Recently Frank Esser the CIO of SFR one of the major french ISP/cellphones operator has announce that they wish to deploy 3G femtocell in their user home. A 3G femtocell is a small 3G antenna designed to improve the coverage of the 3G network  on a local site.

[View with PicLens]

If someone is ready to introduce a 3G antenna at home, despite the health risk, why not. My concern is more about the uses of such antenna. SFR says that they wish to use it as a relay for all their customers in exchange of the subscription reduction. Giving up the control of GSM/3G antenna is  a huge risk, since the antenna is linked to the Internet router by an ethernet cable their is no way to prevent the owner of the antenna to snoop customer traffic.

You might argue that this is not a problem because the GSM protocol is secure… Well no, it is NOT secure. We know since 1999 that the GSM A5 encryption scheme is broken, and that any communication can be decypted in real time (You might wish to read the Shamir paper on the subject). Here it is even worst, because the attacker will be able not only to decrypt but even alter the communication because he is between the antenna and the SFR network.

Hence unless there is a strong mutual authentification between the SFR network and the antenna, then it will be a real nightmare. There is simply no way to choose which relay you use from your cellphone…  For instance you go to visit your customer to make a deal, somewhere in the midle of the negotiation you decide to call your office to decide what to do. Unfortunalty for you, you use your customer femtocell as a relay: your conversation with your boss is snooped in realtime by your customer which of course will tampers with the issue of the negotiation.

For those who miss it, the big hype this week in security was the new attack against the WPA wifi encryption. This attack was found by Martin Beck and Erik Tews and will be presented at the pansec  conference in Tokyo next week. Erik Tews was already part of the team that found the of the PTW attack against the WEP encryption (he is the T).

Until the release yesterday of the technical paper, it was unclear to which extent this attack was effective. After reading it, it appears that the attack described in the paper is a chop-chop attack against the WPA TPKI encryption scheme that allows to send at most 7 crafted packets when the QOS is enable.  The proof of concept of the attack will be implemented in aircrack-ng as Tews and Beck belongs to the developer team.

To protect you network against this attack, there is two things you can do :

1. If you want to keep a WPA-TKIP encryption scheme, then lower the rekeying frequency to something like 60-120 seconds. It is sufficient as the attack need at least 240 seconds to be performed while the first phase (which requiers an even longer delay) is done.
2. Switch to the WPA-AES encryption scheme and you will be safe (for now).

If you are not familiar with chop-chop attacks and TPKI, you should definitively ready this very nice post:  Battered, but not broken: understanding the WPA crack. which gives you all the details you need.

Even if all the press will go after the WPA attack described in the paper, I think that the first part of the article that describe an improvement of the PTW attack by improving the correlations is also very nice and clever. Reducing the number of packet you need to break a WEP encryption scheme is still very interesseting.