DECT Encryption Cracked

April 8, 2010

One of the principles that we talk about a lot in the security field is that “security by obscurity” is a delusion; systems that depend on proprietary or otherwise secret methods generally turn out not to be secure at all.  Apparently, this is a hard pill to swallow; despite a long list of proprietary systems that have been cracked, people still keep trying.

The latest system to be successfully broken is the Digital Enhanced Cordless Telecommunications [DECT] standard, used to encrypt radio transmissions between cordless telephones and their base stations.  The system is also used in some more specialized environments; for example, it is used in some wireless credit card readers used in restaurants and bars, and in some wireless access control and alarm system.  The system relies for its security on two proprietary algorithms: the DECT Standard Authentication Algorithm for authentication, and the DECT Standard Cipher for encryption.

According to a story published by The Register.  a UK technology news site, a group of researchers, including Karsten Nohl of the University of Virginia, Erik Tews of Technische Universität Darmstadt, and Ralf-Philipp Weinmann of the University of Luxembourg, has managed to reverse-engineer the DECT Standard Cipher, using a combination of information gleaned from patent applications and from a microscopic examination of the physical circuit layout on the silicon chips used in the encryption.   Using this information, they were able to determine that the system used an inadequate number of initialization “rounds”, throwing out only 40-80 bits of initial ciphertext output.  (This is very roughly equivalent to not shuffling the cards thoroughly enough before dealing poker hands.)  Because of this, the researchers were able to devise an attack on the cipher that can typically recover the secret key by collecting about four hours’ worth of data.  In an application such as a wireless credit card terminal, the attack can be successful more rapidly because there is more structure in the plaintext data.  The attack  can also be made faster by using a machine with a Cell or Nvidia CUDA graphics processor.  (The complete paper can be downloaded here [PDF].)

The authors suggest that future development of DECT security be based on an open cipher algorithm.  They argue, and I would tend to agree, that a basic flaw like insufficient initialization would have been detected if the existing algorithm had been published.  Their attack does require a fair amount of intercepted data to work; however, as they also point out, their attack is fundamentally simple, and there are almost certainly more sophisticated methods that could be used.  It is a truism of security that attacks only get better over time.

Microsoft Black Tuesday Preview, April 2010

April 8, 2010

In line with its usual practice, Microsoft today released its Security Bulletin Advanced Notification, summarizing the patches it intends to release next Tuesday, April 13.   This month, Microsoft intends to release 11 patches.  All supported versions of Windows are affected by at least two patches rated Critical.  There are also patcches affecting Microsoft Office, and Exchange Server.  The following table gives the breakdown by severity rating:

Windows Version Critical Important Moderate
Windows 2000 5 3
Windows XP 4 3 1
Windows Vista 2 2 1
Windows Server 2003 3 3 1
Windows Server 2008 3 1 2
Windows 7 2 1
Windows Server 2008 R2 2 1 1
Microsoft Office 2
Exchange Server (all) 1

As usual, the Advance Notification will be replaced by the Security Bulletin Summary next Tuesday, when the actual release is made.  The number and severity rating of patches is also subject to change between now and then.

I’ll post a note here next Tuesday when the patches are available.  Unfortunately, it appears that nearly all of them will require a re-boot.

%d bloggers like this: