30 December 2009

Spin It All You Want

I started this blog about a year ago with a posting on my visit to 25C3, the Chaos Computer Club's annual congress in Berlin. This year, I missed 26C3. I spent most of the month of November traveling and I will spend nearly half of January on the road. I'm spending December at home.

One of the many things I missed this year was Karsten Nohl's presentation of a public-participation attack on A5/1, the "better" encryption used in GSM systems. I've seen this reported in dozens of different venues in the last few days, including the AP wire story in my own local print newspaper. Most of them offer a confused, half-assed description of what Dr. Nohl did followed by some bit of unchallenged spin from the GSMA. It was typical mass-media coverage, where every story has exactly two sides and the reporter understands neither. (There were are few exceptions, but not many.)

For those who are confused, here's the basic story. An efficient A5/1 cracking algorithm has been known for some time, based on a large pre-computed table called a "rainbow table". What Dr. Nohl did was organize a public-participation project to generate a rainbow table and make it publicly available. He also described a hypothetical intercept device based on readily available hardware and software components, one that could probably be built for $20k-$30k.

The GSMA's response to this, to first say that Dr. Nohl's work is irrelevant and then to say that it is illegal, shows us is that the marketeers and MBAs who make up the GSMA don't understand much about technology, security or the law. Conveniently, someone else has already blogged most of what I am thinking right here. Furthermore, describing a hypothetical system is not illegal. Lots of governments distribute documents that will tell you how to build all manner of intelligence equipment. They are called "patents". What Dr. Nohl did, in patent terminology, was offer a "preferred embodiment", which is not the same as actually building something, using it, or offering it to the public.

Lots of people have cracked A5/1 in private and most of them, you can be sure, never announced it publicly. What Dr. Nohl did was crack it out in the open, largely to prove just how easy it was. You can be sure that if any large organization, criminal or otherwise, wanted to crack A5/1, it has been within their ability for several years now and you can wager that many already have. The GSMA finds it more convenient to ignore that, since fixing the problem would require the cellular carriers who make up that organization to spend billions of dollars upgrading their equipment. It's a lot cheaper to try to intimidate a young mathematician by calling him a criminal in the newspapers. Well played, GSMA.

01 December 2009

Rest Octets are an Abomination

In Harald Welte's recent blog, I see that he is adding rest octets to the system information messages in OpenBSC. We will eventually do the same for OpenBTS. I have implemented GSM rest octets in other systems in the past, but I am eager to look at Harald's code to see if his approach is cleaner than any of my old schemes.

And rest octets are an abomination. I just have to get that on the record: an abomination.