Science & Enterprise logo
Science for business people. Enterprise for scientists.

Gaps Found in Satellite Telephone Encryption Algorithms

Inmarsat-3 satellite (NASA.gov)
(NASA.gov)

Computer scientists at Ruhr-Universität in Bochum, Germany say they have cracked algorithms of European encryption standards used globally for satellite telephones in less than an hour and with simple equipment. The team from the university’s Horst Görtz Institute for IT Security (HGI) will present the findings of their proof-of-concept tests at the IEEE Symposium on Security and Privacy in May 2012.

Satellite telephony, often considered secure against eavesdropping, is the communications medium of choice when regular landline or mobile phone services are not available, such as on the high seas, in developing areas, or in war zones. These services that connect the user via radio directly to a satellite use encryption standards developed by the European Telecommunications Standards Institute (ETSI), known as A5-GMR-1 and A5-GMR-2.

The team led by HGI’s Benedikt Driessen used commercially available equipment, and randomly selected two widely used satellite phones on the commercial Thuraya satellite telephone network. For each phone, the researchers loaded a firmware update from the provider’s Web site and reconstructed the encryption mechanism.

Their analysis showed that the A5-GMR-1 standard was similar to encryption methods used in everyday Global System for Mobile Communications (GSM) cell phones. The research team verified their analysis by mounting an attack on their own satellite phone conversations. “Since the GSM cipher had already been cracked,” says Driessen “we were able to adopt the method and use it for our attack.”

The researchers have designed, but not yet implemented a similar test of the A5-GMR-2 standard. An extension of that encryption standard, according to the team, is used by satellite phone provider Inmarsat.

So far, the researchers have not been able to eavesdrop or reconstruct a voice call, which requires a separate speech coding scheme. Their work so far, say the researchers, applies only to non-voice data sent over satellite phones, such as SMS and fax that do not need speech coding.

The team says they informed the proper authorities of their findings well in advance. They note that ETSI has taken a new, more open approach to security standards development, using a series of workshops, which discuss recent findings and potential vulnerabilities. They believe this process will lead to a more involved user community and more secure standards.

Read more:

*     *     *