Mobile phone security &Cryptograph
Download
Report
Transcript Mobile phone security &Cryptograph
MOBILE PHONE
SECURITY
&CRYPTOGRAPH
Siyang Tian
TOPIC
1. SIM CARD
card embedded with subscriber identity module
2. 3G network
3rd generation mobile telecommunications
SIM CARD
3 most important serial numbers in SIM CARD:
IMSI, ICCID and KI
1. IMSI:It is a unique identification associated with all GSM and UMTS
network mobile phone users.
2.ICCID: integrated circuit card identifier. This serial number is used to identify the
subscriber identity module
3.KI: The Ki is the individual subscriber authentication key. It is a 128-bit number
that is paired with an IMSI when the SIM card is created. The Ki is only stored on
the SIM card and at the Authentication Center (AuC). The Ki will never be
transmitted across the network on any link.
KI IS THE MOST IMPORTANT
NUMBER
As IMSI and ICCD can be read from the SIM card directly by using a
SIM card reader, KI is the most important serial number for your SIM
Card security.
Once the KI number of a SIM card is cracked, the SIM card can be
cloned.
By making a duplicate SIM card:
1. You can integrate more than one SIM card into one and switch
from one to another by using one mobile phone.
2. Others can eavesdropping on your phone conversations, Voice
mail, make calls charged to the your SIM, ect
AUTHENTICATION &
ENCRYPTION
RAND: a random 128-bit number that is generated by the AuC when
the network requests to authenticate a subscriber. The RAND is used to
generate the Signed Response (SRES) and Kc crypto-variables.
A3 algorithm: it computes a 32-bit Signed Response (SRES).
A8 algorithm: it computes computes a 64-bit ciphering key (Kc).
COMP128: A keyed hash function that combines the A3 and A8 algorithms
into a single function. The 128-bit Ki and 128-bit RAND are input into the
COMP128 which generates a 32-bit SRES and a 54-bit Kc in a single function.
COMP128 is weak because it can give away information about the Ki.
AUTHENTICATION &
ENCRYPTION
3G NETWORK
3 algorithms were used: A5/1, A5/2 and A5/3
A5/1 and A5/2 are stream cipher.
A5/3 is block cipher.
A5/2 is much weaker than the other two
A5/1
A5/1: Stream cipher. Every random stream keys is used
only once.
The Linear feedback shift register
LFSR is used to generate “expected” random numbers
The period of a n bit LFSR is (2^n)-1. 00…0 is always
forceclosed.
TAP: The bit positions that affect the next state are called the
taps.
The taps are XOR'd sequentially with the output bit and
then fed back into the leftmost bit. The sequence of bits
in the rightmost position is called the output stream
3 LFSR are used in A5/1 algorithm.
They are LFSR1, LFSR2 and LFSR3
HOW KEY INVOLVED
For LFSR1:
K=K64K63….K1
F1(x)=x^19 ⊕x^18 ⊕x^17 ⊕ x^14 ⊕1
As it use a key with size 61 bit, the LFSR will shift 64 times
To make all key characters involved.
Initialization: S0=(x18,x17,…,x0)=(0,0,0,0…0)
Step1: S1 =(x18,x17,…,x0)=(0,0,0,0…K1)
Step2: S2 =(x18,x17,…,x0)=(0,0,0,0…K1,K2)
Step14:S14=(x18,x17,…,x0)=(0,0,0,0…K1,K2…K13,K14)
Step15:S15=(x18,x17,…,x0)=(0,0,0,0…K1,K2…K14,K1 ⊕ K15)
X^14 is a tap!.
Each register has an associated clocking bit(majority bit).
Say, for LFSR1,2,3 they are x1,x2,x3
Majority function F: F(x1,x2,x3)=(y1,y2,y3)
The majority function determines which LFSR is clocked.
When clocked, bits that are not taps are shifted one
position to the left unchanged.
By using this stop/go control, it looks like that the 3LFSR
generates number more randomly.
Majority bits: 11, 12 , 13
Majority function F: F(x1,x2,x3)=(y1,y2,y3)
For example, at time t, if F(a(t+11), b(t+12), c(t+13)) = (1,
1, 0)
(y1, y2, y3) = (1, 1, 0), then LFSR 1 and LFSR 2 are
clocked and LFSR 3 has no clock pulse.
KASUMI(A5/3)
A block with 128-bit key and 64-bit input and output, which is
also as known as A5/3
8 round Feistel network.
Input 64 bits I, I=L0||R0 where L0, R0 are 32 bits
128 bits key K=K1||K2||…||K8
Ki is 16 bits subkey
Ri=Li-1
Li=Ri-1 ⊕fi(L0i-1,RKi)
Rki is 32 bits and consists of three sub
keys. They are (KLi,KOi,Kii)
For 1,3,5,7 rounds:
fi(I,RKi)=FO(FL(I,KLi), KOi KI)
For 2,4,6,8 rounds:
fi(I,Ki)=FL(FO(I, KOi, KI),KL)
Algorithm FL: 32bit input I and 32 bit sub key KLi
KLi=KLi,1||KLi,2
𝑅′ = 𝑅 ⊕ 𝑅𝑂𝐿(𝐿 ∩KLi,1)
𝐿′ = 𝐿 ⊕ 𝑅𝑂𝐿(𝑅 ∩KLi,2)
Output of FL
32 bits L’||R’
ROL: rotate one bit left
where KLi,1 and KLi,2 are 16 bits
Algorithm FO: 32bit input I and two 48 bits sub keys KOi and KIi
KOi=KOi,1||KOi,2||KOi,3
where KOi,1 , KOi,2 and KIi,3 are 16 bits
KIi=KIi,1||KIi,2||KIi,3
where KIi,1 , KIi,2 and KIi,3 are 16 bits
Rj=FI(Lj-1 ⊕KOi,j , Kii,j) ⊕Rj-1
Lj=Rj-1
Output of FO: 32 bits L3||R3
Algorithm FI: 16 bits input I and one 16 bits sub key KIi,j
I is divided into L0 and R0.
I= L0 || R0
L0 is 9-bit and R0 is 7 bit
KIi,j is divided into L0 and R0.
KIi,j= KIi,j,1,|| KIi,j,2
KIi,j,1 is 9 bits
KIi,j,2 is 7 bits
S7 and S9 boxes are used
ZE(x) add 00 to x from right
TR(x) remove the left most two bits
L1=R0,
R1=S9[L0] ⊕ZE(R0)
L2=R1 ⊕Kii,j,2
R2=S7[L1] ⊕ 𝑇𝑅(𝑅1) ⊕KIi,j,1
L3=R2
R3=S9[L2] ⊕ZE(R2)
L4=S7[L3] ⊕TR(R3)
R4=R3
128 bits key K=K1||K2||…||K8 where Ki is 16 bits subkey
Kj’=Kj ⊕Cj where Cj is constant from a table
Sub keys for each round
WHY IT IS SAFE
Because of S7 and S9, a small change in one bit of the plain
text will cause a large difference in the cypher text.
Using FO and FI repeatedly in the Feistel structure will cause
confusion and diffusion, it also provides the security
REFERENCE
http://wenku.baidu.com/view/bc51e00a79563c1ec5da71ef.html
http://calliope.uwaterloo.ca/~ggong/ECE710T4/lec8-ch6b.pdf
http://www.tcs.hut.fi/Studies/T-79.514/slides/S5.Brumley-comp128.pdf
http://wenku.baidu.com/view/8289d1d4b9f3f90f76c61b8f.html
http://en.wikipedia.org/wiki/LFSR
http://gsmfordummies.com/encryption/encryption.shtml
QUESTION
1. What is a tap in LFSR?
2.For the majority function in A5/1. If the output of F is
F(x1,x2,x3)=F(1,0,0),
Which LFSR is clocked?
3.True or false: The Kasumi algorithm uses S8.
4.Which two of FO, FI,G8,RE and FL?
5.Why KI is the most important serial number in the SIM card?
QUESTION
1. What is a tap in LFSR?
The bit positions that affect the next state are called the taps.
2.For the majority function in A5/1. If the output of F is
F(x1,x2,x3)=F(1,0,0),
Which LFSR is clocked?
LFSR2 and LFSR3.
3.True or false: The Kasumi algorithm uses S8.
False
4.Which two of FO, FI,G8,RE and FL?
FO, FI.
5.Why KI is the most important serial number in the SIM card?
Because the other two can be read directly by using a SIM card reader, and
once Ki is cracked, the SIM card can be cloned.