AUTONOMOUS UNIVERSITY OF NUEVO

LEÓN

FACULTY OF MECHANICAL AND ELECTRICAL

ENGINEERING

Informatic security

Prepare a report of a practical example of Cryptography

Name: Leslie Guadalupe Cuellar Ontiveros

Registration: 1670894

Time: N6

Day: Mon, Wed, Fri

Room: 1204

Eng. Pedro Fabián Carrola

 San Nicolás de los Garza, Nuevo León, November 10, 2019

Introduction

In this practical cryptography report we will base ourselves on a symmetrical GSM

technique for mobile phones known as substitution, which shows us that the sender
wants to send a document or message to the receiver in such a way that it replaces them
with the information that they want to send, with in order to communicate information
without it being detected with the naked eye, its concept and how it works will be
described below.
Cryptography symmetrical GSM for mobile

The way symmetric cryptography works is as follows: the sender wants to send a
document to the receiver. It takes that document and applies the symmetric algorithm to
it, using the unique key that the recipient also knows. The result is an encrypted
document that can now be sent safely. When the recipient receives this encrypted
document, they apply the same algorithm with the same key, but now to decrypt it. If the
encrypted document has not been altered along the way and the key is the same, the
original document will be obtained.

History

GSM or global system for mobile communications from the English Global System for
Mobile communications, and originally from the French Groupe Spécial Mobile, is a
standard system for digital mobile telephone communication. It could be said that this
system is a 2G by symmetry with the nomenclature of the most modern and currently
used systems, the so-called 3G, third generation and the new 4G, fourth generation, even
the first steps for 5G are already beginning to be taken. .
A user who has a phone with GSM technology, which today all mobile phones have this
technology and use this signal when there is no 4G or 3G coverage, can connect through
their phone to make calls with digital technology and not analogue. As was the case with
the previous system, the 1G system, improving the signal and quality of communication,
can also send and receive messages, both SMS and MMS, check your email inbox, send
and receive faxes, browse the Internet, access to a company's computer network, local
network/Intranet, as well as use other digital data transmission functions. This whole
range of possibilities is something extraordinary considering that, with the previous
system, 1G, apart from being very expensive, only
poor quality analog voice calls could be made, with
background noise.
GSM technology is considered a second generation standard, 2G. Second generation (2G)
mobile systems, combined with GPRS technology, are often called 2.5G, or second and a
half generation. This nomenclature refers to the fact that it is an intermediate technology
between the second (2G) and third (3G) generation of mobile telephony. Its extension to
3G is called UMTS and differs in its higher transmission speed, which can reach up to 7.2
Mbit/s, the use of a slightly different network architecture and, above all, in the use of
different radio protocols such as W-CDMA. Nowadays, 4G technology is being
implemented, which has a higher transmission speed, a speed that can exceed 40 Mbit/s.
We will deal with these technologies in other articles. Now we will focus on GSM
technology.
The entire range of communication possibilities offered by the GSM system would be
compromised if an encryption system had not been developed for these communications.
The possibility of connecting from anywhere with the private data of a company, bank or
organization, even a government, is something very desirable for the end user, but it is
also desirable for the snooper who wants to know what is going on in that company,
organization or government. Therefore, the developers devised an encryption system for
these communications that protected them from outside ears, or at least that is what they
told us was their intention. And I say this because there are researchers who claim that
these protocols are intentionally weak due to the influence of the North American security
agency, the NSA, which demanded the weakness of these protocols to be able to listen to
all conversations easily.
With the advent of mobile telephony, encryption became a necessity. To tap a landline, in
the past you had to physically enter the system, be it the telephone exchange, the
transmission cables or one of the telephones you want to tap. But if we use a mobile
phone, the final part of the conversation, between the node and the mobile, takes place in
the air using microwaves. These can be captured with a suitable receiver and if they are
clear, you can hear them and therefore know what is being said or done.
First generation mobile phones, such as the Moviline system, lacked protection against
eavesdropping. An example of this weakness of the system was the wiretapping of Txiqui
Benegas of the PSOE and its subsequent publication in the media.
The second generation of mobile telephony, 2G or GSM, used more secure digital
technology, because by using digital data transmission the signals can be encrypted as
desired. Also around that date, authentication systems were perfected, so that no one
could clone a mobile phone and impersonate another.
Let us remember that this does not mean that this encryption is encrypted throughout the
call, which is known as point-to-point encryption, but only between the base station, the
node antenna to which the mobile is connected, and the phone. of the user; The rest of
the way, the signal is unencrypted, that is, the authorities can still tap the phones as in the
past at the telephone exchange.
The GSM system was developed by the European Telecommunications Standards Institute
ETSI to provide a common standard for mobile phone systems in Europe, the Americans
were fighting their own wars between protection and the non-protection desires of the
NSA. A set of cryptographic protocols were included to provide both confidentiality and
authentication. They are the following:
 A3 is the authentication algorithm. It is what makes each mobile phone unique. It
identifies the mobile phone and can be associated with the operator's database to
the owner user. It allows, among other things, to know who needs to be charged
for the call.
 A5 is the voice encryption algorithm. Thanks to him, the conversation is
encrypted. This is a streaming algorithm with a 64-bit key. There are two versions,
called A5/1 , and A5/2 ; The latter is the version authorized for export, and
consequently is easier to attack. Currently there is another version, the A5/3 or
KASUMI , which is used in 3G technology.
 A8 It is the algorithm that generates keys for both authentication, A3, and
encryption, A5. Basically, it is a one-way function similar to hash functions, such as
MD5 or SHA-1, that allow digital signatures in electronic documents.
 COMP128 , It is an algorithm that allows A3 and A8 to function. The GSM
specifications allow the use of various types of algorithms such as the “core” of the
 A3 and A8. COMP128 is one of them. It is not the only possible one, but it is one of
the most used.

Every time a GSM technology user makes a call, the following happens: He inserts his PIN

number and then dials the number he wants to call, meanwhile the following steps are
carried out on his mobile:
 Your phone takes a key from the SIM card that is stored inside it. We will call this
key Ki.
 The phone then takes some random data which is exchanged between it and the
nearest base station. This data packet is often called a random seed.
 The key+seed set are transformed using the A3 authentication algorithm. The
result of said transformation is sent to the base station.
 The operator, with its database and this Ki, authenticates the identity of the caller.
That is, it takes the random seed data and the Ki phone key (which are stored at
the disposal of said operator) and verifies the owner and the services contracted
by him.
 If the base station is satisfied with the results of the check, it clears the way for
communication. Take the phone key Ki and another random seed to create a
session key Kc, 64 bits long. This key is used to encrypt the communication, thanks
to the A5 algorithm.

It must be said that every time A3 and A5 are used, A8 intervenes, which is the algorithm
that generates summaries. And that's it. The rest are trivial details: that the receiving
phone has coverage, that you don't run out of battery, that the answering machine
doesn't pick up, etc. But the algorithms have served their purpose. If you want to know
more about the GSM system and its operation you can go to
http://www.qso.cl/Archivos_Publicos/articulos/seg27.htm .
We now focus on the encryption system of the GSM system. We see how the
authentication of the call falls on algorithm A3, while its confidentiality is the task of
algorithm A5. Both algorithms require a key, generated using algorithm A8. In fact,
algorithms A3 and A8 are often treated practically as if they were one.
It turns out that the COMP128 algorithm used by algorithms A3 and A8 was an example,
other algorithms can be used for A3 and A8, but the vast majority of telcos were limited to
implementing COMP128, which was the test algorithm present in the technical
specifications of these two algorithms. That is, they used the algorithm that came as an
example in those specifications. The problem is that at the end of 2009 this COMP128
algorithm was broken and exposed all GSM communications that use this algorithm.
As I have already mentioned, cryptanalysis of mobile communication spread considerably,
since the code book for decrypting GSM calls was published on the Internet by a group of
hackers, who also made public demonstrations of interception equipment that is available
on the Internet. Network for little money. Others copied them and listening to other
people's conversations became almost a hobby.

Also around that year, Karsten Nohl and his partner Sylvain Munaut with a stack of old
Motorola phones demonstrated to the BBC something that one would believe only the
infrastructure of large security agencies could carry out. They demonstrated that the
attack on the GSM system is a reality and not a theory as its designers and operators
claimed.
His tools of the trade are a laptop and a specific model of Motorola phones whose base
operating system, its firmware, had been unraveled and its details published on the
Internet. The programmers used that information to create their own program that allows
them to obtain hidden technical information from cell phone towers. Something that
many can achieve without much effort and break the security of communications.
But the weaknesses of this GSM system did not begin here, attacks on the A3 were already
carried out at the end of the 20th century. Since A3 is the authentication algorithm,
breaking it would allow phones to be cloned, that is, making a third party use the same
phone number as another and charge the latter with the bills. Needless to say,
telecommunications companies would be wary of allowing that to happen.
The process required physical access to the phone, certain computer equipment, and a
phone interaction process lasting about 8 hours with the computers of the time. This
attack required physical access to the mobile phone. That is, you would have to obtain the
phone, interact with it and return it without its owner noticing.
Our SIM card contains an identifier T and a key K.

 That identifier T and the key K appear associated with our contract on the
authentication servers of the operator of which we are clients.
 When we turn on the phone, it connects to the operator's network and requests to
enter with the T identifier. Your authentication server receives the request and
generates a random number A (called a challenge), which sends it to us.
 Once received, on our phone we apply a certain symmetric algorithm on that
number A, using the key K. The result is the number B. We send number B to the
authentication server.
 When he receives it, he also applies the same algorithm with the same key. If the
result is equal to B, it is confirmed that we are the owners of the identifier T. It
assigns us our number 6XX, and we can now make and receive calls.
 If we change phones, it doesn't matter because the number is associated with the
SIM.

Example

Our SIM card

contains an
identifier (mobile-
yeray) and a key
(1234).
This identifier (mobile-yeray) and the key (1234) appear associated with our contract on
the authentication servers of the operator of which we are clients.

When we turn on the phone, it connects to the operator's network and requests to enter
with the identifier (mobile-yeray). Your authentication server receives the request and
generates a random number, which is what we call a challenge, which it sends to us.

Once received, on our phone we apply a certain symmetric algorithm on that number
612122122, using the key (1234). The result is the number 723233233. We send the
number 723233233 to the authentication server.

When he receives it, he also applies the same algorithm with the same key (1234). If the
result is equal to 723233233, it is confirmed that we are the owners of the identifier
(movil-yeray). It assigns us our number 622249303, and we can now make and receive
calls.

Conclusion
As a general conclusion, it can be understood that cryptography is a science to replace
information. In this practical report, it focuses on a special technique of symmetric GSM
cryptography for mobile phones, which showed us an example of how this technique
works. and how it performs the substitution in the numbers in this case in order to alter
the information and so that the owner does not realize that the information was
substituted in a secret way, today this technique is used to send hidden information
within the cell phones of the people

Bibliography
http://www.tierradelazaro.com/criptoanalisis-del-gsm-para-moviles

https://blogdekevindotcom.wordpress.com/2018/01/11/criptografia-simetrica-
autenticacion-de-un-movil-gsm/

https://elinformaticocurioso.wordpress.com/2017/11/29/ejemplo-de-criptografia-
simetrica-es-la-autenticacion-de-un-movil-gsm/