Cryptology ePrint Archive: Report 2012/051

Eavesdropping on Satellite Telecommunication Systems

Benedikt Driessen

Abstract: While communication infrastructures rapidly intertwine with our daily lives, public understanding of underlying technologies and privacy implications is often limited by their closed-source nature. Lacking the funding and resources of corporations and the intelligence community, developing and expanding this understanding is a sometimes tedious, but nonetheless important process. In this sense, we document how we have decrypted our own communication in the Thuraya satellite network. We have used open-source software to build on recent work which reverse-engineered and cryptanalized both stream ciphers currently used in the competing satellite communication standards GMR-1 and GMR-2. To break Thuraya’s encryption (which implements the GMR-1 standard) in a real-world scenario, we have enhanced an existing ciphertext-only attack. We have used common and moderately expensive equipment to capture a live call session and executed the described attack. We show that, after computing less than an hour on regular PC-hardware, we were able to obtain the session key from a handful of speech data frames. This effectively allows decryption of the entire session, thus demonstrating that the Thuraya system (and probably also SkyTerra and TerreStar, who are currently implementing GMR-1) is weak at protecting privacy.

Category / Keywords: implementation /

Date: received 2 Feb 2012, last revised 8 Feb 2012

Contact author: benedikt driessen at rub de

Available formats: PDF | BibTeX Citation

Note: Added some clarification to distinguish between decrypting and actually listening to a call. Minor editorial tweaks (more probably to come..).

Version: 20120208:085225 (All versions of this report)

Discussion forum: Show discussion | Start new discussion