A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony

Channel:
Microsoft Research
Subscribers:
344,000
Published on ● Video Link: https://www.youtube.com/watch?v=7IRIWyXoNUU


Duration: 1:30:47
1,357 views
16

The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced by the new A5/3 (and recently announced A5/4) algorithm based on the block cipher KASUMI, which is a modified version of MISTY. In this work we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2^{-14}. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4~related keys, 2^{26} data, 2^{30} bytes of memory, and 2^{32} time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2^{128} complexity of exhaustive search, which indicates that the changes made by ETSI's SAGE group in moving from MISTY to KASUMI resulted in a much weaker cipher. This is a joint work with Nathan Keller and Adi Shamir.



Other Videos By Microsoft Research


2016-08-17Hera-JVM: A Runtime System for Heterogeneous Multi-Core Architectures
2016-08-17UCSD Distributed Cognition and Human-Computer Interaction Lab Research
2016-08-17Hardware Trojans in Wireless Cryptographic Integrated Circuits
2016-08-17Stable, Fair Societies As The Natural Product of Local Exchange Networks
2016-08-17Not All Frames Are Created Equal: Temporal Sparsity for Robust and Efficient ASR
2016-08-17California Fault Lines: Understanding the Causes and Impact of Network Failures
2016-08-17e-Heritage Projects in Italy, Cambodia, and Japan: Lesson learned
2016-08-17Self-Stabilizing Autonomic Recoverers
2016-08-17Embedding spanning trees in random graphs
2016-08-17Real-time estimation of distributed parameters systems: application to traffic monitoring
2016-08-17A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony
2016-08-17Spectral graph sparsification Part 2: [An O(mlog^2 n) algorithm for solving SDD systems]
2016-08-17MSR New England Social Media Research
2016-08-17Exploiting Sparsity in Unsupervised Classification
2016-08-17Computational Social Science in Medicine
2016-08-17Virtual Machine Reset Vulnerabilities; Subspace LWE; Cryptography Against Continuous Memory Attacks
2016-08-17Adaptive Submodularity: A New Approach to Active Learning and Stochastic Optimization
2016-08-17Spectral graph sparsification Part 1: -- (The Combinatorial Multigrid Solver)
2016-08-17Glauber Dynamics for the 2D Ising Model at Low Temperature
2016-08-17Sheriff: Detecting and Eliminating False Sharing
2016-08-17National Renewable Energy Lab, renewable energy and the compute space


Tags:
microsoft research