Passive System for Recovering Cryptography Keys
First Claim
1. A system for use in collecting and decrypting encrypted wireless signals in a wireless communications network (WCN), comprising:
- a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys;
a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and
a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine the encryption key, wherein the encryption key is useful to decrypt transmissions between the mobile device and the WCN base station.
2 Assignments
0 Petitions
Accused Products
Abstract
Modern cellular wireless communications providers strive to keep their network and subscribers secure through various means. The identity of the subscriber may be obfuscated through the use of a temporary identifier for most network transactions including signaling events, voice calls, SMS messages and data sessions. A subscriber'"'"'s unique identity may only be transmitted over the air in an encrypted form. Similarly, the content of voice calls, SMS messages and data sessions may also be encrypted when transmitted over the air and even when transferred over internal network interfaces. However, the use of encryption presents significant challenges for law enforcement communities when court ordered lawful intercept is required to monitor and locate subscribers utilizing the wireless networks for illegal and/or terrorist purposes. A technique to aid in the determination of a subscriber'"'"'s unique wireless identity and the decryption of encrypted signals would be very useful for lawful intercept. In this document we describe an architecture and technique to aid in the decryption of encrypted wireless signals for lawful intercept by determining the current encryption key. It may also be used to decrypt encrypted signals on internal interfaces of the wireless and wireline networks.
-
Citations
32 Claims
-
1. A system for use in collecting and decrypting encrypted wireless signals in a wireless communications network (WCN), comprising:
-
a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys; a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine the encryption key, wherein the encryption key is useful to decrypt transmissions between the mobile device and the WCN base station. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for use in collecting and decrypting encrypted wireless signals in a Global System for Mobility (GSM) wireless communications network (WCN), comprising:
-
a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure encryption vectors including RAND and SRES vectors and an encryption key, and to obtain identification and network information including IMSI, MS-ISDN, mobile device country code, network code and system code, whereby an approximate location of a mobile device is determined; a radio probe for passively monitoring the air interface between the mobile device and at least one WCN base station, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the mobile device a WCN base station; and a correlation processor operatively coupled to the network and radio probes and configured to compare information received by each probe and to determine the encryption key, wherein the correlation processor is further configured to determine mobile identifiers, collection time stamps and location information, the association of the RAND and SRES vectors collected from the air interface with RAND and SRES obtained from the D interface, and to determine a current encryption key, Kc, for the mobile device. - View Dependent Claims (18, 19, 20)
-
-
21. A system for use in collecting and decrypting encrypted wireless signals in a Global System for Mobility (GSM) wireless communications network (WCN), comprising:
-
a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure encryption vectors including the SRES challenge response and an encryption key, and to obtain identification and network information including IMSI, MS-ISDN, mobile device country code, network code and system code, whereby an approximate location of a mobile device is determined; a radio probe for passively monitoring the air interface between the mobile device and at least one WCN base station, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the mobile device a WCN base station; and a correlation processor operatively coupled to the network and radio probes and configured to compare information received by each probe and to determine the encryption key, wherein the correlation processor is further configured to determine mobile identifiers, collection time stamps and location information, the association of the SRES challenge response collected from the air interface with SRES obtained from the D interface, and to determine a current encryption key, Kc, for the mobile device. - View Dependent Claims (22, 23, 24)
-
-
25. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
-
a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure RAND, XRES, AUTN, encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface; a radio probe for passively monitoring the air interface (UU) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure RAND, XRES, AUTN and TMSI parameters contained in the transmissions; and a correlation processor operatively coupled to the network and radio probes, wherein the RAND, XRES, AUTN and TMSI from the radio probe and the RAND, XRES, AUTN, encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe. - View Dependent Claims (26)
-
-
27. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
-
a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure XRES, AUTN, encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface; a radio probe for passively monitoring the air interface (UU) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure XRES, AUTN and TMSI parameters contained in the transmissions; and a correlation processor operatively coupled to the network and radio probes, wherein the XRES, AUTN and TMSI from the radio probe and the XRES, AUTN, encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe. - View Dependent Claims (28)
-
-
29. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
-
a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure XRES encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface; a radio probe for passively monitoring the air interface (UU) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure XRES and TMSI parameters contained in the transmissions; and a correlation processor operatively coupled to the network and radio probes, wherein the XRES, and TMSI from the radio probe and the XRES encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe. - View Dependent Claims (30)
-
-
31. A system for use in collecting encrypted wireless signals in a wireless communications network (WCN) and correlating a control channel assignment to a user identification, for uplink location, comprising:
-
a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys; a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine a vector, including at least one of a signed response (SRES) generated by the mobile device and a random challenge (RAN) generated by the WCN, and to correlate a control channel assignment to a user identifier. - View Dependent Claims (32)
-
Specification