[2522] in cryptography@c2.net mail archive
Re: TIME Magazine on GSM cell phone crack
daemon@ATHENA.MIT.EDU (Greg Rose)
Wed Apr 15 19:24:33 1998
To: David Wagner <daw@cs.berkeley.edu>
cc: cryptech@Mcs.Net, cryptography@c2.net
In-reply-to: Your message of Tue, 14 Apr 1998 18:22:46 MST.
<199804150122.SAA02021@joseph.cs.berkeley.edu>
Date: Thu, 16 Apr 1998 08:49:35 +1000
From: Greg Rose <ggr@qualcomm.com>
David Wagner writes:
>As for Mike Rosing's remarks, I suspect he may be thinking of the
>US analog networks (and, to some extent, the digital North American
>systems). For instance, GSM phones don't have any concept of MIN/ESN
>pairs; so far as I know, that's a North American idiosyncracy.
GSM phones do have an ESN (Elecronic Serial
Number). It is an FCC regulation that this be
transmitted clear at some point during a call.
However, in the GSM system, the ESN is not
included in any way in the authentication... in
the IS-41 (North American) systems it is part of
the authentication signature calculation. IS-41
systems seem to be migrating away from this for
future versions though; there was never a
particularly good reason for including it, and
moving SIMs (or equivalent) between phones is
tough with it in there.
>And all those fraud detection expert systems are primarily deployed
>(as far as I can tell) in North American analog networks, where there's
>absolutely no crypto, and fraud is already a massive problem, to the
>tune of > $500 million / year.
Actually, the CTIA reports that it peaked in 1996,
and is now declining in percentage terms. This
information is supposedly on a web page
http://www.wow-com.com which they run, but it is
too java-ish for my liking so I haven't checked it
myself.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
QUALCOMM Australia VOICE: +61-2-9181 4851 FAX: +61-2-9181 5470
Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F
