Editing DECT (section)

===Security===
The DECT media access control layer includes authentication of handsets to the base station using the DECT Standard Authentication Algorithm (DSAA). When registering the handset on the base, both record a shared 128-bit Unique Authentication Key (UAK). The base can request authentication by sending two random numbers to the handset, which calculates the response using the shared 128-bit key. The handset can also request authentication by sending a 64-bit random number to the base, which chooses a second random number, calculates the response using the shared key, and sends it back with the second random number.

The standard also provides [[encryption]] services with the DECT Standard Cipher (DSC). The encryption is [[key size|fairly weak]], using a 35-bit [[initialization vector]] and encrypting the voice stream with 64-bit encryption. While most of the DECT standard is publicly available, the part describing the DECT Standard Cipher was only available under a [[non-disclosure agreement]] to the phones' manufacturers from [[European Telecommunications Standards Institute|ETSI]].

The properties of the DECT protocol make it hard to intercept a frame, modify it and send it later again, as DECT frames are based on time-division multiplexing and need to be transmitted at a specific point in time.<ref name="Tews-DECT-World-2016" /> Unfortunately very few DECT devices on the market implemented authentication and encryption procedures<ref name="Tews-DECT-World-2016">Dr. DECT Secturity: Present, Past, Future. [http://www.dect.org/userfiles/file/DECT%20World%202016/Presentations/DF_DECT%20World%202016%20Presentations.zip DECT World 2016 Presentations] {{Webarchive|url=https://web.archive.org/web/20210419200215/https://www.dect.org/userfiles/file/DECT%20World%202016/Presentations/DF_DECT%20World%202016%20Presentations.zip |date=19 April 2021 }}. Erik Tews, University of Birmingham. 31 May 2016.</ref><ref name="25c3" />{{Snd}} and even when encryption was used by the phone, it was possible to implement a [[man-in-the-middle attack]] impersonating a DECT base station and revert to unencrypted mode{{Snd}} which allows calls to be listened to, recorded, and re-routed to a different destination.<ref name="25c3" /><ref name="RSA2009-DECT-Authentication">Lucks, Stefan; Schuler, Andreas; Tews, Erik; Weinmann, Ralf-Philipp; Wenzel, Matthias. [https://www.datenzone.de/blog/wp-content/uploads/2016/06/Attacks-on-the-DECT-authentication-mechanisms.pdf Attacks on the DECT Authentication Mechanisms]. Fischlin, Marc (Ed.): Topics in Cryptology{{Snd}} CT-RSA 2009, The Cryptographers' Track at the RSA Conference 2009, San Francisco, CA, USA, April 20–24, 2009.</ref><ref name="Tews-DECT-Security">Erik Tews. [http://tuprints.ulb.tu-darmstadt.de/2932/ DECT Security Analysis (Ph.D. Thesis)]. Technische Universität Darmstadt</ref>

After an unverified report of a successful attack in 2002,<ref>{{cite newsgroup|message-id=adsq2u$p00$1@wanadoo.fr|newsgroup=alt.anonymous.messages|title=Do you like ice cream?|url=https://groups.google.com/group/alt.anonymous.messages/browse_thread/thread/d311d0ebbe503835/0e28cfbc393d174c|website=Groups.google.com|access-date=2 January 2018}}</ref><ref>{{cite web |url=http://lists.gnumonks.org/pipermail/dedected/2009-January/000432.html |title=DSC{{Snd}} Reverse Engineering of the Samsung DECT SP-R6150 |date=26 January 2009 |first=Ralf-Philipp |last=Weinmann  |url-status=dead  |archive-url=https://web.archive.org/web/20120226025256/http://lists.gnumonks.org/pipermail/dedected/2009-January/000432.html |archive-date=26 February 2012 |df=dmy }}</ref> members of the deDECTed.org project actually did reverse engineer the DECT Standard Cipher in 2008,<ref name="25c3">{{cite news | url = http://www.h-online.com/security/news/item/25C3-Serious-security-vulnerabilities-in-DECT-wireless-telephony-739493.html | title = Serious security vulnerabilities in DECT wireless telephony |publisher = Heise Online | date =29 December 2008 }}</ref> and as of 2010 there has been a viable attack on it that can recover the key.<ref name="DSC-analysis">{{cite web | url = https://www.datenzone.de/blog/wp-content/uploads/2016/06/Cryptanalysis-of-the-DECT-Standard-Cipher.pdf | title = Cryptanalysis of the DECT Standard Cipher | first1 = Karsten | last1 = Nohl | first2 = Erik | last2 = Tews | first3 = Ralf-Philipp | last3 = Weinmann | date =4 April 2010 |work=Fast Software Encryption, 17th International Workshop, FSE 2010, Seoul, Korea}}</ref>

In 2012, an improved authentication algorithm, the DECT Standard Authentication Algorithm 2 (DSAA2), and improved version of the encryption algorithm, the DECT Standard Cipher 2 (DSC2), both based on [[Advanced Encryption Standard|AES]] 128-bit encryption, were included as optional in the NG-DECT/CAT-iq suite.

DECT Forum also launched the DECT Security certification program which mandates the use of previously optional security features in the GAP profile, such as early encryption and base authentication.