In the course of discussing security topics here, especially those related to encryption, I have mentioned a number of times the strong consensus among security experts that “security by obscurity” — the idea that a system can be kept secure by keeping its workings secret — does not work. Beginning with copy-protected programs back in the early days of the PC, proprietary, “secret sauce” encryption schemes, like the method used to encrypt DVDs, have a pretty consistent track record: they all get cracked, usually sooner rather than later. We’ve also seen that even good systems can be cracked. I’ve written here about the cracking of the DECT encryption used for cordless telephones, the encryption used for GSM mobile (cellular) phones, and the encryption of the GPRS packet data encryption system.
Now, according to a report in the [UK] Daily Telegraph, the built-in encryption system used in a number of satellite phone systems has been cracked.
German academics said they had cracked two encryption systems used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent. Hundreds of thousands of satellite phone users are thought to be affected.
The researchers, Benedikt Driessen and Ralf Hund, from the Ruhr University, Bochum, said in a presentation on February 2 that they had managed to reverse-engineer two of the encryption methods, known as GMR-1 and GMR-2, using equipment that is readily available for less than $2,000. The techniques they used are similar to the approaches used to break other telephony encryption systems. The satellite systems use proprietary algorithms, but do not employ secret keys provided by the user, thus violating Kerckhoff’s Principle:
The security of the crypto system must not depend on keeping secret the crypto-algorithm. The security depends only on keeping secret the key.
Obviously an attack on satellite phones is not likely to have a major impact on typical citizens; these systems are used mostly in underdeveloped or thinly-populated areas, where cellular infrastructure is minimal or non-existent. They are fairly expensive, certainly by comparison with cell phones, and tend to be used by government or military organizations, as well as other international organizations. Many of these users may layer their own encryption on top of the basic satellite phone system, but anyone relying on that basic system to preserve privacy should think twice.
Getting security right is hard, and the best way to ensure an encryption system is secure is to open the box and expose the working to a variety of knowledgeable critics. Assuming that, because it’s secret, it’s secure, is a very imprudent approach.