GSM cracking

Download Report

Transcript GSM cracking

GSM cracking
●
Introduction
GSM cracking
Scope of this lecture
●
A (very) brief tour of GSM
●
The Cryptography
●
How it's possible to crack it
●
What's required
●
A demonstration
●
Summary
GSM basics
GSM basics
●
Infrastructure
●
Protocols
GSM acronym soup
●
SIM
●
MS, BTS, BSC
●
ARFCN
●
MSISDN
●
IMSI & TMSI
●
FDMA, TDMA, bursts
Cryptography
●
Ki is the shared secret - held on the SIM and the network HLR
●
A3 authentication algorithm (Ki + RAND → SRES)
●
A8 key generation algorithm (Ki + RAND → Kc)
●
A5 encryption algorithm to protect 'air' interface MS ↔ BTS
●
SIM contains the IMSI, Ki, A3 and A8 algorithms
●
64-bit session key - the Kc
How it's possible to crack it
A5/1 stream cipher weaknesses
●
Length of the key - can create rainbow tables
●
Predictability - known plain-text
How easy is it to crack?
“… the GSM call has to be identified and recorded from the
radio interface. *…+ we strongly suspect the team developing the
intercept approach has underestimated its practical complexity. A
hacker would need a radio receiver system and the signal
processing software necessary to process the raw radio data.” –
GSMA, Aug.‘09
The cracking time-line
How easy is it to crack in the real world?
●
2009 26C3 “GSM SRSLY?” - Karsten Nohl & Chris Paget
http://www.youtube.com/watch?v=9K4EDAF5OlM
●
2010 27C3 “Wideband GSM sniffing” - Karsten Nohl, Sylvain
Munaut
http://www.youtube.com/watch?v=ZrbatnnRxFc
●
2010 osmocomBB development
●
2011 optimized rainbow tables available
What's required
(GSM knowledge), tools, programming:
●
OsmocommBB: Open Source MObile COMunications – BaseBand
“OsmocomBB implements the GSM protocol stack's three lowest OSI Layers of
the client side GSM protocol and device drivers. The protocol layers forming
the kernel exists on the baseband processor, typically consisting of an ARM
processor and a digital signal processor.” (wikipedia)
Building on the work done on OpenBSC (libosmocore), using available
datasheets of 'Calypso' chipset.
●
A cracking server (“Kraken”) with downloaded Rainbow Tables
●
Programming the “missing link” tools
osmocomBB components
●
osmocon, binary firmware, mobile, other apps
Project branches:
●
'testing', 'gsmmap', 'burst_ind'
Demo - the cracking stages
●
Information gathering
●
Identifying targets and networks
●
Sniffing bursts
(Vodaphone 0615 082 728)
(T-Mobile 0648 312 976)
●
Session key cracking
●
Data reassembly
Current state
●
Cracking with RTL-SDR (Software Defined Radio)
http://domonkos.tomcsanyi.net/
http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobeand-wireshark/
●
The public release of code & tools?
●
Hackvision MatrixX (?)
Summary
●
How and why GSM is vulnerable
●
Knowledge, Tools, Programming to crack it
●
Precomputed rainbow lookup tables
●
Hardware
●
Risk and mitigation for Users
●
Risk and mitigation for Network Operators
●
Questions?
gsmmap output example
Cell ID: 204_4_002A_1164
<000e> cell_log.c:248 Cell: ARFCN=29 PWR=-63dB MCC=204 MNC=04 (Netherlands, Vodafone)
Cell ID: 204_16_015E_0D26
<000e> cell_log.c:248 Cell: ARFCN=1004 PWR=-59dB MCC=204 MNC=16 (Netherlands, T-Mobile)
Cell ID: 204_8_1190_C6F3
<000e> cell_log.c:248 Cell: ARFCN=8 PWR=-83dB MCC=204 MNC=08 (Netherlands, KPN)
Cell ID: 204_21_0001_48C7
<000e> cell_log.c:248 Cell: ARFCN=968 PWR=-82dB MCC=204 MNC=21 (Netherlands, NS
Railinfrabeheer B.V.)