Krajem prošle godine mogli ste ovdje pročitati o ranjivosti jednostavne A5/1 GSM enkripcije, koja može imati za posljedicu prisluškivanje razgovora. Na kraju članka bilo je riječi o A5/3 enkripciji, koja se koristi u 3G mrežama, kao sigurnoj za razliku od A5/1. No, to ipak nije tako. Istraživači su izdali članak u kojem opisuju metodu napada na 3G enkripciju (znanu kao KASUMI), koja zahtijeva samo nekoliko sati procesiranja na običnom PC-u.

Detaljnije (na engleskom):

The KASUMI system is based on an encryption technique called MISTY, which belongs to a general class of techniques called Feistel encryption. These are rather complex, with multiple keys being combined, and a recursive, multiround encryption processes that alternates the order of different functions. A sense of the complexity can be had by looking at the diagram on a page that describes it.

Unfortunately, a full MISTY encryption is apparently computationally expensive, making it less than ideal for an application where time and processing power are in short supply. The KASUMI algorithm was developed specifically to simplify the MISTY system, and make it "faster and more hardware-friendly," in the words of the new study's authors. Supposedly, the simplifications didn't reduce the security of the protocol, but the new research suggests otherwise.

The math behind the attack is rather complex but, distilled down, relies on sending multiple inputs through the encryption process that differ by known values, and look for pairs of pairs that show key similarities. These similarities allow the authors to determine when related encryption keys are being used, and then identify some of the bits in these keys. According to the paper, "our unoptimized implementation on a single PC recovered about 96 key bits in a few minutes, and the complete 128 bit key in less than two hours." That should meet almost nobody's standard of secure.