A Single-Key Attack on 6-Round KASUMI

KASUMI is a block cipher used in the confidentiality and integrity algorithms of the 3GPP (3rd Generation Partnership Project) mobile communications. In 2010, a related-key attack on full KASUMI was reported. The attack was very powerful and worked in practical complexity. However the attack was not a direct threat to full KASUMI because of the impractical assumptions related to the attack. Therefore, this paper concentrates on single-key attacks considered to be practical attacks. This paper proposes a single-key attack on 6-round KASUMI. The attack, which applies a technique of higher order differential attacks, requires 2^{60.8} data and 2^{65.4} encryption time. To the best of our knowledge, the attack reported in this paper is the most powerful single-key attack against reduced-round KASUMI in terms of time complexity

Green Cryptanalysis: Meet-in-the-Middle Key-Recovery for the Full KASUMI Cipher

KASUMI is a block cipher with eight Feistel rounds and a key of up to 128 bits. Proposed more than 10 years ago, the confidentiality and integrity of 3G mobile communications systems depend on the security of KASUMI. In the practically interesting single key setting that we are aiming for in this work, no attack is known. For the full 8-round KASUMI we show for the first time a wide variety of results with data complexities between $2^{32}$ chosen plaintexts and as few as 2 texts, while the speed-ups over brute force are between a factor 4 and 6. For use-cases of KASUMI in 2G networks, relying on a 64-bit master key, we describe key recovery methods with extremely low data complexity and speed-ups between a factor 2 and 3 for essentially any desired success probability. The latter results are the first of this type of cryptanalysis that could result in practically realizable cost and energy savings for key recovery efforts. By also analyzing an earlier version of the KASUMI-64 design that had a different mapping from the 64-bit master key to the 128-bit cipher key, we shed some light on a high-level key schedule design issue that may be of independent interest

Multidimensional Zero-Correlation Linear Cryptanalysis of the Block Cipher KASUMI

The block cipher KASUMI is widely used for security in many synchronous wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd Generation Partnership Project) ciphering algorthms in 2001. There are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking so far. In this paper, we select some special input masks to refine the general 5-round zero-correlation linear approximations combining with some observations on the $FL$ functions and then propose the 6-round zero-correlation linear attack on KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI are also introduced under some weak keys conditions. These weak keys take $2^{-14}$ of the whole key space. The new zero-correlation linear attack on the 6-round needs about $2^{85}$ encryptions with $2^{62.8}$ known plaintexts. For the attack under weak keys conditions on the last 7 round, the data complexity is about $2^{62.1}$ known plaintexts and the time complexity $2^{110.5}$ encryptions

LT10 A LIGHTWEIGHT PROPOSED ENCRYPTION ALGORITHM FOR IOT

In this paper, algorithm (LT10) which is originally consist of four kasumi elements is proposed as a lightweight encryption algorithm, the proposed algorithm take into account that the IOT devices have a limit computation abilities and the sensitivity of smart homes and IOT network information that need to be exchanged the key length is 128 bit and the block length is 128 bi

Providing Identity Privacy in 5G Networks by Using Pseudonyms

This thesis aims for presenting a solution for providing the identity privacy in mobile networks. The user is identified in mobile networks by an International Mobile Subscriber Identity (IMSI). An IMSI catcher is a device that acts like a fake base station and targets information such as identity and location. Location tracking is one of the most serious outcomes, in case attacker captures these details. Since building an IMSI catcher is now cheaper than before and detecting one is very hard, threat caused by this device has become a serious issue, especially while developing 5G. Several solutions to protect against IMSI catchers are explained in this thesis, and one solution for defeating IMSI catchers is using pseudonyms instead of real identity. We claim that pseudonym can be an effective solution for providing identity privacy in 5G networks and can be also compatible with legacy networks. We have implemented a prototype that demonstrates how pseudonym can be imposed to an existing Authentication and Key Agreement (AKA) procedure. This prototype has been presented in two public demonstration sessions. This thesis includes the history of the mobile networks including 5G. The changes between generations of networks show the requirements for better infrastructure, and also for improved security. We have also examined the development of AKA, since AKA is one of the most important procedures to provide secure service to valid users. Moreover, our prototype is about enhancing AKA for adapting pseudonym approach. This thesis also mentions about a block cipher called KASUMI, which is used for encrypting and decrypting pseudonym during AKA in the prototype. Since KASUMI is designed specifically for 3GPP and cryptanalyses show it is still safe to use KASUMI, it was chosen to be used in the prototype. Keywords: 5G, mobile networks, pseudonym, identity privacy, authentication and key agreement, KASUMI

A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony

The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced in third generation networks by a new A5/3 block cipher called KASUMI, which is a modified version of the MISTY cryptosystem. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of $2^{ -14}$. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, $2^{26}$ data, $2^{30}$ bytes of memory, and $2^{32}$ time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the $2^{128}$ complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem

3g Mobil Haberleşme İçerisinde Kullanılan Şifreleme Algoritmalarının Gücünün Karşılaştırılması

DergiPark: 370290tujesIn this study, the strength of data encryption algorithms used in UMTS and CDMA2000 systems which are 3G mobile communication technologies were analyzed. At the beginning of the study, software applications were developed for KASUMI encryption algorithm which is used within UMTS system and AES encryption algo-rithm which is used within CDMA2000 system. Both key generation algorithms are applied to the same key values to create new key values which are used for data encryption. These new key values are tested by using test package of NIST to in order to check whether these key values are generated randomly or not. One of the key value which has high randomness is used as encryption key As a result, it was observed that AES algo-rithm is more successful than KASUMI algorithm in generating key values. Additionally, a key value, which has high randomization, was chosen and this key value was applied on encryption algorithm with plain text statement and as a result appli-cation of encrypted text on NIST test, it was observed that both KASUMI and AES block encryption algo-rithms have equally power in 3G mobile technology.* This paper is based on a Ph.D study titled “The Structure of Mobile Communication Technologies and Anal-ysis of the Reliability of Data Encryption Algorithms Used in These Technologies”Bu çalışmanın amacı 3G mobil iletişim teknolojilerinden CDMA2000 ve UMTS sistemlerinde yer alan veri şif-releme algoritmalarının gücünün karşılaştırılmalı analizidir. Öncelikle UMTS teknolojisi içerisinde yer alan KASUMI şifreleme algoritması ve CDMA2000 teknolojisi içerisinde yer alan AES şifreleme algoritmaları için yazılım geliştirilmiştir. Yeni şifreleme anahtarları elde etmek için her iki anahtar üretme algoritmasına aynı anahtar değerler uygulanmış ve elde edilen yeni anahtar değerler rassallıkları test edilmek üzere NIST testlerin-den geçirilmiştir. Rassalığı yüksek olan anahtar değerlerinden biri şifreleme anahtarı olarak kullanılmıştır. Çalışma sonunda, şif-releme algoritması içerisinde, açık metni şifrelemek için kullanılacak olan yeni anahtar değerlerinin üretiminde AES algoritmasının KASUMI algoritmasına oranla güçlü olduğu sonucu ortaya çıkmıştır. Çalışmada ayrıca yüksek randomizasyon veren anahtar değerlerinin kullanımı ile yapılan şifreleme işlemi sonucuna göre 3G teknolojisi içerisinde yer alan KASUMI ve AES şifreleme algoritmalarının eşit derecede şifreleme gücüne sahip olduğu or-taya çıkmıştır.* Bu çalışma “Mobil İletişim Teknolojilerinin Yapısı ve Bu Teknolojilerde Kullanılan Veri Şifreleme Algorit-malarının Güvenirliklerinin Analizi” adlı doktora tezinden üretilmiştir