Hello,
I was reading about tethering security when I came across this article in this link on the net.
http://www.bit-tech.net/news/2008/02/25/gsm_encryption_broken/1
An important part of the text is reproduced below.
"GSM encryption comes in four flavours: A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much; A5/1 is the fairly robust 'default' encryption implementation used in the EU and the USA; A5/2 is a weakened version of A5/1 offered to countries the distributors have no strong feelings about but which the government may want to keep its eye on; A5/3 is a newcomer to the scene, offering a more robust scheme than A5/1 but currently not implemented for anyone who doesn't work for a three-letter-agency."
I am curious to know, what security do we use in India? I could not get exact details on the net. Is the security of GSM equipment pre-set by foreign manufacturers (read: their Govts.) or do we as Indians have some say to modify it?
On Sun, Jan 30, 2011 at 12:34 PM, Rony gnulinuxist@gmail.com wrote:
I am curious to know, what security do we use in India? I could not get exact details on the net. Is the security of GSM equipment pre-set by foreign manufacturers (read: their Govts.) or do we as Indians have some say to modify it?
Which phone do you have? There are utilities that let you monitor network (E.g. Current base station/transmit power/encryption etc).
Mostly these are "commercial" decisions. Spectrum is a precious commodity in India, so companies choose things that optimize spectrum utilization. Sometimes ,that means no encryption.
Mostly these parts of network management are outsourced to companies like Alcatel or Nokia-Siemens.
For Govt, it does not matter. Since they trap calls at switches, traffic is not encrypted at that level.
-Shamit
2011/1/30 Shamit Verma subs.linux.mum@vshamit.com:
For Govt, it does not matter. Since they trap calls at switches, traffic is not encrypted at that level.
Unless there is handset-handset transport encryption. Like Blackberry, Skype etc. - that GoI doesn't seem to like at all.
Binand
On Sun, Jan 30, 2011 at 1:56 PM, Binand Sethumadhavan binand@gmail.comwrote:
Unless there is handset-handset transport encryption. Like Blackberry, Skype etc. - that GoI doesn't seem to like at all.
That does not apply to voice on GSM. Even is call is made from Blackberry, or it is made from Skype to a GSM endpoint, its no encrypted on at switch layer.
Only data traffic can be encrypted (including calls made using VOIP).
-Shamit
2011/1/30 Shamit Verma subs.linux.mum@vshamit.com:
Unless there is handset-handset transport encryption. Like Blackberry, Skype etc. - that GoI doesn't seem to like at all.
That does not apply to voice on GSM. Even is call is made from Blackberry, or it is made from Skype to a GSM endpoint, its no encrypted on at switch layer.
Only data traffic can be encrypted (including calls made using VOIP).
Yes, that is what's getting GoI's attention - if two people have Skype on their mobiles and use that to talk to each other exclusively, then there is no sniffing possible (as opposed to, had the same two people used regular GSM voice call). GoI, in PM/PC's world, would like to know what each person is upto at every moment.
Binand
On Sunday 30 January 2011 12:34:22 Rony wrote:
Hello,
I was reading about tethering security when I came across this article in this link on the net.
http://www.bit-tech.net/news/2008/02/25/gsm_encryption_broken/1
An important part of the text is reproduced below.
"GSM encryption comes in four flavours: A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much; A5/1 is the fairly robust 'default' encryption implementation used in the EU and the USA; A5/2 is a weakened version of A5/1 offered to countries the distributors have no strong feelings about but which the government may want to keep its eye on; A5/3 is a newcomer to the scene, offering a more robust scheme than A5/1 but currently not implemented for anyone who doesn't work for a three-letter-agency."
I am curious to know, what security do we use in India?
A5/2 Both A5/1 and 2 are broken and has been cracked in realtime using an arm processor and standard Motorola phones http://www.osmocom.org
Besides as pointed out in the thread, only data can be encrypted. Voice has to be transcoded with tighter compression for transport on the backbone, before the process being reversed going back on the air. Transcoding is lossy. Also every carrier has different compression algos on their backbone, hence encrypting voice will result in garbage at the backbone and consequently garbage at the reciever.
Ofcourse legacy phones did not have the horsepower to encrypt and decrypt in realtime anyway - other than the standard algo that is. That is not the case now. But due to the backbone requirements, one would have to make a V110 call (facsimile frames), do compression with low bandwidth codec, encrypt this and use the saved bandwidth for the overhead of the cipher stream.
I could not get exact details on the net. Is the security of GSM equipment pre-set by foreign manufacturers (read: their Govts.) or do we as Indians have some say to modify it?
You could in principle modify it. But that would require all providers in India agreeing, using only handsets with the new capability and would yet leave you vulnerable for traffic outside India.
On Sunday 30 January 2011 07:26 PM, jtd wrote:
On Sunday 30 January 2011 12:34:22 Rony wrote:
Hello,
I was reading about tethering security when I came across this article in this link on the net.
http://www.bit-tech.net/news/2008/02/25/gsm_encryption_broken/1
An important part of the text is reproduced below.
"GSM encryption comes in four flavours: A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much; A5/1 is the fairly robust 'default' encryption implementation used in the EU and the USA; A5/2 is a weakened version of A5/1 offered to countries the distributors have no strong feelings about but which the government may want to keep its eye on; A5/3 is a newcomer to the scene, offering a more robust scheme than A5/1 but currently not implemented for anyone who doesn't work for a three-letter-agency."
I am curious to know, what security do we use in India?
A5/2 Both A5/1 and 2 are broken and has been cracked in realtime using an arm processor and standard Motorola phones http://www.osmocom.org
Besides as pointed out in the thread, only data can be encrypted. Voice has to be transcoded with tighter compression for transport on the backbone, before the process being reversed going back on the air. Transcoding is lossy. Also every carrier has different compression algos on their backbone, hence encrypting voice will result in garbage at the backbone and consequently garbage at the reciever.
Ofcourse legacy phones did not have the horsepower to encrypt and decrypt in realtime anyway - other than the standard algo that is. That is not the case now. But due to the backbone requirements, one would have to make a V110 call (facsimile frames), do compression with low bandwidth codec, encrypt this and use the saved bandwidth for the overhead of the cipher stream.
I could not get exact details on the net. Is the security of GSM equipment pre-set by foreign manufacturers (read: their Govts.) or do we as Indians have some say to modify it?
You could in principle modify it. But that would require all providers in India agreeing, using only handsets with the new capability and would yet leave you vulnerable for traffic outside India.
Thanks for the information JTD and others. What surprised me a little was the technology 'apartheid' towards non-US/EU nations. The Western company bosses and their Govts. decide what security level we must have in our own country to suit their requirements, as if they are giving equipment free or at a discount. We (Indian companies) pay through our noses in foreign currency for latest equipment, pay for the foreign engineers' luxurious stay in India and at the end of it all we are getting technology like donations.
On 1 February 2011 23:13, Rony gnulinuxist@gmail.com wrote:
Thanks for the information JTD and others. What surprised me a little was the technology 'apartheid' towards non-US/EU nations. The Western company bosses and their Govts. decide what security level we must have in our own country to suit their requirements, as if they are giving equipment free or at a discount. We (Indian companies) pay through our noses in foreign currency for latest equipment, pay for the foreign engineers' luxurious stay in India and at the end of it all we are getting technology like donations.
Perfect analysis. This is what is bothering all people (who worry about Indian standing in technology). We (or rather our Government), even now, are thinking of making a 4 bit micro-controller. There is no Indian company that has an ARM or MIPS license and have even the vanilla processor -- despite the ability of many. This is not jingoism and I am happy using a processor made elsewhere, but unfortunately this makes us beggars of technology even in other areas used in large projects. Be this the industrial controls for Reliance or Tata Motors or the network infrastructure for GSM or 3G. It has to start somewhere and the race will only get tougher (money involved and sustainability).
Anyways, enough of the rant ...
-Akshay
On Wednesday 02 February 2011 00:20:35 Akshay Mishra wrote:
On 1 February 2011 23:13, Rony gnulinuxist@gmail.com wrote:
Thanks for the information JTD and others. What surprised me a little was the technology 'apartheid' towards non-US/EU nations. The Western company bosses and their Govts. decide what security level we must have in our own country to suit their requirements, as if they are giving equipment free or at a discount. We (Indian companies) pay through our noses in foreign currency for latest equipment, pay for the foreign engineers' luxurious stay in India and at the end of it all we are getting technology like donations.
Perfect analysis. This is what is bothering all people (who worry about Indian standing in technology). We (or rather our Government), even now, are thinking of making a 4 bit micro-controller.
We had a fab known as SCL (Chandigarh) that made 6502 when that device had already been "obsoleted". Ofcourse these devices dont really become obsolete, but alongwith the 6502 one needs several other flavours of ayleast the same family, besides additional devices like ram, rom, plds etc.
There is no Indian company that has an ARM or MIPS license and have even the vanilla processor -- despite the ability of many.
There are perfectly useable freecores -Mico32 is one such.
This is not jingoism and I am happy using a processor made elsewhere, but unfortunately this makes us beggars of technology even in other areas used in large projects. Be this the industrial controls for Reliance or Tata Motors or the network infrastructure for GSM or 3G. It has to start somewhere and the race will only get tougher (money involved and sustainability).
The irony is that many of the devices are developed in India for AMD, TI, AD etc. But these are standing on the shoulders of these companies' previous systems (more on this later).
The problem is far more complex than technical though. Without opening up all markets - financial,Technical, agriculture, insurance, education, etc nothing will change. Indian companies can make hughe profits with no risk, milking the markets protected by the government. Why will they invest in high risk technical ventures.
Ofcourse the government can act as incubators. But our government is a poor imitation of the raj, inheriting all it's worst charecteristics. The nuclear and space tech depts, where we are within striking distance of achieving self sufficiency, can be sponsors of open hardware.
I had pinned much hope on the NRC foss labs experiment, hoping to use it for open hardware hacking innovations. Dr. Nagarjuna and myself have been thinking on a such a setup, filled with low cost open hardware - fpgas, digital scopes, logic analyser, jtag stuff, makerbots. Everything streamed online 24/7. Come to the lab and join in creating knowledge. You live in dehradun - logon on to gnoweldge.org and participate. All the initial tools and designs are available as FOSS tools. Infact they are superior to commercial tools ten times more expensive.
Once we get something off the ground (the recent Marvel and notepad hacks were very promising), we could approach all sorts of component manufacturers for providing us devices and samples.
It would enable teachers to pickup some real understanding and skills and join the dots between theory, practice and products.
My nephew could not understand a microprocessor, merely as an abstract set of instructions and some real rubbish in the text book. (actually the link between gates, flipflops and instruction sets). Ofcourse showing him the ttl alu project on the web with a 8085 simulator cured him in 2 hours. The ttl alu project should be a compulsory part of ALL courses connected with electronics, software or microprocessors. without a understanding of the fundamental principles, how the hell will they understand anything at all.
I was shocked to know that the Menta kit is still in vogue and is not complimented by simulators, debuggers and disassemblers. At Xaviers I saw some oscilloscopes (i think they were philips) in use. Even if these were low cost, one could build far superior stuff at half the price, not to mention the learning and easy maintanece that would automatically accompany these.
Apparently time stood still since 1977.
TI, AD, Intel etc built themselves by adding money to academic research. Innovations happened in the university and government labs (a little was in the defence related labs), both of which were easily accessible.
Our research institutions seem to be cloistered and more intent on "commercialisation" than innovation and knowledge creation. In which case they shoukd be asked to pay commercial rates for all the infrstructure and earn their daily wages and perks just like the rest of us.
-
Akshay Mishra -
Binand Sethumadhavan -
jtd -
Rony -
Shamit Verma