Prediction of Plaintext in GSM Network Using the SACCH Logical Channel

Document Type : Original Article

Author

University of Tehran

Abstract

The GSM cellular standard is still widely used worldwide. In this standard, the A5 ciphering algorithms are employed for protecting user data. A5/1 and A5/3 are two variants of A5 ciphering algorithms that are proven to be very powerful. Most known attacks on these ciphering algorithms assume some known plaintext data. In this paper, for the first time, a method of plaintext prediction is proposed for the SACCH logical channel. The sequence of downlink SACCH messages is modeled by a first-order Markov chain. Experiments on a real-world network show a 99% success rate. Moreover, the average position of correct plaintext in all predicted plaintexts is equal to 3.21. So, the speed of cipher cracking is around one-third of the speed of an ideal plaintext prediction system.

Keywords

References

[1] Yousef, P. “A Survey and Evaluation of the Current Situation. Institutionen för Systemteknik”; GSM-Security, 2004.##
[2] ETSI “05.02: Multiplexing and Multiple Access on the Radio Path”; Digital Cellular Telecommunications System, 1999.##
[3] ETSI “04.08: Mobile Radio Interface Layer 3 Specification”; Digital Cellular Telecomsmunication Systems 1999.##
[4] Pourebrahim, Y. “Design and Analysis of a New Secure Stream Cipher Algorithm”; Adv. Defence Sci. & Technol. 2014, 5, 81-91.##
[5] Buckley, M. E.; Vutukuri, E. K. “Method and System for Security Enhancement for Mobile Communications”; Google Patents, 2016.##
[6] Biryukov, A.; Shamir, A. “Real Time Cryptanalysis of the Alleged A5/1 on a PC”; Preliminary Draft, http://cryptome.org/a51-bs.htm 1999.##
[7] Biryukov, A.; Shamir, A.; Wagner, D. “Real Time Cryptanalysis of A5/1 on a PC”; Proc. International Workshop on Fast Software Encryption 2000, 1-18.##
 [8] Ekdahl, P.; Johansson, T. “Another Attack on A5/1”; IEEE Trans. Inform. Theor. 2003, 49, 284-289.##
[9] Nohl, K. “Attacking Phone Privacy”; Black Hat USA, 2010, 1-6.##
[10] Bulavintsev, V.; Semenov, A.; Zaikin, O.; Kochemazov, S. “A Bitslice Implementation of Anderson’s Attack on A5/1”; Open Engineering 2018, 8, 7-16.##
[11] Olawski, M. “Security in the GSM Network”; IPSec. PL. Stream ciphers 2011.##
[12] Zhang, B. “Cryptanalysis of GSM Encryption in 2G/3G Networks Without Rainbow Tables”; Proc. Int. Conf. Theory and Application of Cryptology and Information Security, 2019, 428-456.##
[13] ETSI. “04.07: Mobile Radio Interface Signalling Layer 3 General Aspects”; Digital Cellular Telecommunication Systems, 1995.##
[14] ETSI. “04.06: Mobile Station - Base Station System (MS - BSS) Interface Data Link (DL) Layer Specification”; Digital Cellular Telecommunication Systems, 1994.##
[15] ETSI. “04.04: Layer 1 General requirements”; Digital Cellular Telecommunication Systems, 1994.##
[16] ETSI. “05.03: Channel Coding”; Digital Cellular Telecommunications System, 1997.##
[17] Rakhshanfar, M.; Teimouri, M.; HassanShahi, Z. “Implementation of Software Radio Based on PC and FPGA”; Proc. 2008 4th IEEE Int. Conf. Circuits and Systems for Communications 2008, 633-637.##
[18] Heiman, A. “Method and System for Decoding SACCH Control Channels in GSM-Based Systems with Partial Combining”; Google Patents, US20100189201A1, 2012.##

Files

History

  • Receive Date: 06 July 2020
  • Revise Date: 24 August 2020
  • Accept Date: 07 September 2020
  • Publish Date: 23 July 2021

Share

How to cite

Statistics