Daily Archives: 2006-05-09

Persec 2006 and Naccache on tapping mobile phones

Over the past couple of months I attended about half a dozen events around the world (Brussels, Pisa (x3), Tokyo, Cambridge, York, Milan), often as invited speaker, but failed to mention them here. While I won’t promise that I will ever catch up with the reporting, let me at least start.

I was, with Ari Juels of RSA Labs, program chair of IEEE PerSec 2006, the security workshop of the larger PerCom conference, held in March 2006 in Pisa, Italy. I previously mentioned the rfid virus paper by Rieback et al when it got the (second) best paper award: that was the paper I found most enjoyable of the ones in the main track.

Ari and I invited David Naccache as the keynote speaker of our workshop. This was, if I may say so myself, an excellent move: for me, his talk was by far the most interesting part of the whole workshop and conference. Now a professor at the École Normale Supérieure in Paris, David was until recently a security expert at leading smartcard manufacturer Gemplus. Among other things, his talents allow him to help law enforcement agencies tap the bad guys’s cellphones, read the numbers in their phone books and find out where they have been.

His talk was very informative and entertaining, full of fascinating war stories such as the tricks used to steal covertly an expired session key from the phone of a suspect to decrypt a recorded phone call that had been intercepted earlier as cyphertext. The target was asleep in a hotel room, with his phone under recharge on his bed table, and the author and his agents were in the next room, doing their electronic warfare from across the wall. What do you do in a case like this? pretend to be the base station, reissue the old challenge so that the SIM generates the same session key, and then listen to the electromagnetic radiation from the pads of the SIM while the key is being transmitted to the handset via the SIM’s electric contacts. Brilliant. And just one in a rapid-fire sequence of other equally interesting real life stories.

David, like many of the other speakers at the workshop, has kindly allowed me to put up his paper and presentation slides on the workshop’s web site. It won’t be as good as his outstanding live talk, but you may still find it quite interesting.

On the same page you will also find two more papers by members of the Cambridge security group: one on multi-channel protocols by Ford-Long Wong and yours truly, and one attacking key distribution schemes in sensor networks by Tyler Moore.