Entry Driessen:2013:ESA from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Driessen:2013:ESA,
  author =       "Benedikt Driessen and Ralf Hund and Carsten Willems
                 and Christof Paar and Thorsten Holz",
  title =        "An experimental security analysis of two satphone
                 standards",
  journal =      j-TISSEC,
  volume =       "16",
  number =       "3",
  pages =        "10:1--10:??",
  month =        nov,
  year =         "2013",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2535522",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon Dec 9 11:22:22 MST 2013",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/cryptography2010.bib;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "General-purpose communication systems such as GSM and
                 UMTS have been in the focus of security researchers for
                 over a decade now. Recently also technologies that are
                 only used under more specific circumstances have come
                 into the spotlight of academic research and the hacker
                 scene alike. A striking example of this is recent work
                 [Driessen et al. 2012] that analyzed the security of
                 the over-the-air encryption in the two existing ETSI
                 satphone standards GMR-1 and GMR-2. The firmware of
                 handheld devices was reverse-engineered and the
                 previously unknown stream ciphers A5-GMR-1 and A5-GMR-2
                 were recovered. In a second step, both ciphers were
                 cryptanalized, resulting in a ciphertext-only attack on
                 A5-GMR-1 and a known-plaintext attack on A5-GMR-2. In
                 this work, we extend the aforementioned results in the
                 following ways: First, we improve the proposed attack
                 on A5-GMR-1 and reduce its average-case complexity from
                 $2^{32}$ to $2^{21}$ steps. Second, we implement a
                 practical attack to successfully record communications
                 in the Thuraya network and show that it can be done
                 with moderate effort for approximately \$5,000. We
                 describe the implementation of our modified attack and
                 the crucial aspects to make it practical. Using our
                 eavesdropping setup, we recorded 30 seconds of our own
                 satellite-to-satphone communication and show that we
                 are able to recover Thuraya session keys in half an
                 hour (on average). We supplement these results with
                 experiments designed to highlight the feasibility of
                 also eavesdropping on the satphone's emanations. The
                 purpose of this article is threefold: Develop and
                 demonstrate more practical attacks on A5-GMR-1,
                 summarize current research results in the field of
                 GMR-1 and GMR-2 security, and shed light on the amount
                 of work and expertise it takes from setting out to
                 analyze a complex system to actually break it in the
                 real world.",
  acknowledgement = ack-nhfb,
  articleno =    "10",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries