Together, your Internet even better

2G mobile network encryption deliberately reduced

According to French, German and Norwegian researchers, the GEA-1 and GEA-2 encryption algorithms used in mobile data networks in the 1990s and 2000s have been weakened, one of them from the outset. Based on 2G technology, they were intended to secure the General Packet Radio Service (GPRS) standard. Today, this network continues to be used for M2M systems or as a backup for data, SMS and mobile calls. Most of today's terminals are GPRS-enabled.

 

The aim of these two algorithms is to secure the transfer of data between phones and base stations in order to avoid the interception of communications. However, the experts found, for example, that GEA-1 did not encrypt in 64 bits as expected but only in 40 bits. With a lower security level, a computer network can more easily discover the key by brute force and read the streams.

To support this theory, specialists reverse engineered GEA-1 and GEA-2. By recreating the former, they found that their algorithm was more secure than the original version. Disregarding the notion of chance, they believe that this weakening of security was intended from the design of the algorithm.

 

These algorithms were developed by the European Telecommunications Standards Institute (ETSI) in 1998 by a dedicated working group. The European body admitted that GEA-1 contained a weakness. But it explained that it had been introduced to comply with export regulations which did not allow for stronger encryption. For GEA-2, the rules were relaxed at the time of its design, but the researchers were able to decrypt the traffic. They therefore recommend relying on the more robust GEA-3 and higher algorithm.

 

 

 Read the article

 

Source : Le Monde Informatique

 

 

 

 

FaLang translation system by Faboba