A Minnesota cryptographer said the cellular industry knows the cryptographic algorithms used in U.S. cellular digital systems are inadequate and were watered down by U.S. military pressure-and the industry is trying to hide that information.
Bruce Schneier, president of Counterpane Systems, and several colleagues last week released a research paper via the Internet claiming to have broken the privacy code in digital cellular phones.
Minneapolis-based Counterpane is a computer security and cryptography consulting firm.
Schneier told RCR he has “never touched a digital cellular phone,” but broke the algorithm simply by working the mathematics on a conventional personal computer, using the common cryptographic algorithms crafted by TR-45 of the Telecommunications Industry Association.
His discovery points to “serious problems in the closed-door process used to develop these privacy measures,” Schneier and his colleagues said.
The TIA committees began work on encryption algorithms in 1993. At that time, encryption technology was controlled by the U.S. State Department, and participation in the TIA process was limited by law due to U.S. fears that the technology would be exported outside the United States.
Schneier and his colleagues say the design process was crippled by U.S. military pressure, and ultimately, the result was weaker protection for U.S. citizens.
“You (the user) have no privacy. You think you do, but they’re lying,” Schneier said.
Release of the study coincides with congressional hearings on Security and Freedom Through Encryption (SAFE) legislation promoted by House Rep. Bob Goodlatte (R-Va.). The U.S. computer industry supports the bill, being pushed in both the House and Senate, in hopes of lifting export restrictions that prevent U.S. creators of encryption technology from selling their work globally. The White House has publicly opposed the rewrite of encryption laws by Congress.
TIA President Matthew Flanigan said the encryption development process continues and “our Ad Hoc Authentication Group has already begun discussions on the strengthening of the algorithms.”
The TR-45 algorithms are used in both Time Division Multiple Access and Code Division Multiple Access phones. The Schneier study didn’t include the Global System for Mobile communications standard because it uses different algorithms. This fact was quickly promoted by U.S. GSM providers such as Powertel Inc.
“Powertel wishes to assure its customers that the concerns raised over the security of digital wireless transmissions are not applicable to our network,” said Edward Horner, Powertel chief operating officer.
The Cellular Telecommunications Industry Association responded immediately to the Minneapolis claim, having been warned by Schneier that the paper was being released.
“The encryption discussed by the researchers involves the algorithm used to encrypt numbers punched on the keypad of a phone, not the algorithm used to encrypt voice transmissions,” CTIA said.
That’s a catchy statement, Schneier said, because voice transmissions are not encrypted. Only the dialed numbers are encrypted, to prevent thieves from stealing credit card numbers and other codes dialed into a phone.
“Now people can read our paper and know the truth. That’s why we published the facts,” he said. His paper also explains how to break the encrypted numbers punched on the keypad.
CTIA said breaking the keypad code involves very sophisticated cryptographic knowledge.
“The digital encryption system now in use is designed to inhibit interception by the unsophisticated,” CTIA said in a statement. “Any technology developed by one person can be broken by another with the application of sufficient technology. This announced attack requires multiple minutes, up to hours, of high speed computer processing to break a coded message.”
Schneier responded, saying, “You need sophisticated knowledge to build a power plant, but not to turn a light on.”
CDMA proponent Qualcomm Inc. said the voice privacy and cloning protection provided by CDMA technology “are not affected by the security issues surrounding the Cellular Message Encryption Algorithm, and therefore changes to CDMA networks and wireless phones are unnecessary.”
“CDMA provides a unique scrambling method that continually changes throughout every call,” said Qualcomm Chairman Dr. Irwin Jacobs. “Any one of more than 4.4 trillion codes are utilized during the scrambling process. It remains impractical to manufacture a monitoring device that would enable a listener to scan hundreds of channels and listen in randomly on any CDMA call.”
Wireless association leaders responded to the encryption news with a call for the mighty hand of the law to smite down encryption offenders. CTIA President Thomas Wheeler immediately wrote to Billy Tauzin (R-La.), chairman of the House Subcommittee on Telecommunications.
“Our laws must make it clearly illegal to manufacture, import, distribute, modify, sell or own a device that can intercept and or decrypt wireless communications,” Wheeler wrote, “and it should apply to any signals transmitted over spectrum assigned to and used by commercial mobile services.”
Jay Kitchen, president of the Personal Communications Industry Association, responded to the matter by saying, “There must be stiff penalties for people who willfully break into systems. All Americans must realize that even their wireline telephone is only as safe as the lock on the phone box in their local neighborhood.”
