Project

General

Profile

A51 » History » Version 2

Sascha, 07/13/2012 04:04 PM

1 1 Sascha
h1. A51The A5/1 algorithm is one of the ciphers used in GSM networks. It is used to encrypt both voice and signaling data.
2 1 Sascha
3 1 Sascha
In the GSM network, A5/1 is applied both in the handset and the BTS on the corner of the network. The first phase of communication including radio resource allocation and authentication is unencrypted. Dialing and voice is encrypted.
4 1 Sascha
5 2 Sascha
Take a look at the "wikipedia":http://en.wikipedia.org/wiki/A5/1 page for more information, or view the discussion on [[Backclocking]] A5/1 for a comprehensive discussion of A5/1.
6 1 Sascha
7 1 Sascha
The table that is generated is a kind of rainbow table. These data structures can be used to reverse one way functions. The one way function that we are trying to reverse is:
8 1 Sascha
9 1 Sascha
a mapping from the internal state of the A5/1 algorithm (64 bits) to the first 64 bits of keystream that get generated from that initial internal state.
10 1 Sascha
11 1 Sascha
This is because we have access to a few samples of 64 bits of keystream an can, through a number of steps, decrypt the entire conversation when we know the A5/1 state of one burst.
12 1 Sascha
13 1 Sascha
The reduction function is a mapping from the 64 bits of keystream to a new state. the last keystream is shifted into the state registers unmodified and it is not actually reduced in size.
14 1 Sascha
15 1 Sascha
This image shows the distribution of 5.6 million end values from one of our tables. since the picture is 1 million pixels large, each pixel represents 264 - 220 = 244 values of the keyspace. While the picture clearly shows random noise in the view from far above the keyspace, there may be other pictures at different zoom levels or with different coordinate systems that show structures.