[ Pobierz całość w formacie PDF ]
.He explained: `The keys are not fixed, in the sense that they are generated once and thenstored in some database.Rather, a key is generated for each phone conversation by thecompany's AUC [authentication centre], using the "Ki" and a random value generated by theAUC.The Ki is the secret key that is securely stored on the smart card [inside the cellphone],and a copy is also stored in the AUC.When the AUC "tells" the cellphone the key for thatparticular conversation, the information passes through the company's MSC [mobile switchingcentre].`It is possible to eavesdrop on a certain cellphone if one actively monitors either thehandovers or the connection set-up messages from the OMC [operations and maintenancecentre] or if one knows the Ki in the smart card.`Both options are entirely possible.The first option, which relies on knowing the A5encryption key, requires the right equipment.The second option, using the Ki, means you haveto know the A3/A8 algorithms as well or the Ki is useless.These algorithms can be obtained byhacking the switch manufacturer, i.e.Siemens, Alcatel, Motorola.`As a call is made from the target cellphone, you need to feed the A5 key into a cellphonewhich has been modified to let it eavesdrop on the channel used by the cellphone.Normally,this eavesdropping will only produce static--since the conversation is encrypted.However, withthe keys and equipment, you can decode the conversation.'This is one of the handover messages, logged with a CCITT7 link monitor, that he saw:13:54:46"3 4Rx
[ Pobierz całość w formacie PDF ]