Physical Attacks against the Lack of Perfect Forward Secrecy in DECT Encrypted Communications and Possible Countermeasures

Digital Enhanced Cordless Telecommunications (DECT) is a world-wide wireless standard sustained by ETSI and widely used in cordless telephony. Whilst domestic DECT cordless phones were primarily designed to be used in connection with the Public Switched Telephone Network, their presence in Unified Communications systems has become more and more common given their reliability, flexibility and interoperability. The DECT protocol foresees the usage of authentication and encryption in order to protect the privacy of the voice communications. Unfortunately, the cryptographic mechanisms foreseen by the standard do not provide support for forward secrecy. As a consequence, the compromise of the long-term secret cryptographic key leads to the decryption of any previous, present and future encrypted communication. In this paper, we describe and demonstrate experimentally a new physical attack, able to recover the long-term cryptographic key from the memory of DECT devices and use it to decrypt voice communications previously intercepted in encrypted form. In order to mitigate this threat to the privacy of the DECT communications, we propose a set of countermeasures and proposals for modifications of the standard to provide forward secrecy in the communications.

COISEL Iwen;  SANCHEZ MARTIN Jose Ignacio;  SHAW David; 

2015-12-02

IEEE

JRC94866

978-1-4799-5343-1,   

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7289150,    https://publications.jrc.ec.europa.eu/repository/handle/JRC94866,   

10.1109/IWCMC.2015.7289150,