Citat:
Det är ju flera attacker (listade nedan) TEA2 attackeras inte via kryptot.
Från Wired-artikeln Länk
Citat:
The second major vulnerability the researchers found isn’t in one of the secret algorithms, but it affects all of them. The issue lies in the standard itself and how TETRA handles time syncing and keystream generation.
When a TETRA radio contacts a base station, they initiate communication with a time sync. The network broadcasts the time, and the radio establishes that it’s in sync. Then they both generate the same keystream, which is tied to that timestamp, to encrypt the subsequent communication.
“The problem is that the network broadcasts the time in packets that are unauthenticated and unencrypted,” says Wetzels.
As a result, an attacker can use a simple device to intercept and collect encrypted communication passing between a radio and base station, while noting the timestamp that initiated the communication. Then he can use a rogue base station to contact the same radio or a different one in the same network and broadcast the time that matches the time associated with the intercepted communication. The radio is dumb and believes the correct time is whatever a base station says it is. So it will generate the keystream that was used at that time to encrypt the communication the attacker collected. The attacker recovers that keystream and can use it to decrypt the communication collected earlier.
When a TETRA radio contacts a base station, they initiate communication with a time sync. The network broadcasts the time, and the radio establishes that it’s in sync. Then they both generate the same keystream, which is tied to that timestamp, to encrypt the subsequent communication.
“The problem is that the network broadcasts the time in packets that are unauthenticated and unencrypted,” says Wetzels.
As a result, an attacker can use a simple device to intercept and collect encrypted communication passing between a radio and base station, while noting the timestamp that initiated the communication. Then he can use a rogue base station to contact the same radio or a different one in the same network and broadcast the time that matches the time associated with the intercepted communication. The radio is dumb and believes the correct time is whatever a base station says it is. So it will generate the keystream that was used at that time to encrypt the communication the attacker collected. The attacker recovers that keystream and can use it to decrypt the communication collected earlier.
CVE-2022-24400 - A flaw in the authentication algorithm allows attackers to set the Derived Cypher Key (DCK) to 0.
CVE-2022-24401 - The Air Interface Encryption (AIE) keystream generator relies on the network time, which is publicly broadcast in an unauthenticated manner. This allows for decryption oracle attacks.
CVE-2022-24402 - The TEA1 algorithm has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes.
CVE-2022-24403 - The cryptographic scheme used to obfuscate radio identities has a weak design that allows attackers to deanonymize and track users.
CVE-2022-24404 - Lack of ciphertext authentication on AIE allows for malleability attacks.
__________________
Senast redigerad av dezent 2023-08-03 kl. 01:53.
Senast redigerad av dezent 2023-08-03 kl. 01:53.
