2

It appears that GSM is like any other technology, and is only as secure as its implementation.

What implementations are known to be secure or insecure due to a fault on the implementor's side, or due to the Moore's law and the ability to easily crack the underlying encryption?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • Are you mainly concerned with voice confidentiality? Are there other issues you are interested in such as voice service availability, integrity of data on the handset, confidentiality of the data on the handset, etc – this.josh Jun 22 '11 at 06:58
  • @this.josh - I'm mostly interested in data-in-transport, not data-at-rest. I'm sure data at rest will be a natural followup; but should be easily discoverable. – makerofthings7 Jun 23 '11 at 16:47

1 Answers1

2

The situation is worse than that. Various political forces led to GSM being weaker than it should have been, and as is often the case with proprietary technologies, the security engineering of GSM was flawed. Both the A5/1 and A5/2 stream ciphers have been broken, and there are weaknesses in the latest, KASUMI (aka A5/3), despite indications that they knew better than that. So it seems that any compliant implementation puts users at risk. This much is clear from GSM - Wikipedia

nealmcb
  • 20,544
  • 6
  • 69
  • 116
  • Great information, but I don't think it really answers the question. Do you consider no implementation of GSM to be relatively more secure than any other? You could even be more specific by considering only base stations, or base stations that are only UMTS versus combination GSM (2G) and UMTS. – this.josh Jun 20 '11 at 06:05
  • this.josh - Indeed. If I knew enough to compare implementations, I'd be happy to answer, but this is what I have to offer, and it shows the limits of even good implementations. – nealmcb Jun 22 '11 at 04:33