Advertisement

A Concrete Security Analysis for 3GPP-MAC

  • Dowon Hong
  • Ju-Sung Kang
  • Bart Preneel
  • Heuisu Ryu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)

Abstract

The standardized integrity algorithm f9 of the 3GPP algorithm computes a MAC (Message Authentication Code) to establish the integrity and the data origin of the signalling data over a radio access link of W-CDMA IMT-2000. The function f9 is based on the block cipher KASUMI and it can be considered as a variant of CBC-MAC. In this paper we examine the provable security of f9. We prove that f9 is a secure pseudorandom function by giving a concrete bound on an adversary’s inability to forge a MAC value in terms of her inability to distinguish the underlying block cipher from a random permutation.

Keywords

Message authentication code 3GPP-MAC Provable security Pseudo-randomness 

References

  1. 1.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994), http://wwwcse.ucsd.edu/users/mihir/ Google Scholar
  2. 2.
    Berendschot, A., et al.: Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040). LNCS, vol. 1007. Springer, Heidelberg (1995)Google Scholar
  3. 3.
    Black, J., Rogaway, P.: CBC-MACs for arbitrary-length messages: the three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable it Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Carter, L., Wegman, M.: Universal hash functions. J. of Computer and System Sciences 18, 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Gligor, V., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes, Contribution to NIST, April 20 (2001), Available at http://csrc.nist.gov/encryption/modes/
  7. 7.
    Jaulmes, É., Joux, A., Valette, F.: On the security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 237–251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC-MAC, Contribution to NIST, June 21 (2002), Available at http://csrc.nist.gov/encryption/modes/
  9. 9.
    Kang, J., Shin, S., Hong, D., Yi, O.: Provable security of KASUMI and 3GPP encryption mode f8. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 255–271. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Kang, J., Yi, O., Hong, D., Cho, H.: Pseudorandomness of MISTY-type transformations and the block cipher KASUMI. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 60–73. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Knudsen, L.R., Mitchell, C.J.: Analysis of 3gpp-MAC and two-key 3gpp-MAC. Discrete Applied Mathematics (to appear)Google Scholar
  12. 12.
    Knudsen, L.: Analysis of RMAC, Contribution to NIST, November 10 (2002), Available at http://csrc.nist.gov/CryptoToolkit/modes/comments/
  13. 13.
    Kohno, T.: Related-Key and Key-Collision Attacks Against RMAC, Contribution to NIST (2002), Available at http://csrc.nist.gov/CryptoToolkit/modes/comments/
  14. 14.
    Lloyd, J.: An Analysis of RMAC, Contribution to NIST, November 18 (2002), Available at http://csrc.nist.gov/CryptoToolkit/modes/comments/
  15. 15.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations and pseudorandom functions, SIAM J. SIAM J. Comput. 17, 189–203 (1988)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Petrank, E., Rackoff, C.: CBC-MAC for Real-Time Data Source. J. of Cryptology 13, 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Rogaway, P.: PMAC: A parallelizable message authentication code, Contribution to NIST, April 17 (2001), Available at http://csrc.nist.gov/encryption/modes/
  19. 19.
    Rogaway, P.: Comments on NIST’s RMAC Proposal, Contribution to NIST, December 2 (2002), Available at http://csrc.nist.gov/CryptoToolkit/modes/comments/
  20. 20.
    Wegman, M., Carter, L.: New hash functions and their use in authentication and set equality. J. of Computer and System Sciences 22, 265–279 (1981)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    3GPP TR 33.909, Report on the evaluation of 3GPP standard confidentiality and integrity algorithms, V1.0.0, 2002-12Google Scholar
  22. 22.
    3GPP TS 35.201 Specification of the 3GPP confidentiality and integrity algorithm; Document 1: f8 and f9 specificationsGoogle Scholar
  23. 23.
    ISO/IEC 9797-1:1999(E) Information technology - Security techniques - Message Authentication Codes(MACs) - Part 1Google Scholar
  24. 24.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Dowon Hong
    • 1
  • Ju-Sung Kang
    • 1
  • Bart Preneel
    • 2
  • Heuisu Ryu
    • 1
  1. 1.ETRIInformation Security Technology DivisionTaejonKorea
  2. 2.ESAT/COSICKatholieke Universiteit LeuvenLeuven-HeverleeBelgium

Personalised recommendations