Abstract
The GSM standard developed by ETSI for 2G networks adopts the A5/1 stream cipher to protect the over-the-air privacy in cell phone and has become the de-facto global standard in mobile communications, though the emerging of subsequent 3G/4G standards. There are many cryptanalytic results available so far and the most notable ones share the need of a heavy pre-computation with large rainbow tables or distributed cracking network. In this paper, we present a fast near collision attack on GSM encryption in 2G/3G networks, which is completely new and more threatening compared to the previous best results. We adapt the fast near collision attack proposed at Eurocrypt 2018 with the concrete irregular clocking manner in A5/1 to have a state recovery attack with a low complexity. It is shown that if the first 64 bits of one keystream frame are available, the secret key of A5/1 can be reliably found in \(2^{31.79}\) cipher ticks, given around 1 MB memory and after the pre-computation of \(2^{20.26}\) cipher ticks. Our current implementation clearly certified the validity of the suggested attack. Due to the fact that A5/3 and GPRS share the same key with A5/1, this can be converted into attacks against any GSM network eventually.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Other choices are also possible, e.g., we can get the first 6 keystream bits to launch the attack. For simplicity of description, we take the first 5 keystream bits here.
- 2.
Though the clock control taps defined in [9] are different from here, this issue does not have any effect on the analysis of the state-transition properties under the condition that \(\text{ min }(ct_{1},ct_{2},ct_{3})\ge 2\).
- 3.
The seed key in our c implementation is derived from the system time via some arithmetic operations such as modulo addition. We have also tried AES as the random source and obtained almost the same results as the RC4 case.
References
Barkan, E., Biham, E.: Conditional estimators: an effective attack on A5/1. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 1–19. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_1
Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_35
Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 43–51. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44495-5_5
Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_1
Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_1
Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1, May 1999. http://www.scard.org
Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Trans. Inf. Theory 49(1), 284–289 (2003)
Gendrullis, T., Novotný, M., Rupp, A.: A real-world attack breaking A5/1 within hours. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 266–282. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_17
Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_17
Koch, P.C.: Cryptanalysis of stream ciphers-analysis and application of the near collision attack for stream ciphers. Technical University of Denmark, Master thesis supervisor, Christian Rechberger, pp. 111–122, November 2013
Lu, J., Li, Z., Henricksen, M.: Time–memory trade-off attack on the GSM A5/1 stream cipher using commodity GPGPU. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 350–369. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_17
Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_1
Nohl, K.: Attacking phone privacy. In: Black Hat USA 2010 Lecture Notes (2010). https://srlabs.de/decrypting-gsm/
Pornin, T., Stern, J.: Software-hardware trade-offs: application to A5/1 cryptanalysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 318–327. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_25
Zhang, B., Li, Z., Feng, D., Lin, D.: Near collision attack on the grain v1 stream cipher. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 518–538. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_27
Zhang, B., Xu, C., Meier, W.: Fast near collision attack on the grain v1 stream cipher. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 771–802. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_25
Acknowledgements
The author would like to thank the anonymous reviewers for very helpful comments and Yanyi Liu, Hui Peng and Di Zhai for the discussions on the topic. This work is supported by the National Key R&D Research programm (Grant No. 2017YFB0802504), the program of the National Natural Science Foundation of China (Grant No. 61572482), National Cryptography Development Fund (Grant No. MMJJ20170107) and National Grand Fundamental Research 973 Programs of China (Grant No. 2013CB338002).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Association for Cryptologic Research
About this paper
Cite this paper
Zhang, B. (2019). Cryptanalysis of GSM Encryption in 2G/3G Networks Without Rainbow Tables. In: Galbraith, S., Moriai, S. (eds) Advances in Cryptology – ASIACRYPT 2019. ASIACRYPT 2019. Lecture Notes in Computer Science(), vol 11923. Springer, Cham. https://doi.org/10.1007/978-3-030-34618-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-34618-8_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34617-1
Online ISBN: 978-3-030-34618-8
eBook Packages: Computer ScienceComputer Science (R0)
