Flaws in the GMR-2 Cipher Used in Cellular Service

Finjan TeamBlog, Cybersecurity

Finjan Flaws in the GMR 2 Cipher Used in Cellular Service

In areas where conventional network coverage isn’t available, cellular service is routinely parceled out via satellite telephone systems, which provide encryption security for their data transmission through what’s known as the GMR-2 cipher. Such services may be the only option for users in remote or isolated environments, like ocean-going vessels or high-altitude locations – and they’re also a critical choice for users in the armed services deployed in combat regions.

So the recent discovery of critical flaws in the GMR-2 Cipher potentially enabling hackers to gain real-time access to satellite communications comes as worrying news.

The GMR-2 Cipher

The GEO-Mobile Radio Interface (GMR) ciphers GMR-1 and GMR-2 were developed by a non-profit standardization organization known as the European Telecommunications Standards Institute (ETSI), for the purpose of encrypting the satellite telephone communications funneled through services such as ACeS, ICO, Inmarsat, SkyTerra, TerreStar, and Thuraya.

GMR-2 is a stream cipher, having a key-length of 64 bits. One of its major deployments is in the satellite phones of BT Inmarsat (a division of the UK’s largest telecommunications provider BT, which was formally known as British Telecom).

This fact – plus the knowledge that a previous standard created by ETSI (the Global System for Mobile (GSM) cipher, used in encrypting transmissions for cellular phone networks) also proved to be insecure – increased the stakes for market and reputational damage when the GMR-2 cipher was cracked.

Background to The GMR-2 Cipher Attack

In 2012, researchers at the Ruhr University Bochum in Germany launched an experimental assault on GMR-2 and succeeded in recovering an encryption key by using a known-plaintext attack. There have been suggestions that the read-collision based technique used by the German researchers and/or other methods of cracking the encryption may have been uncovered prior to this, as the ability to intercept satellite phone communications has been available to intelligence agencies, law enforcement, and armed forces for some considerable time.

The German team subsequently published a security analysis paper titled “Don’t Trust Satellite Phones”, which also highlighted flaws they uncovered in another cipher used for some satellite phone traffic encryption, called the Universal Mobile Telecommunications System (UMTS), and in the related Wideband Code Division Multiple Access (W-CDMA) system.

The known-plaintext attack revealed in 2012 was essentially a brute-force assault and a relatively slow affair – one on which a team of researchers based at the National University of Defense Technology in China were able to improve upon, significantly.

GMR-2 Cipher Attack Specifics

Chinese researchers, Jiao Hu, Ruilin Li, and Chaojing Tang attacked the GMR-2 cipher by (in their words) looking to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.” They concentrated on reducing the exhaustive key search space, effectively minimizing the time needed to recover an encryption key.

The team’s research paper states that the attack was staged in three phases: “(1) table generation (2) dynamic table look-up, filtration and combination (3) verification.”

The attack strategy involves hitting a 3.3GHz satellite data stream repeatedly, with an inversion attack. This relentless assault inevitably creates the 64-bit encryption key and makes it easier to seek out its corresponding decoder key – ultimately enabling the attacker to decrypt the cipher and eavesdrop on the communication.

Using this approach on a 3.3GHz platform, the group was able to demonstrate that the 64-bit encryption key for a GMR-2 cipher could be completely retrieved in a fraction of a second (around 0.02 seconds, to be precise). Their research paper suggests that an inversion attack on GMR-2 is not only much more efficient and practical than a known-plaintext approach – it’s also possible that such an assault could result in the real-time interception and decoding of satellite phone conversations.

The Potential for Damage

Obviously, these flaws have negative implications for personal privacy – especially for individuals living or working in remote or isolated locations and conditions, for whom satellite phones are the only practical means of communicating with the outside world.

Beyond the private sector, the wider consequences could be even more disturbing. As satellite communications are a crucial tool for military and intelligence personnel on active field or combat missions, the possibility that these transmissions might be intercepted and decoded in real time could have serious ramifications – including diplomatic, political, and legal repercussions, or even the loss of lives.

Preventative Measures

The Chinese National University of Defense Technology research paper concludes with this recommendation:

“This again demonstrates that there exist serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication.”

Responding to the German research of 2012, a spokesperson for Inmarsat told ZDNet that the company “immediately took action to address the potential security issue and this was fully addressed.”

But satellite phone users don’t necessarily have to take the service providers at their word. Tools and applications are available to provide additional encryption.

Users of iOS and Android smartphones have access to special adapters which convert a cell phone into a satellite phone. These and pure-bred satellite phones may be used in conjunction with encrypted voice and text apps, such as Signal or Tox, to provide protection above and beyond what the network carrier has in place. (Do a search at the app store, and don’t forget to read the user reviews and app permissions, before making your choice).

Share this Post

Finjan Flaws in the GMR 2 Cipher Used in Cellular Service
Article Name
Flaws in the GMR-2 Cipher Used in Cellular Service
The Recent discovery of critical flaws in the GMR-2 Cipher potentially enabling hackers to gain real-time access to satellite communications is alarming.
Publisher Name
Publisher Logo