Sniffing, Decoding and Decryption of GSM Signals Using low cost hardware and Open-source software

Author

Muhammad Talha Choudhry, CUNY City CollegeFollow

Date of Award

2019

Document Type

Thesis

Department

Engineering

First Advisor

Mohamed A. Ali

Keywords

2G Second-generation, A3 Authentication Algorithm, A5 Encryption Algorithm, A8 Key Generation Algorithm, AGCH Access Grant Channel, AMR Adaptive Multi-Rate

Abstract

We have participated in the creation of almost two terabytes of tables aimed at cracking A5/1, the most common ciphering algorithm used in GSM. Given 114-bit of known plaintext, we are able to recover the session key with a hit rate of 19%. The tables are expected to be unique as they provide the best coverage yet known to the authors and research workers and they are the first step in a real-world passive attack against GSM. An initial investigation and analysis into the air interface of GSM were performed, from both a theoretical and practical point of view. These examinations would be essential in order to utilize the downloaded tables in a practical attack. Additionally, a rogue GSM network was built and deployed without enabling ciphering and frequency hopping. This active attack was purely based on opensource software and hardware, implying that real GSM networks could be spoofed with resources available to the general public

Recommended Citation

Choudhry, Muhammad Talha, "Sniffing, Decoding and Decryption of GSM Signals Using low cost hardware and Open-source software" (2019). CUNY Academic Works.
https://academicworks.cuny.edu/cc_etds_theses/870