Research On Security Of Cryptographic Algorithm In GSM

GSM’s security is always payed close attention to, as the most popular mobile system in theworld and connected to WCDMA smoothly. The research of security on mobile system isimportant in realistic significance. For the signal in air and one diraction in authentication, GSMis vulnerable to be attacked. Depending on the manners, the attack to GSM is dicided into activeattack and passive attack. Active attack based on passive attack, so this article focuse on thepassive attack. The passive attack’s main purpose is to research the attack to the cryptographyalgorithm, which is divided into known plaintext attack and ciphertext-only attack.This thesis research on the cryptanalysis of A5/1algorithm which are stream-cipher basedon LFSRs and A5/3algorithm which is stream-cipher based on block-cipher KASUMI algorithm.Our main resluts listed as follows.Firstly, the property of the state space convergence sequences is shown, and we get thesequences of state space convergence are similar on general model. By the research ontransformation function of A5/1algorithm, we prove the property of the state space convergencesequences by random function, supporting the research on the attack to A5/1algorithm.Secondly, we propose a instant attack to A5/1algorithm based on FPGA/ASIC platform andguess-and-determine method, analysis the time complexity of the attack and give the result oftest on FPGA and of simulation on ASIC. The proposed attack improves theguess-and-determine method to an instant attack by the property of the state space convergencesequences. Thus we can attack successfully using few data, and the attack platform would besmall enough using in practice. Using ASIC, the attack platform can100%get the key in2second by1frame key-stream data, if we don’t conside the affection of errors in the reception.Thirdly, we propose a model of TMDTO attack to A5/1algorithm, that model based on DPand thin rainbow tables and the property of the state space convergence sequences. The formulasof success rate, avarange chain lenth, store space, time in precomputer, time in instant-computeare given. By using FPGA and trade-off of kinds of paremeter, in the constrant of time and spacewe can choose the suitable paremeter. In this method, we can use32FPGA chips complete the2T data-table in1month, and use16FPGA chips find the on99%in1second. Moerover, usingFPGA the power consumed is much lower than that in using GPU which Nohl used. The resultby our method is better than that of Nohl published in2010.Fourthly, fault injection attack to A5/3algorithm is improved by algebra cryptanalysis. Twotype fault injection attack are cryptanalysis with algebraic method. One type is the fault injectionattack with assuming that the number of rounds can be decreased, and by using algebracryptanalysis, we can get the session key in several seconds. The other is the differential faultattack with assuming that a fault occurs on one bit, testing the result2³³KASUMI encryptionsare needed to get the session key. We get the conclusion that the A5/3is vulnerable under faultattack.Fifthly, we propose algebra cryptanalysis with high order difference attack to KASUMI. Byresearch on high order difference attack to the Feistel structure of block cipher KASUMI, algebra cryptanalysis with high order difference attack is proposed. So by modified MiniSAT, thecomplexity of attack6rounds KASUMI that uses128bit key is237.46KASUMI computationequally using one key with219.9chosen plaintext-cipher.