GSM cracking
advertisement
GSM cracking ● Introduction GSM cracking Scope of this lecture ● A (very) brief tour of GSM ● The Cryptography ● How it's possible to crack it ● What's required ● A demonstration ● Summary GSM basics GSM basics ● Infrastructure ● Protocols GSM acronym soup ● SIM ● MS, BTS, BSC ● ARFCN ● MSISDN ● IMSI & TMSI ● FDMA, TDMA, bursts Cryptography ● Ki is the shared secret - held on the SIM and the network HLR ● A3 authentication algorithm (Ki + RAND → SRES) ● A8 key generation algorithm (Ki + RAND → Kc) ● A5 encryption algorithm to protect 'air' interface MS ↔ BTS ● SIM contains the IMSI, Ki, A3 and A8 algorithms ● 64-bit session key - the Kc How it's possible to crack it A5/1 stream cipher weaknesses ● Length of the key - can create rainbow tables ● Predictability - known plain-text How easy is it to crack? “… the GSM call has to be identified and recorded from the radio interface. *…+ we strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data.” – GSMA, Aug.‘09 The cracking time-line How easy is it to crack in the real world? ● 2009 26C3 “GSM SRSLY?” - Karsten Nohl & Chris Paget http://www.youtube.com/watch?v=9K4EDAF5OlM ● 2010 27C3 “Wideband GSM sniffing” - Karsten Nohl, Sylvain Munaut http://www.youtube.com/watch?v=ZrbatnnRxFc ● 2010 osmocomBB development ● 2011 optimized rainbow tables available What's required (GSM knowledge), tools, programming: ● OsmocommBB: Open Source MObile COMunications – BaseBand “OsmocomBB implements the GSM protocol stack's three lowest OSI Layers of the client side GSM protocol and device drivers. The protocol layers forming the kernel exists on the baseband processor, typically consisting of an ARM processor and a digital signal processor.” (wikipedia) Building on the work done on OpenBSC (libosmocore), using available datasheets of 'Calypso' chipset. ● A cracking server (“Kraken”) with downloaded Rainbow Tables ● Programming the “missing link” tools osmocomBB components ● osmocon, binary firmware, mobile, other apps Project branches: ● 'testing', 'gsmmap', 'burst_ind' Demo - the cracking stages ● Information gathering ● Identifying targets and networks ● Sniffing bursts (Vodaphone 0615 082 728) (T-Mobile 0648 312 976) ● Session key cracking ● Data reassembly Current state ● Cracking with RTL-SDR (Software Defined Radio) http://domonkos.tomcsanyi.net/ http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobeand-wireshark/ ● The public release of code & tools? ● Hackvision MatrixX (?) Summary ● How and why GSM is vulnerable ● Knowledge, Tools, Programming to crack it ● Precomputed rainbow lookup tables ● Hardware ● Risk and mitigation for Users ● Risk and mitigation for Network Operators ● Questions? gsmmap output example Cell ID: 204_4_002A_1164 <000e> cell_log.c:248 Cell: ARFCN=29 PWR=-63dB MCC=204 MNC=04 (Netherlands, Vodafone) Cell ID: 204_16_015E_0D26 <000e> cell_log.c:248 Cell: ARFCN=1004 PWR=-59dB MCC=204 MNC=16 (Netherlands, T-Mobile) Cell ID: 204_8_1190_C6F3 <000e> cell_log.c:248 Cell: ARFCN=8 PWR=-83dB MCC=204 MNC=08 (Netherlands, KPN) Cell ID: 204_21_0001_48C7 <000e> cell_log.c:248 Cell: ARFCN=968 PWR=-82dB MCC=204 MNC=21 (Netherlands, NS Railinfrabeheer B.V.)
