A Second GSM Cipher Falls

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-hey attack, but experts say it is not the end of the world for Kasumi. Kasumi, also known as A5/3, is the standard cipher used to encrypt communications on 3G GSM networks, and it's a modified version of an older algorithm called Misty.

"This is a nice piece of work. This is breaking the math, not just an implementation," said cryptographer Bruce Schneier. "They found a practical, related key attack. It's not clear whether it can break actual traffic or whether it's useful operationally. Related-key attacks are a form of cryptanalysis that showed up about 10 years ago, but they're rare in the real world because you need the related keys."

As Emergent Chaos points out, this is not necessarily a sky-is-falling moment, but it's not good news either.

"There's never such an attack when you need to throw your stuff in the ocean," Schneier said. We've had practical attacks on SSL, we've had all of these things. I believe it should be fixed, but this shows the process of crypto. And it shows that you don't dink around with crypto. Instead of using the existing cipher they decided to modify it, and by modifying it, they broke it pretty badly. Why not use the existing cipher?"

The group of researchers who developed the new attack includes Orr Dunkelman, Nathan Keller and Adi Shamir, one of the creators of the RSA algorithm.

Back