2nd generation mobile radio networks, specifically GSM networks (Global System for Mobile Communications), were designed during the cold war, and cryptography was considered a weapon. Therefore, the cryptography used in GSM was deliberately designed to be weak enough so that government agencies could decipher it for reasons of national or international security. Particularly, for its security, GSM has relied for a long time on the fact that the equipment for eavesdropping communication traffic and detecting encryption keys has been too expensive for “normal” hackers. However, the hacking community has recently demonstrated cheap and efficient attacks on the GSM A5/1 ciphering algorithm used in today's GSM networks. As described by Harald Welte in “A real-world practical A5/1 attach using airprobe and Kraken” (http://laforge.gnumonks.org/weblog/2010/07/30/#20100730-practical gsm a51 attack), the attack on the A5/1 ciphering algorithm, which is presently used widely in GSM networks, relies on the fact that there are well known messages, e.g. signaling or control messages, sent over the network which are encrypted using a rather short encryption key. Capturing such a well-known message makes it possible for an eavesdropper to detect the encryption key quite quickly by looking up the key in a pre-computed dictionary. One mitigation technique for this problem is known as “random padding” and described in ETSI, “Digital cellular telecommunications system (Phase 2+); Mobile Station-Base Stations System (MS-BSS) interface Data Link (DL) layer specification,” 3GPP TS 44.006 version 9.1.0 Release 9. However, “random padding” does not prevent the attack for well-known messages which do not allow padding, such as a location update message, for example.
European Patent EP 2,099,241 describes a method for improving the level of security in GSM networks which implement the A5/1 ciphering protocol. For making it more difficult for an attacker to decipher A5/1 GSM communication, EP 2 099 241 makes reference to randomizing “dummy bits” included in a call, whereby 15 “dummy bits” are defined as bits with pre-defined values reserved for future applications by the protocol. Nevertheless, as in the case of “random padding” the method of EP 2,099,241 relies on, and is limited to, specific bits that may be present or may not be present, and whose positions in a message are defined and also known to a malicious attacker.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.