[Gsmmap] Question on correct interpretation of pie-graph

Karsten Nohl nohl at virginia.edu
Mon Jan 2 16:46:28 CET 2012


On Jan 2, 2012, at 16:41 , Bart Stuut wrote:

> Hi Karsten,
> 
> First of all thanks for the fast reply.
> 
> Sorry to pester you with follow up question ... I would not be
> surprised if you have better things to do ;-)
> 
>>> A quick question on the pie-charts that are used on gsmmap.org: What
>>> is the correct interpretation of these?
>> 
>> "Fully green" means: All countermeasures we have seen implemented in 2011 are available on a given network.
>> As you can see, no network currently implements all measures but a few get close.
> 
> Maybe I should rephrase the question using an example;
> 
> If we take an Intercept pie-chart with an estimate of 47% green and
> 53% red, is the right interpretation then that the 47% of the analyzed
> instances comply with the reference network as mentioned on slide 12
> of the 28c3 presentation (i.e. use padding randomization), and that
> 53% of those instances did not comply?
> 
> Or another example, Impersonation pie-chart of 25% green / 75% red
> means that 25% of analyzed instances are using A5/1 *and* 100%
> Authentication, and 75% of instances were shown to use either A5/1
> *or* 100% Authentication.

It's neither of those but a weighted average of protection measures across all submitted transactions. Most security features such as randomization tend to be switched either on or off for all transactions in a network, a few others such as rekeying frequency are observable only over a larger sample set.

Cheers,

     -Karsten




More information about the Gsmmap mailing list