No. 408, May 1999. A. Biryukov, A. Shamir, D. Wagner, “Real Time Cryptanalysis of A5/1 on aA. Biryukov, A. Shamir, D. Wagner, “Real Time Cryptanalysis of A5/1 on a PC”, Preproceedings of FSE ‘7, pp. 1-18, 2000PC”, Preproceedings of FSE ‘7, pp. 1-18, 2000 ISAAC, University of California, Berkeley, “GSM Cloning”,ISAAC, University of California, Berkeley, “GSM Cloning”, http://www.isaac.cs.berkeley.edu/iChansaac/gsm-faq.htmlhttp://www.isaac.cs.berkeley.edu/iChansaac/gsm-faq.html S. Chan, “An Overview of Smart Card Security”,S. Chan, “An Overview of Smart Card Security”, http://home.hkstar.com/~alanchan/papers/smartCardSecurity/http://home.hkstar.com/~alanchan/papers/smartCardSecurity/