Cryptanalysis of the DECT Standard Cipher

Nohl, Karsten; Tews, Erik; Weinmann, Ralf-Philipp

doi:10.1007/978-3-642-13858-4_1

Cited by 23 publications

(30 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…But on various occasions, older designs have been exposed with much lower technology tools. For instance, -CRYPTO1, the encryption algorithm of the NXP MyFare card [21], and -DSC, the encryption algorithm of the DECT [22], have between disclosed by the observation of the chip and the reconstruction of its netlist (open source software tools exist for this final step [24]). Incidentally, those algorithms have been cryptanalysed almost as soon as they were known, which is a brilliant example of the danger of security by obscurity mechanisms.…”

Section: Backend-level Decoilingmentioning

confidence: 99%

System-Level Methods to Prevent Reverse-Engineering, Cloning, and Trojan Insertion

Guilley

Danger

Nguyen³

et al. 2012

Information Systems, Technology and Management

View full text Add to dashboard Cite

show abstract

Section: Backend-level Decoilingmentioning

confidence: 99%

System-Level Methods to Prevent Reverse-Engineering, Cloning, and Trojan Insertion

Guilley

Danger

Nguyen³

et al. 2012

Information Systems, Technology and Management

View full text Add to dashboard Cite

show abstract

“…The equation systems must be transformed beforehand for this purpose, such that the dependent bits are described as a function of the independent bits. The DSC keystream generator can be implemented straight-forward as described in [4].…”

Section: Basic Implementation Ideamentioning

confidence: 99%

“…Even if encryption is used and long-term and session keys are generated in a secure manner, it is still possible to decipher phone calls. In 2009, the DECT Standard Cipher was reverse-engineered and a correlation attack on the cipher was published [4] by Nohl, Tews and Weinmann (NTW-attack). With 2 15 available keystreams generated with different initialization vectors (IVs), it is possible to recover the session key within minutes to hours on a fast PC or Server.…”

Section: Introductionmentioning

confidence: 99%

“…The optimizations are of general nature and can be used in conjunction with optimized implementations of the attack for CUDA graphics cards or the PS3 cell processor [4] or any other kind of parallel processing hardware. In the second part of the paper we present an optimized FPGA implementation of our optimized NTW-attack, which is currently the most cost-efficient way of searching through the remaining key space the NTW-attack determines.…”

Section: Introductionmentioning

confidence: 99%

“…The DECT Standard Cipher (DSC) is a proprietary stream cipher used for enciphering payload of DECT transmissions such as cordless telephone calls. The algorithm was kept secret, but a team of cryptologists reverse-engineered it and published a way to reduce the key space when enough known keystreams are available [4]. The attack consists of two phases: At first, the keystreams are analyzed to build up an underdetermined linear equation system.…”

mentioning

confidence: 99%

See 2 more Smart Citations

FPGA Implementation of an Improved Attack against the DECT Standard Cipher

Weiner

Tews

Heinz

et al. 2011

Information Security and Cryptology - ICISC 2010

Self Cite

View full text Add to dashboard Cite

Abstract. The DECT Standard Cipher (DSC) is a proprietary stream cipher used for enciphering payload of DECT transmissions such as cordless telephone calls. The algorithm was kept secret, but a team of cryptologists reverse-engineered it and published a way to reduce the key space when enough known keystreams are available [4]. The attack consists of two phases: At first, the keystreams are analyzed to build up an underdetermined linear equation system. In the second phase, a bruteforce attack is performed where the equation system limits the number of potentially valid keys. In this paper, we present an improved variant of the first phase of the attack as well as an optimized FPGA implementation of the second phase, which can be used with our improved variant or with the original attack. Our improvement to the first phase of the attack is able to more than double the success probability of the attack, depending of the number of available keystreams. Our FPGA implementation of the second phase of the attack is currently the most cost-efficient way to execute the second phase of the attack.

show abstract

Experimental passive eavesdropping of Digital Enhanced Cordless Telecommunication voice communications through low‐cost software‐defined radios

Sánchez

Baldini

Shaw

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

The flexibility of software‐defined radio (SDR) technology has been proposed to support various applications from the dynamic usage of the radio frequency spectrum to the implementation of radio access technologies in the commercial and military domain. A new generation of low‐cost SDR devices has emerged in the last few years, opening new possibilities to implement inexpensive security attacks against radio protocols and systems. Digital Enhanced Cordless Telecommunication (DECT) is a European Telecommunications Standards Institute standard for short‐range cordless communications with a worldwide installed base. In this paper, we survey the state of art for the application of low‐cost SDRs to the security domain, and we describe a complete implementation of a passive eavesdropping attack against DECT digital voice communication, where the DECT communication is not encrypted. The framework, which implements the attack, has been deployed on two different types of low‐cost SDR platforms to show the flexibility and extendibility of the implementation. The performance of the framework has been evaluated on the basis of different parameters and different approaches, and the experimental results are presented in the paper. The framework has demonstrated its effectiveness to implement an eavesdropping attack against DECT even at great distances with low‐cost equipment.Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Cryptanalysis of the DECT Standard Cipher

Cited by 23 publications

References 6 publications

System-Level Methods to Prevent Reverse-Engineering, Cloning, and Trojan Insertion

System-Level Methods to Prevent Reverse-Engineering, Cloning, and Trojan Insertion

FPGA Implementation of an Improved Attack against the DECT Standard Cipher

Experimental passive eavesdropping of Digital Enhanced Cordless Telecommunication voice communications through low‐cost software‐defined radios

Contact Info

Product

Resources

About