News: 1997 Archives
Used with permission
As the world goes digital, encryption standards become more important.
Even those who don't use the Internet are affected by security in the online age--everything from bank account and medical information to credit card numbers and transactions requires some form of coding to protect it from prying eyes.
Yet all is not well--with each new standard comes crackers to break it. And, at the other end, governments--particularly that of the United States--are trying their darndest to ensure that encryption technology doesn't get too powerful.
When Thomas Paine published Common Sense in 1776 - arguing that the American cause was not merely a revolt against unfair taxation, but a demand for independence - he had no idea that more than 200 years later, the struggle for freedom would be waged between privacy advocates and the national-security establishment. This time, the dispute is over not taxation without representation, but communication without government intervention.
One of today's crypto revolutionaries is Bruce Schneier, the neatly dressed, ponytailed author of Applied Cryptography. Schneier also recently helped identify a key flaw in the encryption scheme the US digital cellular industry had adopted for use in cell phones.
A few minutes work on a computer can break the codes that are supposed to protect new digital cellular phone technology from eavesdroppers, a team of researchers said Thursday. The cellular phone industry claimed the impact on users would be "virtually none," since engineers were working to strengthen the encryption and since a separate code that scrambles voices was not broken.
The Cellular Telecommunications Industry Association also denied that its codes could be broken so easily.
"It involves very sophisticated knowledge," an association statement said.
used with permission
In 1992, the wireless industry adopted an encryption system that was deliberately made less secure than what knowledgeable experts recommended at the time. It was accepted by the industry because it was a standard that would meet federal export regulations and would enable digital cell phone manufacturers to make one phone that could be sold in either the US or abroad, thus saving money.
As a result, the potential for eavesdropping has always existed and, some say, has been waiting for criminals with advanced techniques to exploit it.
Yesterday, a trio of computer experts released the news that digital isn't all it's cracked up to be--and that they have, in fact, cracked the most difficult part of the code that's used by phones to send digits from the keypad, making eavesdropping and cloning a real likelihood even on digital phones. Even this morning's Wall Street Journal, when referring to the assurances made by wireless phone companies to subscribers about the security of digital phones, [called them] "hollow promises."
WirelessNOW has conducted an exclusive interview with the head of the code-cracking triumvirate and found his straightforward responses to our questions open - and at least somewhat frightening.
A group of prominent cryptographers will announce today that they have discovered a hole in the privacy protection in next-generation digital cellular telephones. The new phones were supposed to be far more secure from eavesdropping and fraud than the analog phones used by most mobile-phone customers today. But Bruce Schneier, a well-known expert on code breaking, and other researchers have found a way to easily monitor any numbers dialed on a digital phone, such as credit card numbers or passwords. In addition, they say, voice conversations can easily be deciphered.
Computer scientists have broken a crucial code that protects the new generation of cellular phones from certain kinds of eavesdropping.
The news is a blow to those who would promote digital cellular telephones as highly secure systems, said Bruce Schneier of Minneapolis-based Counterpane Systems, one of the cryptographers who broke the code.
Breaking the code takes just minutes on a powerful desktop computer, Schneier said.
Schneier and his colleagues, John Kelsey of Counterpane and David Wagner from the University of California-Berkeley, said they broke one of three encryption systems used in the new generation of digital cellular phones.
A team of well-known computer security experts will announce on Thursday that they have cracked a key part of the electronic code meant to protect the privacy of calls made with the new, digital generation of cellular telephones.
These technologists, who planned to release their findings in a news release on Thursday, argue that the best way to insure that the strongest security codes are developed is to conduct the work in a public forum. And so they are sharply critical of the current industry standard setting process, which has made a trade secret of the underlying mathematical formulas used to create the security codes.
"Our work shows clearly why you don't do this behind closed doors," Schneier said. "I'm angry at the cell phone industry because when they changed to the new technology, they had a chance to protect privacy and they failed."
Carroll, head of the industry's privacy committee, said it planned to revise the process for reviewing proposed technical standards.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.