The document discusses the Digital Enhanced Cordless Telecommunications (DECT) standard. It provides details on:
- The DECT authentication process which uses a challenge-response mechanism along with encryption keys to authenticate devices.
- Known security issues with DECT including vulnerabilities in the authentication algorithms that allow impersonating devices or decrypting encrypted calls with little resources.
- Research by the deDECTed project which was able to reverse engineer the DECT authentication algorithms and identify practical attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Learn the latest about the DASH7 open source firmware project, OpenTag, with support for new DASH7 capabilities like RTLS, better sensor and security support, and bitrates of up to 200kbps.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Learn the latest about the DASH7 open source firmware project, OpenTag, with support for new DASH7 capabilities like RTLS, better sensor and security support, and bitrates of up to 200kbps.
A Glimpse into Developing Software-Defined Radio by PythonAlbert Huang
Software-defined radio~(SDR) has been emerging for many years in
various fields, including military, commercial communication
systems, and scientific research, e.g. space exploration. GNU Radio
is an open source SDR framework written in Python. This talk will introduce from basic concept of software-defined radio and various
front-end hardware, and then illustrate how to use Python to develop
SDR.
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
Discussion of solutions for SDI to PCIe that enables up to 4 bi-directional channels of 1080p Video. Including an examination of applications, challenges and benefits associated with implementing PCIe-based systems, and a discussion of a video framework that simplifies hardware design for video systems with a PCIe-based design.
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
Design and implementation of sdr based qpsk transceiver using fpgaTarik Kazaz
Software-defined radio (SDR) technology enables
implementation of wireless devices that support multiple air interfaces and modulation formats, which is very important
if consider the proliferation of wireless standards. To enable such functionality SDR is using reconfigurable hardware platform such as Field Programmable Gate Array (FPGA). In this paper, we present design procedure and implementation result of SDR based QPSK modulator on Altera Cyclone IV FPGA. For design and implementation of QPSK modulator we used Altera DSP
Builder Tool combined with Matlab/Simulink, Modelsim and
Quartus II design tools. As reconfigurable hardware platform
we used Altera DE2-115 development and education board with
AD/DA daughter card. Software and Hardware-in-the-loop (HIL)
simulation was conducted before hardware implementation and
verification of designed system. This method of design makes
implementation of SDR based modulators simpler ad faster.
Index Terms—SDR, FPGA, QPSK, DSP Builder, NCO, RRC
JESD204B Survival Guide: Practical JESD204B Technical Information, Tips, and ...Analog Devices, Inc.
Free downloadable PDF book for analog and FPGA designers. The guide provides an introduction to JESD204B – the new data converter interface standard – and explains why JESD204B is important, how it is used with high-speed A/D and D/A converters as well as providing trouble shooting tips and how-to articles. By Analog Devices, Inc.
by Analog Devices, Inc. - the World’s Data Converter Market Share Leader
How TCP/IP attacks can be applied in satellite communications. Interesting example on how to achieve anonymous Internet connection using DVB and some tricks. Presented in
A Glimpse into Developing Software-Defined Radio by PythonAlbert Huang
Software-defined radio~(SDR) has been emerging for many years in
various fields, including military, commercial communication
systems, and scientific research, e.g. space exploration. GNU Radio
is an open source SDR framework written in Python. This talk will introduce from basic concept of software-defined radio and various
front-end hardware, and then illustrate how to use Python to develop
SDR.
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
Discussion of solutions for SDI to PCIe that enables up to 4 bi-directional channels of 1080p Video. Including an examination of applications, challenges and benefits associated with implementing PCIe-based systems, and a discussion of a video framework that simplifies hardware design for video systems with a PCIe-based design.
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
Design and implementation of sdr based qpsk transceiver using fpgaTarik Kazaz
Software-defined radio (SDR) technology enables
implementation of wireless devices that support multiple air interfaces and modulation formats, which is very important
if consider the proliferation of wireless standards. To enable such functionality SDR is using reconfigurable hardware platform such as Field Programmable Gate Array (FPGA). In this paper, we present design procedure and implementation result of SDR based QPSK modulator on Altera Cyclone IV FPGA. For design and implementation of QPSK modulator we used Altera DSP
Builder Tool combined with Matlab/Simulink, Modelsim and
Quartus II design tools. As reconfigurable hardware platform
we used Altera DE2-115 development and education board with
AD/DA daughter card. Software and Hardware-in-the-loop (HIL)
simulation was conducted before hardware implementation and
verification of designed system. This method of design makes
implementation of SDR based modulators simpler ad faster.
Index Terms—SDR, FPGA, QPSK, DSP Builder, NCO, RRC
JESD204B Survival Guide: Practical JESD204B Technical Information, Tips, and ...Analog Devices, Inc.
Free downloadable PDF book for analog and FPGA designers. The guide provides an introduction to JESD204B – the new data converter interface standard – and explains why JESD204B is important, how it is used with high-speed A/D and D/A converters as well as providing trouble shooting tips and how-to articles. By Analog Devices, Inc.
by Analog Devices, Inc. - the World’s Data Converter Market Share Leader
How TCP/IP attacks can be applied in satellite communications. Interesting example on how to achieve anonymous Internet connection using DVB and some tricks. Presented in
Going to digital DAA eliminates analog laser clipping, which has gotten much worse during COVID-19 with our DOCSIS networks being more congested than ever before.
Discussion of some of the predicted advances in the coming years in software defined radio (SDR) in the amateur radio market. Also are some insights in how radios are designed.
Hardware Accelerated Software Defined Radio Tarik Kazaz
Advanced 5G wireless infrastructure should support any-to-any connectivity between densely arranged smart objects that form the emerging paradigm known as the Internet of Everything (IoE). While traditional wireless networks enable communication between devices using a single technology, 5G networks will need to support seamless connectivity between heterogeneous wireless objects, and consequently enable the proliferation of IoE networks. To tackle the complexity and versatility of the future IoE networks, 5G has to guarantee optimal usage of both spectrum and energy resources and further support technology-agnostic connectivity between objects. This can be realized by combining intelligent network control with adaptive software-defined air interfaces. In order to achieve this, current radio technology paradigms like Cloud RAN and Software Defined Radio (SDR) utilize centralized baseband signal processing mainly performed in software. With traditional SDR platforms, composed of separate radio and host commodity computer units, computationally-intensive signal processing algorithms and high-throughput connectivity between processing units are hard to realize. In addition, significant power consumption and large form factor may preclude any real-life deployment of such systems. On the other hand, modern hybrid FPGA technology tightly couples a FPGA fabric with hard core CPU on a single chip. This provides opportunities for implementing air interfaces based on hardware/software co-processing, resulting in increased processing throughput, reduced form factor and power consumption, while at the same time preserving flexibility. This paper examines how hybrid FPGAs can be combined with novel ideas such as RF Network-on-Chip (RFNoC) and partial reconfiguration, to form a flexible and compact platform for implementing low-power adaptive air interfaces. The proposed platform merges software and hardware processing units of SDR systems on a single chip. Therefore, it can provide interfaces for on-the-fly composition and reconfiguration of software and hardware radio modules. The resulting system enables the abstraction of air interfaces, where each access technology is composed of a structured sequence of modular radio processing units.
[HES2014] HackRF A Low Cost Software Defined Radio Platform by Benjamin VernouxHackito Ergo Sum
The HackRF project is developing an open source design for a low cost Software Defined Radio (SDR) transceiver platform. SDR technology allows a single piece of equipment to implement virtually any wireless technology (Bluetooth, GSM, ZigBee, etc.), and we hope the availability of a low cost SDR platform will revolutionize wireless communication security research and development
throughout the information security community.
Official web site: http://greatscottgadgets.com/hackrf/
Official github: https://github.com/mossmann/hackrf
https://www.hackitoergosum.org
DDS over Low Bandwidth Data Links - Connext Conf London October 2014Jaime Martin Losa
DDS (Data Distribution Service) over Low Bandwidth Data Links: Tactical Radios, Satellite, etc.
DDS implementations are widely used in defense and aerospace applications, being common to use very low bandwitdh data links.
This presentation explain how to achieve good performance in these scenarios.
A complete ppt for network connectors and interface standards. Modems with types and version are also added in it. utility of cable modem alongwith null modem are described in it. a useful presentation for persons looking for networking devices at physical layer.
Yet another talk :)
This time in a lecture called “Markup Languages und Anwendungen”
Went pretty ok, but as usual I talked a little bit too fast ^_^
http://www.marc-seeger.de
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
4. Usage My personal security concerns
Babyphones ¯(º_o)/¯
Wireless ISDN O_o
Telephones Ò_ó
Emergency Call Systems :-/
Door opening systems :-O
Wireless EC-Cardreaders X-/
Traffic control systems X-O
5. Before (analog): CT1(+), CT2
ETSI Standard: 1992
Audio codec: G.726
Net bit rate: 32 kbit/s
GFSK
Frequency:
1880 MHz–1900 MHz in Europe
◦
1900 MHz-1920 MHz in China
◦
1910 MHz-1930 MHz in Latin America
◦
1920 MHz–1930 MHz in the US
◦
Average transmission power:
◦ 10 mW (250 mW peak) in Europe
◦ 4 mW (100 mW peak) in the US
6. PP (portable part)
FP (fixed part)
RFP (radio fixed part)
A DECT system:
• 1 DECT Fixed Part (FP)
• 1+ radio fixed part (RFPs)
• 1+ DECT Portable Parts (PPs)
8. HDB
FP (Local
PP
RFP
network)
PP = Portable Part
FP = Fixed Part
RFP = Radio Fixed Part
HDB = Home Database
9. VDB HDB
PP
RFP
FP (Local
network)
RFP
Global network
FP (Local
network)
PP = Portable Part
FP = Fixed Part
RFP = Radio Fixed Part
VDB = Visitor Database
HDB = Home Database
10. Frequency division multiple access (FDMA)
Channel 1
Frequency 10 (1,728 kHz spacing) in Europe
Channel 2
Range 5 (1,728 kHz spacing) in the US
Channel 3
Channel 4
Time division multiple access (TDMA)
Channel 2
User User User
1 2 3
Time division duplex (TDD)
Channel 2
User User User
User User User
1 2 3
1 Up 2 Up 3 Up
Down Down Down
Time slots: 2 x 12 (up and down stream)
11. Generic Access (GAP)
◦ mandatory minimum requirement for all DECT voice
telephony equipment as from October 1997
Radio in the Local Loop applications (RAP)
◦ the “last mile”
ISDN and GSM interworking (GIP).
…
13. PP (phone)
Radio: Passive in idle mode
Scanning for pages
Scanning and making a list of channels avg.
RSSI < every 30 seconds
Synchronizing with base station
Selecting best carrier/slot-combination for
communication and opening a connection
Initiating encryption
14. When authenticating with an FP, the PP
receives a unique 20 Bit identifier called TPUI
(Temporary User Identity).
This TPUI is used when the FP uses paging
because of incoming calls
15.
16. digital radio access technology
◦ Eavesdropping
◦ Third party accesses equipment
◦ Man-in-the middle attack
18. „DSAA“ = DECT Standard Authentication
Algorithm
Subscriber and base station share an
authentication key after first „pairing“
challenge + response
19.
20. DSC = DECT Standard Cipher
During authentication, both sides also
calculate a cipher key.
This key is used to de/encrypt data sent over
the air.
The ciphering process is part of the DECT
standard (but not mandatory).
23. Initial pairing of the FP with the PP
Special „pairing mode“
User has to enter PIN on FP and PP
=> shared secret for DSAA
Key allocation results in a 128 bit secret key
„UAK“ = User Authentication Key
24. A11, A12, A21, A22
A11 + A12
◦ Authentication of PP
◦ Generation of UAK: User Authentication Key (GAP)
◦ Key generation for DSC
A21 + A22
◦ Authentication of FP
And:
Algorithms were a secret
28. If encryption is enabled, signaling and data
will be XOR„ed with the output of the DSC
Streamcipher
Receiver
Sender
⊕
⊕ DATA
encrypred data
DATA
DSC
DSC
29.
30. At this moment, members of the the project are people of the
following entities:
Chaos Computer Club (Munich, Trier)
TU-Darmstadt Germany
University of Luxembourg
Bauhaus-Universität Weimar Germany
and some individuals:
krater Andreas Schuler
mazzoo Matthias Wenzel
Erik Tews
Ralf-Philipp Weinmann (University of Luxembourg)
kaner Christian Fromme
H. Gregor Molter
Harald Welte
31. Problems:
Stations not synced
◦
No Source/Dest Fields in Packets
◦
No Information when PP opens connection
◦
Descrambling requires Framenumber
◦
32. Can capture all packets on a channel
CPU requirements are high (2 GHz+ CPU required)
Time multiplexing is difficult to handle
Sending frames is not supported
Costs : 1000 EUR
33. Can capture all packets on a
channel
Can scan for stations or active calls
Can sync on stations and dump
active calls
CPU requirements low
Sending frames supported soon
Costs : 23 EUR
34. Solution: reverse engineer:
Removing case
◦
Searching datasheets
◦
Reversing Windows driver
◦
Find firmware image
◦
Try to activate hardware
◦
Upload firmware to chip
◦
Wait for interrupts
◦
36. If there is no ciphering
capture and record audio data
Userspace utility scans for an active call and
tracks the first one found
Packets are recorded to a pcap file
The file can later be played with an audio
player
Total costs for the attack: 23 EUR.
37. Even when a phone supports encryption,
most phones will not abort connection if base
station does not
Calls can be rerouted (and recorded)
Implementation requires attacker to enter
RFPI of base station to impersonate and IPUI
of phone to accept
Total costs for this attack: 23 EUR.
38.
39.
40. A12, A21, and A22 are just simple wrappers around A11
◦ A11 just returns the whole output of DSAA, without any further
modification.
◦ A21 behaves similar to A11, but here, every second bit of the
output is inverted, starting with the first bit of the output.
◦ A22 just returns the last 4 bytes of output of DSAA as RES.
◦ A12 is similar to A22, except here, the middle 8 bytes of DSAA are
returned too, as DCK.
A11 takes a 128 bit key and a 64 bit random number to
generate a 128 bit output
A11 uses four different block ciphers we call cassable to
generate the output
41. Grepping for XORs in firmware files
256 unique bytes in all of them
42. Thanks to the software implementations, it is now known that:
43. Other things we learned:
cassable is a substitution permutation type network
input is 64 bit
key is 64 bit
output is 64 bit
internal state also has 64 bit
for key scheduling, a bit permutation is used
each variant of cassable only differs in this bit permutation
to add the round key, ⊕ is used
a single cassable invocation does 6 rounds in total
each round consists of
a key addition (⊕)
◦
S-box application
◦
one of three different mixing functions
◦
No final key addition ( only 5 relevant rounds)
◦
44. No final key addition at the end, reduces strength to
five effective rounds
At first look, full diffusion after three rounds
However, full diffusion only after four rounds
Attacks:
◦ S-Box allows linear cryptanalysis for 2-3 rounds versions
◦ Practical algebraic attacks possible up to 3 rounds version
of cassable
◦ A differential attack possible on the full cipher with about
16 chosen input-output pairs and computational effort
compareable to 2^37 invocations of cassable (before: 2^65)
However, this has no direct impact on DSAA so far
47. From the ETSI non-disclosure agreement for
the DSC:
◦ Not to register, or attempt to register, any IPR
(patents or the like rights) relating to the DSC and
containing all or part of the INFORMATION.quot;
U.S. Patent 5,608,802, registered by Alcatel,
originally registered in Spain in 1993:
◦ A data ciphering device that has special application
in implementing Digital European Cordless
Telephone (DECT) standard data ciphering
algorithm [...]quot;
48. 3 irregularly clocked LFSRs (2 or 3) of length
17,19,21
1 regularly clocked LFSR (3) of length 23
key setup: load key, then 40 blank steps
(irregularly clocked)
check whether register is zero after 11 steps,
load 1 into every zero register
LFSR:
50. NSC/SiTel SC144xx CPUs have commands to save
internal state in DIP memory (11 bytes)
DIP memory can be read from host
Can load/save state after and before pre-
ciphering (D LDS; D WRS)
Single-step through key loading to determine
feedback taps
Isolate subset of bits determining clocking
differentially in pre-ciphering
Interpolate clocking function (it's linear actually,
could've seen that with bare eyes)
Output combiner is still missing at the moment
51. Looks like A5
Attacks not directly transferable
Not attack available yet, looking pretty good
though
54. uint16_t counter ; „Randomness“
uint8_t xorvalue ;
void next_rand ( uint8_t *rand )
{
int i;
for (i = 0; i < 8; i ++) {
rand [i] = ( counter >>i) ^ xorvalue ;
}
xorvalue += 13;
}
55. Grab two challenge-response „pairs“
(RS,RAND_F,RES)
Iterate over all 4-digit PINs:
3 * 2^35 DSAA operations
Assume 0000 PIN:
2^24 DSAA operations
(50 secs on an Intel C2D 2.4GHz)
56. BAD:
Jabra: “DECT provides high protection against unauthorized access” Whitepapaer
OK:
dect.org
Good:
dedected.org
„Attacks on the DECT authentication mechanisms“
Stefan Lucks, Andreas Schuler, Erik Tews, Ralf-Philipp Weinmann, and
Matthias Wenzel
Chaosradio Express Folge 102 : Der DECT Hack: http://chaosradio.ccc.de/cre102.html
25C3 Talk :https://dedected.org/trac/wiki/25C3
BSI: Drahtlose lokale Kommunikationssysteme und ihre Sicherheitsaspekte