|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||
20 March 1997
Bruce Schneier rebuttal of CTIA
NSA response to cellphone code crack
The cracking cryptographers' report
1 February 1997
Here's more on the controlled documents for cellular encryption from TIA/EIA described below on 26 January: Sharon Vargish of TIA (1-703-907-7702) sent the documents after I signed and returned the NDA: TR45.0.A
Common Cryptographic Algorithms, Revision B
June 21, 1995, 72 pp. (With ITAR notice on every page) TR45.0.A
Interface Specification for Common Cryptographic Algorithms,
Revision B, August 6, 1996, 15 pp. (No ITAR notice, but "sensitive information should be protected from general distribution.") TR45
Appendix A to PN-3474 (IS-36) October 16, 1995, 10 pp. (ITAR notice on every page.) TR45
Appendix-A to TIA/EIA 627 December 23, 1996, 7 pp. (No ITAR, but "sensitive"notice) "Common Cryptographic Algorithms" (CCA) supercedes the 1992 CAVE document, but is considerbly longer -- 72 pp. for the latest compared to 25 pp. for the 1992 version. Here're the CCA's TOC and Introduction: Table of Contents 1. Introduction 1.1. Notations 1.2. Definitions 2. Procedures 2.1. Authentication Key (A-Key) Procedures
2.1.1. A-Key Checksum calculation
2.1.2. A-Key Verification 2.2. SSD Generation and Update
2.2.1. SSD Generation Procedure
2.2.2. SSD Update Procedure 2.3. Authentication Signature Calculation Procedure 2.4. Encryption Key and VPM Generation Procedure
2.4.1. CMEA key Generation
2.4.2. Voice Privacy Mask Generation 2.5. CMEA Encryption/Decryption Procedure 2.6. Wireless Residential Extension Procedures
2.6.1. WIKEY Generation
2.6.2. WIKEY Update Procedure
2.6.3. Wireline Interface Authentication Signature
Calculation Procedure
2.6.4. Wireless Residential Extension Authentication
Signature Calculation Procedure 2.7. Cellular Data Encryption
2.7.1. Data Encryption Key Generation Procedure
2.7.2. Data Encryption Mask Generation Procedure 3. TEST VECTORS 3.1. CAVE Test Vectors
3.1.1. Vector 1
3.1.2. Vector 2
3.1.3. Test Program 3.2. Wireless Residential Extension Test Vectors
3.2.1. Input data
3.2.2. Test program
3.2.3. Test Program Output 3.3. Data Encryption Test Vector
3.3.1. Input data
3.3.2. Test Program
3.3.3. Test Program Output 1. Introduction This document describes detailed cryptographic procedures for cellular system applications. These procedures are used to perform the security services of mobile station authentication, subscriber message encryption, and encryption key and subscriber voice privacy key generation within cellular equipment. This document is organized as follows: §2 describes the Cellular Authentication, Voice Privacy and Encryption (CAVE) algorithm used for authentication for mobile subscriber equipment and for generation of cryptovariables to be used in other procedures. §2.1 describes the procedure to verify the manual entry of the subscriber authentication key (A-key). §2.2 describes the generation of intermediate subscriber cryptovariablcs, Shared Secret Data (SSD), from the unique and private subscriber A-key. §2.3 describes the procedure to calculate an authentication signature used by cellular base station equipment for verifying the authenticity of a mobile station. §2.4 describes the procedures used for generating cryptographic keys. These keys include the Voice Privacy Mask (VPM) and the Cellular Message Encryption Algorithm (CMEA) key. The VPM is used to provide forward link and reverse link voice confidentiality over the air interface. Thc CMEA key is used with the CMEA algorithm for protection of digital data exchanged between the mobile station and the base station. §2.5 describes the Cellular Message Encryption Algorithm (CMEA) used for enciphering and deciphering subscriber data exchanged between the mobile station and the base station. §2.6 describes the procedures for key and authentication signature generation for wireless residential extension applications. §2.7 describes the ORYX algorithm and procedures for key and mask generation for encryption and decryption in cellular data services. §3 provides test data (vectors) that may be employed to verify the correct operation of the cryptographic algorithms described in this document. ... [End CCA Introduction] The related CCA Interface Specification "describes the interfaces to cryptographic procedures for cellular system applications" described in the CCA. Its purpose "is to describe the cryptographic functions without revealing the technical details that are subject to" ITAR. The two Appendices A to IS-136 and 627 "contain requirements for message encryption and voice privacy for cellular systems" supplemental to those described in the main documents, the CCA and the CCA Interface Specs. ----- Thanks to TIA/EIA for prompt and courteous reply to our requests. Maybe they welcome help persuading USG/NSA to allow stronger crypto and boost the market for cellular systems.
Thanks to David Wagner and Steve Schear, we've learned about the
latest documents on cellular encryption which supercede the
1992 CAVE document, Appendix A to IS-54, which contained the CAVE
algorithm. Here are the latest, followed by ordering information.
TIA/EIA/IS-136.1-A -- TDMA Cellular/PCS - Radio Interface -
Mobile Station - Base Station Compatibility - Digital Control
Panel, October, 1996, 372 pp. $350.00.
Addendum No. 1 to IS-136.1-A, November, 1996, 40 pp. Free.
TIA/EIA/IS-136.2-A -- TDMA Cellular/PCS - Radio Interface -
Mobile Station - Base Station Compatibility - Traffic Channels
and FSK Control Channel, October, 1996, 378 pp. $310.00.
TIA/EIA-627 -- 800 MHZ Cellular System, TDMA Radio Interface,
Dual-Mode Mobile Station - Base Station Compatibility
Standard, June, 1996, 258 pp. $120.00.
These documents can be ordered from:
Global Engineering Documents
15 Inverness Way East
Englewood, Colorado 80112
Telephone: 1-800-854-7179
However, each of the documents lists the following related
supplements which contain "sensitive information" and may be
obtained by US/CA citizens from TIA by signing a Non-Disclosure
Agreement and acceptance of export restrictions:
Appendix A to IS-136.
Appendix A to 627.
Common Cryptographic Algorithms.
Interface Specification for Common Cryptographic Algorithms.
These controlled documents can be requested by calling Ms. Sharon
Vargish at 1-703-907-7702, who will fax an NDA, and upon receipt of
the completed form, will send the controlled documents at no cost.
Here's the NDA:
AGREEMENT ON CONTROL AND NONDISCLOSURE OF
COMMON CRYPTOGRAPHIC ALGORITHMS
REVISION A TO IS-54, IS-95, AND IS-136
[Note: 627 supercedes IS-54; IS-95 is for CDMA]
"I, _________________________, an employee/consultant/affiliate
(typed name)
of __________________________, hereafter, "the company,"
(Company name)
_____________________________
(Company address)
_____________________________
and a United States or Canadian citizen, acknowledge and understand
that the subject documents, to which I will have access contain
information [which] is subject to export control under the
International Traffic in Arms Regulations (ITAR) (Title 22, Code
of Federal Regulations, Part 120-130). I also understand that the
subject documents represent valuable, proprietary and confidential
business information of TIA and its members. I hereby certify that
this information will be controlled and will only be further
disclosed, exported, or transferred according to the terms of the
ITAR.
______________________________ _____________________________
Signature Date
______________________________ _____________________________
Printed Name Witness
______________________________ _____________________________
Title Printed Name of Witness
[End NDA]
January 2, 1997
TR45.3 is the number of the cellular telephone standards committee of the joint Telecommunications Industry Association (TIA) and Electronic Industries Association (EIA).
A part of these general standards is encryption standards, one of which is termed CAVE, Caller Authentication and Voice Encryption. The CAVE algorithm has been confidential to the industries, and was developed under the auspices of the NSA (see Barlow and Gilmore below).
A document, TR45.3, Appendix A to IS-54, Rev. B, February, 1992, which describes implementation of the CAVE algorithm, was sent anonymously to JYA and posted at this site until removed at the request of TIA (see letter below).
To obtain the latest edition of the standards by TR45.3, contact the Telecommunications Industry Association.
Posted by jya.com December 3, 1996:
Fax header: Dec 03 '96 03:57PM D'Ancona &PflaumD'Ancona & Pflaum
Suite 2900
30 North LaSalle Street
Chicago, Illinois.
Telephone (312) 580-2000.
Fax (312) 580-0923By Certified Mail
Return Receipt Requested
and by Fax (212) 799-4003Mr. John Young
251 West 89th Street Suite 6E
New York, New York 10024
Dear Mr. Young:
I am writing to you as general counsel of Telecommunications Industry Association ("TIA") which, as you may know, is engaged in the formulation and publication of standards in the communications field. At the request of our client, on November 26, 1996, I accessed your WEB site and both viewed and printed out a list of links to documents dealing with encryption. Among them were documents described as a CAVE Report, CAVE Table and a CAVE Algorithm dated November 20 and November 21, 1996.
In this fashion I was also able to view and print out the algorithm document of TIA's Committee TR45.3, with a clear statement that the information in the document may be subject to the export juristiction of the U. S. Department of State under the applicable regulations.
The posting on the WEB site of these documents is, in our opinion, a violation of the copyright of TIA and unlawful. Furthermore, the posting of the algorithm may constitute a violation of applicable export regulations. It seems in any event that it will be a violation under regulations to be drafted pursuant to the President's Executive Order of November 15, 1996 which was also accessed by me on your WEB site.
I returned to the site last Friday and yesterday, December 2 and noticed that these documents are no longer there. I commend you removing them, but ask for your assurances that they will not be posted again. In addition, it is important that we know how you received this documentation which is strictly restricted in its circulation.
I would appreciate hearing from you at your very earliest convenience.
Sincerely,
Paul H. Vishny
Copy to: Susan Hoyler [TIA] by fax (703) 907-7727
Copy to: Eric Schimmel, c/o Wyndham Bristol Hotel - Dallas, by fax (214) 761-7520
JYA comment:
Mr. Vishny and I spoke about his fax. I said that the CAVE-related documents would not be reposted on my Web site, and that TR45.3 had come by anonymous mail, as have others we've published. Mr. Vishny said TIA intended to take no action on this matter but its members must abide NDA.
Don't know what the Feds will do with (TIA's) Susan Hoyler's notification to them about TR45.3 at this site. Along with several telcomm biggies, some Ft. Meade servers siphoned TR45.3 and most other files on the site -- several times. Well, well!
For provocative commentary on the CAVE algorithm and its sponsoring TR45.3 committee, see John Perry Barlow's 1992 article and John Gilmore's recent message:
To: jya@pipeline.com
Subject: TR45 and lawyers and governments, oh my!
Date: Mon, 09 Dec 1996 01:18:53 -0800
From: John Gilmore <gnu@toad.com>I just noticed the thread on TR45.3 in cypherpunks.
If the government comes calling, tell them to stuff it. That document is not subject to ITAR. Textual descriptions of encryption algorithms, including pseudo-code and diagrams and all the rest, are not embargoed. At least, that's what the State Department tells Judge Patel. They included numerous copies of papers from the literature to demonstrate how common and robust the open publication of such information is in the US.
If they threaten you, tell them you'll blow the lid off the whole story of how NSA lied to the standards committee about the export control laws, in order to get them to deploy an insecure algorithm without revealing to the public how insecure it is.
I've talked with a number of people who were AT those committee meetings and saw and heard it all.
You might also ask the head of the TIA how they can remain an accredited standards organization if they don't allow public participation in their standards process, and if they make their so-called standards available to the public. They locked foreigners out of the authentication subcommittee (relying on the NSA lie) and now will not make copies of the standard available to the public.
And are now using their copyright to prevent people from finding out how insecure their "encryption" really is.
John
For access to the TR45.3 1992 version (not the 1996 latest) of the CAVE algorithm:
http://www.zedz.net/mirror/cave/index.html
Or, send E-mail to John Young <jya@pipeline.com> with the subject: CAVE.
If you prefer PGP-encrypted mail:
Fingerprint: 04 AE 89 77 4D 22 D3 76 41 FC E5 F3 55 92 B1 78
Public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy6rxQQAAAEEANW657bMcILCSaEYHV46DQWojtHDv6UQ2qGz+6wG5g5Q7KMz
QkQjM+fYNScW4fDUYH02wLG5x/E5hYwSaYal0k0b6G9m921QKqhVYj2+QzfiMqce
N45t4GjSNBdwmNywZEyz5RKXbAWm78DmAt9Ro3M8AGvG1XrsU4Sb9hQ07hCVAAUR
tB1Kb2huIFlvdW5nIDxqeWFAcGlwZWxpbmUuY29tPg==
=F0Xj
-----END PGP PUBLIC KEY BLOCK-----