This is the archived Fall 2013 version of the course.
For the most recent version, see

Class 18: SIM Card Exploitation

Guest lecture by Karsten Nohl: Slides [PDF]

(The recording of his talk Friday should also be available soon.)

Action Items

Everyone should submit a project idea form by Monday, 4 November at 11:59pm.

Space-Time Tradeoffs

How can a cryptanalyst trade-off running time and memory?

What properties must the targeted protocol have in order for it to be vulnerable to such space-time tradeoffs?

You can see more details on the space-time tradeoffs (in this case with application to GSM) here: Interview on GSM Cracking

The first paper about time-memory tradeoffs in cryptanalysis is: Martin Hellman, A Cryptanalytic Time-Memory Tradeoff, IEEE Transactions on Information Theory, 1980.

Wikipedia has a pretty good description of rainbow tables.

What do you think the NSA is doing with the zettabytes of storage it is building in Utah?

"They would have plenty of space with five zettabytes to store at least something on the order of 100 years worth of the worldwide communications, phones and emails and stuff like that," Binney asserts, "and then have plenty of space left over to do any kind of parallel processing to try to break codes."


Rooting SIM cards, Security Research Labs, Berlin.

Sim card flaws leave millions of mobile phones open to attack, hacker finds, The Guardian, 1 August 2013

Encryption Flaw Makes Phones Possible Accomplices in Theft, New York Times, 21 July 2013

Weak Encryption Enables SIM Card Root Attack, Threatpost, 1 August 2013