The COMP128 algorithm and the SIM card

SIM card has an important role in mobile communications. It contains the user's private key, which is used in COMP128 algorithm for user authentication to the mobile network and generating session keys to encrypt communications. In this thesis a detailed description of COMP128 algorithm is presented. A brute force attack on the algorithm is described, which exploits a weakness in the structure of COMP128 algorithm, and is based on birthday paradox. As a result the user's private key can be obtained in real time. The attack on COMP128 algorithm was also implemented and tested. A separate chapter provides the necessary cryptographic concepts such as authentication, hash functions and birthday paradox

Reducing the Collision Probability of Alleged Comp128

Wagner, Goldberg and Briceno have recently published an attack [2] on what they believe to be Comp128, the GSM A3A8 authentication hash function [1]. Provided that the attacker has physical access to the card and to its secret PIN code (the card has to be activated), this chosen plaintext attack recovers the secret key of the personalized SIM (Secure Identification Module) card by inducing collisions on the second (out of 40) round of the hash function. In this paper we suggest two different approaches to strengthen the alleged Comp128 algorithm with respect to this attack. An evaluation of the number of chosen plaintexts and the new complexity of the attack are given