Satellite Phone Communications Decrypted in Near Real-Time
Satellite phone communications encrypted with the GMR-2 cipher can be decrypted in mere fractions of a second, two Chinese researchers have proved.
The GMR-2 is a stream cipher with 64-bit key-length. Currently, the phones of British satellite telecom Inmarsat use the GMR-2 standard, and those of United Arab Emirates-based satellite phone provider Thuraya use the (competing) GMR-1 standard.
It used to be that details about the GMR-1 and the GMR-2 cipher were not publicly known, but in 2012, a group of German researchers managed to reverse engineer them both, and concluded that they are considerably weaker than state-of-the-art ciphers such as AES, or even lightweight block ciphers such as PRESENT.
The Chinese researchers approached the matter from a different perspective, and did even better – their attack allows de facto real-time decryption of target communications.
They did not opt for a known plaintext attack to recover the encryption key – instead, they tried, and succeeded, to reverse the encryption procedure so that they could extrapolate the encryption key directly from the output keystream.
“Our analysis shows that, using the proposed attack, the exhaustive search space for the 64-bit encryption key can be reduced to about 2(13) when one frame (15 bytes) keystream is available,” they pointed out. “(…) the proposed attack are carried out on a 3.3GHz platform, and the experimental results demonstrate that the 64-bit encryption key could be recovered in around 0.02s on average.”
The serious flaws found in the GMR-2 cipher should spur satellite phone providers to upgrade to more secure cryptographic modules.
Source | HelpNet Security