Paper 2012/321

DECT Security Analysis

Erik Tews

Abstract

DECT is a standard for cordless phones. The intent of this thesis is to evaluate DECT security in a comprehensive way. To secure conversations over the air, DECT uses two proprietary algorithms, namely the DECT Standard Authentication Algorithm (DSAA) for authentication and key derivation, and the DECT Standard Cipher (DSC) for encryption. Both algorithms have been kept secret and were only available to DECT device manufacturers under a None Disclosure Agreement (NDA). The reader is first introduced into the DECT standard. The two algorithms DSAA and DSC have been reverse engineered and are then described in full detail. At first, attacks against DECT devices are presented, that are based on faults made by the manufacturers while implementing the DECT standard. In the next Chapters, attacks against the DSAA and the DSC algorithm are described, that recover the secret keys used by these algorithms faster than by brute force. Thereafter, a attack against the DECT radio protocol is described, that decrypts encrypted DECT voice calls. Finally, an outlook over the next release of the DECT standard is presented, that is expected to counter all attacks against DECT, that are described in this thesis.

Note: PhD thesis of Erik Tews

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Paper is also available at http://tuprints.ulb.tu-darmstadt.de/2932/
Keywords
DECTDSCDSAAstream cipherblock cipher
Contact author(s)
erik @ datenzone de
History
2012-06-12: received
Short URL
https://ia.cr/2012/321
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2012/321,
      author = {Erik Tews},
      title = {{DECT} Security Analysis},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/321},
      year = {2012},
      url = {https://eprint.iacr.org/2012/321}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.