Catálogo de publicaciones - revistas

Compartir en
redes sociales


ACM Transactions on Information and System Security (TISSEC)

Resumen/Descripción – provisto por la editorial en inglés
TISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
Palabras clave – provistas por la editorial

No disponibles.

Disponibilidad
Institución detectada Período Navegá Descargá Solicitá
No detectada desde nov. 1998 / hasta dic. 2023 ACM Digital Library

Información

Tipo de recurso:

revistas

ISSN impreso

1094-9224

ISSN electrónico

1557-7406

Editor responsable

Association for Computing Machinery (ACM)

País de edición

Estados Unidos

Fecha de publicación

Tabla de contenidos

An experimental security analysis of two satphone standards

Benedikt Driessen; Ralf Hund; Carsten Willems; Christof Paar; Thorsten Holz

<jats:p>General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2.</jats:p> <jats:p> In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 2 <jats:sup>32</jats:sup> to 2 <jats:sup>21</jats:sup> steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations. </jats:p> <jats:p>The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.</jats:p>

Palabras clave: Safety, Risk, Reliability and Quality; General Computer Science.

Pp. 1-30