[2498] in cryptography@c2.net mail archive
Re: TIME Magazine on GSM cell phone crack
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Apr 14 10:21:07 1998
In-Reply-To: <Pine.GSO.3.96.980414110050.559B-100000@pandora.cryptsoft.com>
Date: Mon, 13 Apr 1998 21:51:49 -0800
To: marc@cryptsoft.com, Steve Bellovin <smb@research.att.com>
From: Bill Frantz <frantz@netcom.com>
Cc: Marc Horowitz <marc@cygnus.com>, Declan McCullagh <declan@well.com>,
cryptography@c2.net
At 5:03 PM -0800 4/13/98, Marc Briceno wrote:
>On Mon, 13 Apr 1998, Steve Bellovin wrote:
>> The attack as carried out requires physical access to the SIM. It's
>> an open question if an active attack -- that is, with a radio transmitter
>> impersonating a base station -- would succeed. A critical question is
>> the rate at which challenges can be sent -- given the timing, it's
>> probably not practical except by concerted attack.
>
>Since I am not a radio engineer, I would love to hear the opinion of
>someone who is. How fast could a rogue base station collect challenge
>resonse pairs?
At 4:53 PM -0800 4/13/98, Steve Bellovin wrote:
>The attack requires over 4000 challenge/response pairs; using the
>hard-wired reader, that took 8 hours. There's a quadratic factor
>in there, so the probability of a break is not linear in the time
>spent.
My question is how many challenge/response pairs are needed to pare the
keysize down enough to make brute force a reasonable attack?
-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
