381 research outputs found
Recommended from our members
Security enhancement for A5/1 without losing hardware efficiency in future mobile systems
A5/1 is the strong encryption algorithm which protects the air interface of the GSM cellular network. However, in the Fast Software Encryption Workshop 2000 two attacks, the biased birthday attack and the random subgraph attack against A5/1 were presented [1]. In this paper, we propose new security enhancements to improve A5/1 encryption algorithm from the biased birthday attack [1] and random subgraph attack [3] [4] in order to be used in future mobile communication systems. The improvements that make both attacks impractical are based on the clocking mechanism of the registers, and their key setup routine. Furthermore, we have increased the linear complexity of A5/1 to make the solution of the linear equations [2] impractical in real time systems. Finally, both original and modified versions of A5/1 were implemented easily in a CPLD device for 3rd generation mobile systems
A New Guess-and-Determine Attack on the A5/1 Stream Cipher
In Europe and North America, the most widely used stream cipher to ensure
privacy and confidentiality of conversations in GSM mobile phones is the A5/1.
In this paper, we present a new attack on the A5/1 stream cipher with an
average time complexity of 2^(48.5), which is much less than the brute-force
attack with a complexity of 2^(64). The attack has a 100% success rate and
requires about 5.65GB storage. We provide a detailed description of our new
attack along with its implementation and results.Comment: 14 pages, 4 figures, 3 table
Eavesdropping on GSM: state-of-affairs
In the almost 20 years since GSM was deployed several security problems have
been found, both in the protocols and in the - originally secret -
cryptography. However, practical exploits of these weaknesses are complicated
because of all the signal processing involved and have not been seen much
outside of their use by law enforcement agencies.
This could change due to recently developed open-source equipment and
software that can capture and digitize signals from the GSM frequencies. This
might make practical attacks against GSM much simpler to perform.
Indeed, several claims have recently appeared in the media on successfully
eavesdropping on GSM. When looking at these claims in depth the conclusion is
often that more is claimed than what they are actually capable of. However, it
is undeniable that these claims herald the possibilities to eavesdrop on GSM
using publicly available equipment.
This paper evaluates the claims and practical possibilities when it comes to
eavesdropping on GSM, using relatively cheap hardware and open source
initiatives which have generated many headlines over the past year. The basis
of the paper is extensive experiments with the USRP (Universal Software Radio
Peripheral) and software projects for this hardware.Comment: 5th Benelux Workshop on Information and System Security (WISSec
2010), November 201
Some Words on Cryptanalysis of Stream Ciphers
In the world of cryptography, stream ciphers are known as primitives used to ensure privacy over a communication channel. One common way to build a stream cipher is to use a keystream generator to produce a pseudo-random sequence of symbols. In such algorithms, the ciphertext is the sum of the keystream and the plaintext, resembling the one-time pad principal. Although the idea behind stream ciphers is simple, serious investigation of these primitives has started only in the late 20th century. Therefore, cryptanalysis and design of stream ciphers are important. In recent years, many designs of stream ciphers have been proposed in an effort to find a proper candidate to be chosen as a world standard for data encryption. That potential candidate should be proven good by time and by the results of cryptanalysis. Different methods of analysis, in fact, explain how a stream cipher should be constructed. Thus, techniques for cryptanalysis are also important. This thesis starts with an overview of cryptography in general, and introduces the reader to modern cryptography. Later, we focus on basic principles of design and analysis of stream ciphers. Since statistical methods are the most important cryptanalysis techniques, they will be described in detail. The practice of statistical methods reveals several bottlenecks when implementing various analysis algorithms. For example, a common property of a cipher to produce n-bit words instead of just bits makes it more natural to perform a multidimensional analysis of such a design. However, in practice, one often has to truncate the words simply because the tools needed for analysis are missing. We propose a set of algorithms and data structures for multidimensional cryptanalysis when distributions over a large probability space have to be constructed. This thesis also includes results of cryptanalysis for various cryptographic primitives, such as A5/1, Grain, SNOW 2.0, Scream, Dragon, VMPC, RC4, and RC4A. Most of these results were achieved with the help of intensive use of the proposed tools for cryptanalysis
State Transition Analysis of GSM Encryption Algorithm A5/1
A5/1 stream cipher is used in Global System for Mobile Communication(GSM) phones for secure communication. A5/1 encrypts the message transferred from a mobile user. In this paper, we present the implementation of cryptanalytic on A5/1 techniques such as minimized state recovery for recovering the session key. The number of state transitions/updations needed for a state S to reoccur is maintained in the lookup table. This table can be used to recover the initial state from which the keystream was produced. Experiments are carried out for reduced version, full A5/1 cipher on 3.20 GHz machine, and cluster computing facility
A structural analysis of the A5/1 state transition graph
We describe efficient algorithms to analyze the cycle structure of the graph
induced by the state transition function of the A5/1 stream cipher used in GSM
mobile phones and report on the results of the implementation. The analysis is
performed in five steps utilizing HPC clusters, GPGPU and external memory
computation. A great reduction of this huge state transition graph of 2^64
nodes is achieved by focusing on special nodes in the first step and removing
leaf nodes that can be detected with limited effort in the second step. This
step does not break the overall structure of the graph and keeps at least one
node on every cycle. In the third step the nodes of the reduced graph are
connected by weighted edges. Since the number of nodes is still huge an
efficient bitslice approach is presented that is implemented with NVIDIA's CUDA
framework and executed on several GPUs concurrently. An external memory
algorithm based on the STXXL library and its parallel pipelining feature
further reduces the graph in the fourth step. The result is a graph containing
only cycles that can be further analyzed in internal memory to count the number
and size of the cycles. This full analysis which previously would take months
can now be completed within a few days and allows to present structural results
for the full graph for the first time. The structure of the A5/1 graph deviates
notably from the theoretical results for random mappings.Comment: In Proceedings GRAPHITE 2012, arXiv:1210.611
- …