{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:20:36Z","timestamp":1750306836495,"version":"3.41.0"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2013,11,1]],"date-time":"2013-11-01T00:00:00Z","timestamp":1383264000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Energy of the State of North Rhine-Westphalia","award":["IV.5-43-02\/2-005-WFBO-009"],"award-info":[{"award-number":["IV.5-43-02\/2-005-WFBO-009"]}]},{"name":"Ministry of Economic Affairs"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2013,11]]},"abstract":"General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2.<\/jats:p>\n \n In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 2\n 32<\/jats:sup>\n to 2\n 21<\/jats:sup>\n steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations.\n <\/jats:p>\n The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.<\/jats:p>","DOI":"10.1145\/2535522","type":"journal-article","created":{"date-parts":[[2013,12,10]],"date-time":"2013-12-10T13:28:12Z","timestamp":1386682092000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["An experimental security analysis of two satphone standards"],"prefix":"10.1145","volume":"16","author":[{"given":"Benedikt","family":"Driessen","sequence":"first","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Ralf","family":"Hund","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Carsten","family":"Willems","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Christof","family":"Paar","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2013,12,6]]},"reference":[{"volume-title":"Proceedings of the International Crytology Conference (CRYPTO'03)","author":"Barkan E.","key":"e_1_2_1_1_1","unstructured":"Barkan , E. , Biham , E. , and Keller , N . 2003. Instant ciphertext-only cryptanalysis of gsm encrypted communication . In Proceedings of the International Crytology Conference (CRYPTO'03) . 600--616. Barkan, E., Biham, E., and Keller, N. 2003. Instant ciphertext-only cryptanalysis of gsm encrypted communication. In Proceedings of the International Crytology Conference (CRYPTO'03). 600--616."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-007-9001-y"},{"volume-title":"Proceedings of the 1st International Conference on Progress in Cryptology (INDOCRYPT'00)","author":"Biham E.","key":"e_1_2_1_3_1","unstructured":"Biham , E. and Dunkelman , O . 2000. Cryptanalysis of the a5\/1 gsm stream cipher . In Proceedings of the 1st International Conference on Progress in Cryptology (INDOCRYPT'00) . 43--51. Biham, E. and Dunkelman, O. 2000. Cryptanalysis of the a5\/1 gsm stream cipher. In Proceedings of the 1st International Conference on Progress in Cryptology (INDOCRYPT'00). 43--51."},{"volume-title":"Proceedings of the 7th International Workshop on Fast Software Encryption (FSE'00)","author":"Biryukov A.","key":"e_1_2_1_4_1","unstructured":"Biryukov , A. , Shamir , A. , and Wagner , D . 2000. Real time cryptanalysis of a5\/1 on a pc . In Proceedings of the 7th International Workshop on Fast Software Encryption (FSE'00) . 1--18. Biryukov, A., Shamir, A., and Wagner, D. 2000. Real time cryptanalysis of a5\/1 on a pc. In Proceedings of the 7th International Workshop on Fast Software Encryption (FSE'00). 1--18."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74735-2_27"},{"key":"e_1_2_1_6_1","unstructured":"Briceno M. Goldberg I. and Wagner D. 1999. A pedagogical implementation of the gsm a5\/1 and a5\/2 \u201cvoice privacy\u201d encryption algorithms. http:\/\/www.scard.org. Briceno M. Goldberg I. and Wagner D. 1999. A pedagogical implementation of the gsm a5\/1 and a5\/2 \u201cvoice privacy\u201d encryption algorithms. http:\/\/www.scard.org."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.18"},{"volume-title":"Proceedings of the International Crytology Conference (CRYPTO'10)","author":"Dunkelman O.","key":"e_1_2_1_8_1","unstructured":"Dunkelman , O. , Keller , N. , and Shamir , A . 2010. A practical-time related-key attack on the kasumi cryptosystem used in gsm and 3g telephony . In Proceedings of the International Crytology Conference (CRYPTO'10) . 393--410. Dunkelman, O., Keller, N., and Shamir, A. 2010. A practical-time related-key attack on the kasumi cryptosystem used in gsm and 3g telephony. In Proceedings of the International Crytology Conference (CRYPTO'10). 393--410."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2002.806129"},{"volume-title":"ETSI ts 101 376-3-2 v1.1.1 (2001-03)","author":"Etsi","key":"e_1_2_1_10_1","unstructured":"Etsi . 2001a. ETSI ts 101 376-3-2 v1.1.1 (2001-03) ; GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 2: Network Architecture; GMR-1 03.002. Tech . rep. Etsi. 2001a. ETSI ts 101 376-3-2 v1.1.1 (2001-03); GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 2: Network Architecture; GMR-1 03.002. Tech. rep."},{"volume-title":"ETSI ts 101 376-3-9 v1.1.1 (2001-03)","author":"Etsi","key":"e_1_2_1_11_1","unstructured":"Etsi . 2001b. ETSI ts 101 376-3-9 v1.1.1 (2001-03) ; GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 9: Security related Network Functions; GMR-1 03.020. Tech . rep. Etsi. 2001b. ETSI ts 101 376-3-9 v1.1.1 (2001-03); GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 9: Security related Network Functions; GMR-1 03.020. Tech. rep."},{"volume-title":"ETSI ts 101 377-3-10 v1.1.1 (2001-03)","author":"Etsi","key":"e_1_2_1_12_1","unstructured":"Etsi . 2001c. ETSI ts 101 377-3-10 v1.1.1 (2001-03) ; GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 9: Security related Network Functions; GMR-2 03.020. Tech . rep. Etsi. 2001c. ETSI ts 101 377-3-10 v1.1.1 (2001-03); GEO-mobile radio interface specifications; Part 3: Network specifications; Sub-part 9: Security related Network Functions; GMR-2 03.020. Tech. rep."},{"volume-title":"ETSI ts 101 377-5-3 v1.1.1 (2001-03)","author":"Etsi","key":"e_1_2_1_13_1","unstructured":"Etsi . 2001d. ETSI ts 101 377-5-3 v1.1.1 (2001-03) ; GEO-mobile radio interface specifications; Part 5: Radio interface physical layer specifications; Sub-part 3: Channel Coding; GMR-2 05.003. Tech . rep. Etsi. 2001d. ETSI ts 101 377-5-3 v1.1.1 (2001-03); GEO-mobile radio interface specifications; Part 5: Radio interface physical layer specifications; Sub-part 3: Channel Coding; GMR-2 05.003. Tech. rep."},{"volume-title":"etsi ts 101 376-5-3 v1.2.1 (2002-04)","author":"Etsi","key":"e_1_2_1_14_1","unstructured":"Etsi . 2002. etsi ts 101 376-5-3 v1.2.1 (2002-04) ; GEO-mobile radio interface specifications; Part 5: Radio interface physical layer specifications; Sub-part 3: Channel Coding; GMR-1 05.003. Tech . rep. Etsi. 2002. etsi ts 101 376-5-3 v1.2.1 (2002-04); GEO-mobile radio interface specifications; Part 5: Radio interface physical layer specifications; Sub-part 3: Channel Coding; GMR-1 05.003. Tech. rep."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/1754542.1754566"},{"key":"e_1_2_1_16_1","unstructured":"Geovedi J. and Chiesa R. 2011. Hacking a bird in the sky. In HITBSecConf. Geovedi J. and Chiesa R. 2011. Hacking a bird in the sky. In HITBSecConf."},{"key":"e_1_2_1_17_1","unstructured":"Fridman J. 2013. How to optimize h.264 video decode on a digital baseband processor. http:\/\/www.eetimes.com\/General\/DisplayPrintViewContent?contentItemId=. Fridman J. 2013. How to optimize h.264 video decode on a digital baseband processor. http:\/\/www.eetimes.com\/General\/DisplayPrintViewContent?contentItemId=."},{"volume-title":"Proceedings of the International Workshop on Fast Software Encryption (FSE'13)","author":"Li R.","key":"e_1_2_1_18_1","unstructured":"Li , R. , Li , H. , Li , C. , and Sun , B . 2013. A low data complexity attack on the gmr-2 cipher used in the satellite phones . In Proceedings of the International Workshop on Fast Software Encryption (FSE'13) . Li, R., Li, H., Li, C., and Sun, B. 2013. A low data complexity attack on the gmr-2 cipher used in the satellite phones. In Proceedings of the International Workshop on Fast Software Encryption (FSE'13)."},{"key":"e_1_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Maral G. and Bousquet M. 2009. Satellite Communications Systems: Systems Techniques and Technology 5. John Wiley and Sons. Maral G. and Bousquet M. 2009. Satellite Communications Systems: Systems Techniques and Technology 5. John Wiley and Sons.","DOI":"10.1002\/9780470834985"},{"volume-title":"Proceedings of the Military Communications Conference (MILCOM'02)","author":"Matolak D.","key":"e_1_2_1_20_1","unstructured":"Matolak , D. , Noerpel , A. , Goodings , R. , Staay , D. , and Baldasano , J . 2002. Recent progress in deployment and standardization of geostationary mobile satellite systems . In Proceedings of the Military Communications Conference (MILCOM'02) . 173--177. Matolak, D., Noerpel, A., Goodings, R., Staay, D., and Baldasano, J. 2002. Recent progress in deployment and standardization of geostationary mobile satellite systems. In Proceedings of the Military Communications Conference (MILCOM'02). 173--177."},{"key":"e_1_2_1_21_1","unstructured":"Munaut S. 2012. OsmocomGMR. http:\/\/gmr.osmocom.org\/. Munaut S. 2012. OsmocomGMR. http:\/\/gmr.osmocom.org\/."},{"key":"e_1_2_1_22_1","volume-title":"GSM: SRSLY&quest","author":"Nohl K.","year":"2009","unstructured":"Nohl , K. and Paget , C . 2009 . GSM: SRSLY&quest ; In Proceedings of the 26th Chaos Communication Congress . Nohl, K. and Paget, C. 2009. GSM: SRSLY? In Proceedings of the 26th Chaos Communication Congress."},{"key":"e_1_2_1_23_1","unstructured":"Ortega A. and Muniz S. 2012. Satellite baseband mods: Taking control of the inmarsat gmr-2 phone terminal. ekoparty security conference. http:\/\/www.groundworkstech.com\/. Ortega A. and Muniz S. 2012. Satellite baseband mods: Taking control of the inmarsat gmr-2 phone terminal. ekoparty security conference. http:\/\/www.groundworkstech.com\/."},{"key":"e_1_2_1_24_1","unstructured":"Osmocomgmr. 2012. Thuraya SO-2510. http:\/\/gmr.osmocom.org\/trac\/wiki\/Thuraya_SO2510. Osmocomgmr. 2012. Thuraya SO-2510. http:\/\/gmr.osmocom.org\/trac\/wiki\/Thuraya_SO2510."},{"key":"e_1_2_1_25_1","unstructured":"Peter. 2013. Airborne satellite weather data. http:\/\/www.peter2000.co.uk\/aviation\/satcomms\/index.html. Peter. 2013. Airborne satellite weather data. http:\/\/www.peter2000.co.uk\/aviation\/satcomms\/index.html."},{"key":"e_1_2_1_26_1","unstructured":"Petrovic S. and Fuster-Sabater A. 2000. Cryptanalysis of the a5\/2 algorithm. Tech. rep. http:\/\/eprint.iacr.org\/2000\/052. Petrovic S. and Fuster-Sabater A. 2000. Cryptanalysis of the a5\/2 algorithm. Tech. rep. http:\/\/eprint.iacr.org\/2000\/052."},{"key":"e_1_2_1_27_1","unstructured":"Tbs. 2012. The satellite encyclopedia. http:\/\/www.tbs-satellite.com\/tse\/online\/sat_thuraya_1.html. Tbs. 2012. The satellite encyclopedia. http:\/\/www.tbs-satellite.com\/tse\/online\/sat_thuraya_1.html."},{"key":"e_1_2_1_28_1","unstructured":"Texas Instruments. 2012. The omap 5910 platform. http:\/\/www.ti.com\/product\/omap5910. Texas Instruments. 2012. The omap 5910 platform. http:\/\/www.ti.com\/product\/omap5910."},{"key":"e_1_2_1_29_1","unstructured":"Welte H. 2010. Anatomy of contemporary gsm cellphone hardware. http:\/\/laforge.gnumonks.org\/papers\/gsm_phone-anatomy-latest.pdf. Welte H. 2010. Anatomy of contemporary gsm cellphone hardware. http:\/\/laforge.gnumonks.org\/papers\/gsm_phone-anatomy-latest.pdf."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/0308-5961(94)00023-L"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1977.1055714"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2535522","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2535522","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:09:57Z","timestamp":1750234197000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2535522"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,11]]},"references-count":31,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,11]]}},"alternative-id":["10.1145\/2535522"],"URL":"https:\/\/doi.org\/10.1145\/2535522","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2013,11]]},"assertion":[{"value":"2012-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-12-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}