siyang tian. topic 1.sim card card embedded with subscriber identity module 2. 3g network 3rd...
TRANSCRIPT
Siyang Tian
MOBILE PHONE SECURITY
&CRYPTOGRAPH
TOPIC
1. SIM CARDcard embedded with subscriber identity module
2. 3G network3rd generation mobile telecommunications
SIM CARD
3 most important serial numbers in SIM CARD: IMSI, ICCID and KI
1. IMSI:It is a unique identification associated with all GSM and UMTS network mobile phone users.
2.ICCID: integrated circuit card identifier. This serial number is used to identify the subscriber identity module
3.KI: The Ki is the individual subscriber authentication key. It is a 128-bit number that is paired with an IMSI when the SIM card is created. The Ki is only stored on the SIM card and at the Authentication Center (AuC). The Ki will never be transmitted across the network on any link.
KI IS THE MOST IMPORTANT NUMBER
As IMSI and ICCD can be read from the SIM card directly by using a SIM card reader, KI is the most important serial number for your SIM Card security.
Once the KI number of a SIM card is cracked, the SIM card can be cloned.
By making a duplicate SIM card:1. You can integrate more than one SIM card into
one and switch from one to another by using one mobile phone.
2. Others can eavesdropping on your phone conversations, Voice mail, make calls charged to the your SIM, ect
AUTHENTICATION & ENCRYPTION
RAND: a random 128-bit number that is generated by the AuC when the network requests to authenticate a subscriber. The RAND is used to generate the Signed Response (SRES) and Kc crypto-variables.A3 algorithm: it computes a 32-bit Signed Response (SRES). A8 algorithm: it computes computes a 64-bit ciphering key (Kc).COMP128: A keyed hash function that combines the A3 and A8 algorithms into a single function. The 128-bit Ki and 128-bit RAND are input into the COMP128 which generates a 32-bit SRES and a 54-bit Kc in a single function. COMP128 is weak because it can give away information about the Ki.
AUTHENTICATION & ENCRYPTION
3G NETWORK
3 algorithms were used: A5/1, A5/2 and A5/3
A5/1 and A5/2 are stream cipher.
A5/3 is block cipher.
A5/2 is much weaker than the other two
A5/1
LFSRThe Linear feedback shift registerLFSR is used to generate “expected”
random numbersThe period of a n bit LFSR is (2^n)-1. 00…0 is always forceclosed.
A5/1: Stream cipher. Every random stream keys is used only once.
TAP: The bit positions that affect the next state are called the taps.
The taps are XOR'd sequentially with the output bit and then fed back into the leftmost bit. The sequence of bits in the rightmost position is called the output stream3 LFSR are used in A5/1 algorithm. They are LFSR1, LFSR2 and LFSR3
HOW KEY INVOLVED
For LFSR1:K=K64K63….K1F1(x)=x^19 x^18 x^17 1As it use a key with size 61 bit, the LFSR will shift 64 timesTo make all key characters involved.
Initialization: S0=(x18,x17,…,x0)=(0,0,0,0…0)Step1: S1 =(x18,x17,…,x0)=(0,0,0,0…K1)Step2: S2 =(x18,x17,…,x0)=(0,0,0,0…K1,K2)Step14:S14=(x18,x17,…,x0)=(0,0,0,0…K1,K2…K13,K14)Step15:S15=(x18,x17,…,x0)=(0,0,0,0…K1,K2…K14,K1 K15)
X^14 is a tap!.
Each register has an associated clocking bit(majority bit). Say, for LFSR1,2,3 they are x1,x2,x3
Majority function F: F(x1,x2,x3)=(y1,y2,y3)The majority function determines which LFSR is clocked.
When clocked, bits that are not taps are shifted one position to the left unchanged.
By using this stop/go control, it looks like that the 3LFSR generates number more randomly.
Majority bits: 11, 12 , 13
Majority function F: F(x1,x2,x3)=(y1,y2,y3)
For example, at time t, if F(a(t+11), b(t+12), c(t+13)) = (1, 1, 0) (y1, y2, y3) = (1, 1, 0), then LFSR 1 and LFSR 2 are clocked and LFSR 3 has no clock pulse.
KASUMI(A5/3)
8 round Feistel network.
A block with 128-bit key and 64-bit input and output, which is also as known as A5/3
Input 64 bits I, I=L0||R0 where L0, R0 are 32 bits128 bits key K=K1||K2||…||K8 Ki is 16 bits subkey
For 1,3,5,7 rounds:fi(I,RKi)=FO(FL(I,KLi), KOi KI)
For 2,4,6,8 rounds:fi(I,Ki)=FL(FO(I, KOi, KI),KL)
Ri=Li-1
Li=Ri-1 fi(L0i-1,RKi)Rki is 32 bits and consists of three sub keys. They are (KLi,KOi,Kii)
Algorithm FL: 32bit input I and 32 bit sub key KLi
KLi=KLi,1||KLi,2 where KLi,1 and KLi,2 are 16 bits
ROL: rotate one bit left
KLi,2)Output of FL32 bits L’||R’
KLi,1)
Algorithm FO: 32bit input I and two 48 bits sub keys KOi and KIi
KIi=KIi,1||KIi,2||KIi,3 where KIi,1 , KIi,2 and KIi,3 are 16 bits
KOi=KOi,1||KOi,2||KOi,3 where KOi,1 , KOi,2 and KIi,3 are 16 bits
Rj=FI(Lj-1 KOi,j , Kii,j) Rj-1
Lj=Rj-1
Output of FO: 32 bits L3||R3
Algorithm FI: 16 bits input I and one 16 bits sub key KIi,j
I is divided into L0 and R0.I= L0 || R0
L0 is 9-bit and R0 is 7 bit
KIi,j is divided into L0 and R0.KIi,j= KIi,j,1,|| KIi,j,2
KIi,j,1 is 9 bitsKIi,j,2 is 7 bits
S7 and S9 boxes are usedZE(x) add 00 to x from rightTR(x) remove the left most two bits
L1=R0,
R1=S9[L0] ZE(R0)
L2=R1 Kii,j,2
R2=S7[L1] 1) KIi,j,1
L3=R2
R3=S9[L2] ZE(R2)
L4=S7[L3] ⊕TR(R3)
R4=R3
128 bits key K=K1||K2||…||K8 where Ki is 16 bits subkeyKj’=Kj Cj where Cj is constant from a table
Sub keys for each round
WHY IT IS SAFE
Because of S7 and S9, a small change in one bit of the plain text will cause a large difference in the cypher text.
Using FO and FI repeatedly in the Feistel structure will cause confusion and diffusion, it also provides the security
REFERENCE
http://wenku.baidu.com/view/bc51e00a79563c1ec5da71ef.htmlhttp://calliope.uwaterloo.ca/~ggong/ECE710T4/lec8-ch6b.pdfhttp://www.tcs.hut.fi/Studies/T-79.514/slides/S5.Brumley-comp128.pdfhttp://wenku.baidu.com/view/8289d1d4b9f3f90f76c61b8f.htmlhttp://en.wikipedia.org/wiki/LFSRhttp://gsmfordummies.com/encryption/encryption.shtml
QUESTION
1. What is a tap in LFSR?
2.For the majority function in A5/1. If the output of F is F(x1,x2,x3)=F(1,0,0),Which LFSR is clocked?
3.True or false: The Kasumi algorithm uses S8.
4.Which two of FO, FI,G8,RE and FL?
5.Why KI is the most important serial number in the SIM card?
QUESTION
1. What is a tap in LFSR? The bit positions that affect the next state are called the taps.
2.For the majority function in A5/1. If the output of F is F(x1,x2,x3)=F(1,0,0),Which LFSR is clocked?LFSR2 and LFSR3.
3.True or false: The Kasumi algorithm uses S8.False
4.Which two of FO, FI,G8,RE and FL?FO, FI.
5.Why KI is the most important serial number in the SIM card?Because the other two can be read directly by using a SIM card reader, and once Ki is cracked, the SIM card can be cloned.