Advertisement

Correlation Power Analysis on KASUMI: Attack and Countermeasure

  • Devansh Gupta
  • Somanath Tripathy
  • Bodhisatwa Mazumdar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11348)

Abstract

The KASUMI block cipher imparts confidentiality and integrity to the 3G mobile communication systems. In this paper we present power analysis attack on KASUMI as a two-pronged attack: first the FL function is targeted, and subsequently the recovered output of FL function is used to mount attack on \(7\times 7\) and \(9\times 9\) S-boxes embedded in the FO function of the cipher. Our attack recovers all 128 bits of the secret key of KASUMI. Further, we present a countermeasure for this attack which requires lesser resource footprint as compared to existing countermeasures, rendering such implementations practically feasible for resource-constrained applications, such as IoT and RFID devices.

Keywords

Side channel attack Power analysis attack Correlation power analysis KASUMI block cipher 

References

  1. 1.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_26CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: A related-key rectangle attack on the full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005).  https://doi.org/10.1007/11593447_24CrossRefGoogle Scholar
  4. 4.
    Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30564-4_5CrossRefGoogle Scholar
  5. 5.
    Blunden, M., Escott, A.: Related key attacks on reduced round KASUMI. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 277–285. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45473-X_23CrossRefGoogle Scholar
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_2CrossRefGoogle Scholar
  7. 7.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_26CrossRefGoogle Scholar
  8. 8.
    Chen, Z., Zhou, Y.: Dual-rail random switching logic: a countermeasure to reduce side channel leakage. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 242–254. Springer, Heidelberg (2006).  https://doi.org/10.1007/11894063_20CrossRefGoogle Scholar
  9. 9.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  10. 10.
    Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 427–445. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-25937-4_27CrossRefGoogle Scholar
  11. 11.
    Jia, K., Li, L., Rechberger, C., Chen, J., Wang, X.: Improved cryptanalysis of the block cipher KASUMI. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 222–233. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35999-6_15CrossRefGoogle Scholar
  12. 12.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  13. 13.
    Kühn, U.: Cryptanalysis of reduced-round MISTY. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 325–339. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_20CrossRefGoogle Scholar
  14. 14.
    Masoumi, M., Moghadam, S.S.: A simulation-based correlation power analysis attack to FPGA implementation of KASUMI block cipher. Int. J. Internet Technol. Secur. Trans. 7(2), 175–191 (2017)CrossRefGoogle Scholar
  15. 15.
    Matsui, M., Tokita, T.: MISTY, KASUMI and camellia cipher algorithm development. Mitsibishi Electr. Adv. (Mitsibishi Electr. Corp.) 100, 2–8 (2001)Google Scholar
  16. 16.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1173–1178. IEEE (2012)Google Scholar
  17. 17.
    Nguyen, P.H., Robshaw, M.J.B., Wang, H.: On related-key attacks and KASUMI: the case of A5/3. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 146–159. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25578-6_12CrossRefGoogle Scholar
  18. 18.
    Oswald, E., et al.: OpenSCA, an open source toolbox for MATLAB (2008)Google Scholar
  19. 19.
    Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005).  https://doi.org/10.1007/11545262_13CrossRefGoogle Scholar
  20. 20.
    Popp, T., Mangard, S., Oswald, E.: Power analysis attacks and countermeasures. IEEE Des. Test Comput. 24(6) (2007)CrossRefGoogle Scholar
  21. 21.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_28CrossRefGoogle Scholar
  22. 22.
    Satoh, A., Morioka, S.: Small and high-speed hardware architectures for the 3GPP standard cipher KASUMI. In: Chan, A.H., Gligor, V. (eds.) ISC 2002. LNCS, vol. 2433, pp. 48–62. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45811-5_4CrossRefGoogle Scholar
  23. 23.
    Sugio, N., Aono, H., Hongo, S., Kaneko, T.: A study on higher order differential attack of KASUMI. IEICE Trans. Fundam. Electron., Commun. Comput. Sci. 90(1), 14–21 (2007)CrossRefGoogle Scholar
  24. 24.
    Trichina, E., Korkishko, T., Lee, K.H.: Small size, low power, side channel-immune AES coprocessor: design and synthesis results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2004. LNCS, vol. 3373, pp. 113–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11506447_10CrossRefzbMATHGoogle Scholar
  25. 25.
    Wang, Z., Dong, X., Jia, K., Zhao, J.: Differential fault attack on KASUMI cipher used in GSM telephony. Math. Prob. Eng. 2014, 1–7 (2014)Google Scholar
  26. 26.
    Zhou, Y., Feng, D.: Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptology ePrint Archive 2005/388 (2005)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Devansh Gupta
    • 1
  • Somanath Tripathy
    • 1
  • Bodhisatwa Mazumdar
    • 2
  1. 1.Indian Institute of Technology PatnaPatnaIndia
  2. 2.Indian Institute of Technology IndoreIndoreIndia

Personalised recommendations