On Sunday 30 January 2011 12:34:22 Rony wrote:
Hello,
I was reading about tethering security when I came across this article in this link on the net.
http://www.bit-tech.net/news/2008/02/25/gsm_encryption_broken/1
An important part of the text is reproduced below.
"GSM encryption comes in four flavours: A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much; A5/1 is the fairly robust 'default' encryption implementation used in the EU and the USA; A5/2 is a weakened version of A5/1 offered to countries the distributors have no strong feelings about but which the government may want to keep its eye on; A5/3 is a newcomer to the scene, offering a more robust scheme than A5/1 but currently not implemented for anyone who doesn't work for a three-letter-agency."
I am curious to know, what security do we use in India?
A5/2 Both A5/1 and 2 are broken and has been cracked in realtime using an arm processor and standard Motorola phones http://www.osmocom.org
Besides as pointed out in the thread, only data can be encrypted. Voice has to be transcoded with tighter compression for transport on the backbone, before the process being reversed going back on the air. Transcoding is lossy. Also every carrier has different compression algos on their backbone, hence encrypting voice will result in garbage at the backbone and consequently garbage at the reciever.
Ofcourse legacy phones did not have the horsepower to encrypt and decrypt in realtime anyway - other than the standard algo that is. That is not the case now. But due to the backbone requirements, one would have to make a V110 call (facsimile frames), do compression with low bandwidth codec, encrypt this and use the saved bandwidth for the overhead of the cipher stream.
I could not get exact details on the net. Is the security of GSM equipment pre-set by foreign manufacturers (read: their Govts.) or do we as Indians have some say to modify it?
You could in principle modify it. But that would require all providers in India agreeing, using only handsets with the new capability and would yet leave you vulnerable for traffic outside India.