One of the principles that we talk about a lot in the security field is that “security by obscurity” is a delusion; systems that depend on proprietary or otherwise secret methods generally turn out not to be secure at all. Apparently, this is a hard pill to swallow; despite a long list of proprietary systems that have been cracked, people still keep trying.
The latest system to be successfully broken is the Digital Enhanced Cordless Telecommunications [DECT] standard, used to encrypt radio transmissions between cordless telephones and their base stations. The system is also used in some more specialized environments; for example, it is used in some wireless credit card readers used in restaurants and bars, and in some wireless access control and alarm system. The system relies for its security on two proprietary algorithms: the DECT Standard Authentication Algorithm for authentication, and the DECT Standard Cipher for encryption.
According to a story published by The Register. a UK technology news site, a group of researchers, including Karsten Nohl of the University of Virginia, Erik Tews of Technische Universität Darmstadt, and Ralf-Philipp Weinmann of the University of Luxembourg, has managed to reverse-engineer the DECT Standard Cipher, using a combination of information gleaned from patent applications and from a microscopic examination of the physical circuit layout on the silicon chips used in the encryption. Using this information, they were able to determine that the system used an inadequate number of initialization “rounds”, throwing out only 40-80 bits of initial ciphertext output. (This is very roughly equivalent to not shuffling the cards thoroughly enough before dealing poker hands.) Because of this, the researchers were able to devise an attack on the cipher that can typically recover the secret key by collecting about four hours’ worth of data. In an application such as a wireless credit card terminal, the attack can be successful more rapidly because there is more structure in the plaintext data. The attack can also be made faster by using a machine with a Cell or Nvidia CUDA graphics processor. (The complete paper can be downloaded here [PDF].)
The authors suggest that future development of DECT security be based on an open cipher algorithm. They argue, and I would tend to agree, that a basic flaw like insufficient initialization would have been detected if the existing algorithm had been published. Their attack does require a fair amount of intercepted data to work; however, as they also point out, their attack is fundamentally simple, and there are almost certainly more sophisticated methods that could be used. It is a truism of security that attacks only get better over time.