Security Analysis Of The GMR-1 And GMR-2 Encryption Algorithms In The Satellite Phones

Along with the development of mobile communication, people demand for communication not only limited to the use of daily life, in some special cases, such as natural disaster zones or remote areas, the ordinary mobile network cannot use. Therefore, the mobile satellite communication appears, especially the invention of the satellite phone, although its use range is relatively small, but considering the application domain is special, its security can not be ignored. In recent years, European ETSI association put forward the two kinds of encryption algorithm of satellite phones : GMR-1 and GMR-2 algorithm. The structure of GMR-1 is reference for the A5/2 algorithm in GSM system, and belongs to the stream cipher mechanism which based on four linear feedback shift registers, GMR-2 algorithm is a new kind of structure, which consists three main subcomponents, and belongs to the block cipher mechanism.For the GMR-1 algorithm, this thesis analyses the differences of A5/2 and GMR-1 algorithm, on the basis of the existing decryption algorithm compromise of space and time decoding method used in A5/2, we improve it and make it also suitable for the GMR-1, then gain the known plaintext attack method, finally analyzes its complexity, through the actual simulation validation can be in quad-core CPU, 8G of memory, Windows8.1(32byte) of the operating system on a desktop computer to realize real-time attack within 1 s.There are two kinds of attack methods existing for the GMR-2, one is the dynamic guess-and-decide attack method puting forward by Li, this method has a low data complexity, but takes a little longer time in real-time attack; Another is the known plaintext attack method which put forward by Benedikt, but the article does not give a detail analysis of the decryption algorithm.On the basis of Benedikt's research, this thesis will make the known plaintext attack methods of the GMR-2 algorithm for a further study, and find that the crucial points of this attacking algorithm is to find a keysteam which can cause a read-collision to narrow the possible key0 K. By theoretical analysis and practical verification, and mapping the number of keystream which the read-collision will occur for the first time to a discrete random variable model, then we can calculate the read-collision will occur in 16 th keystream for the first time in average, eventually to restore the the session key. Also we calculate the average space and time complexity of the decoding algorithm, compared with the guess-and-decide attack methods, although this method has a higher data complexity but the real-time attack stage takes much less time, that is, it can recovered the session key in about 0.3 seconds in quad-core CPU, 8G of memory, Windows8.1(32byte) of the operating system on a desktop computer.Finally, this article compares this two kinds of encryption algorithms used in the satellite phones, for its attack complexity, we discover that every algorithms has its own advantages and disadvantages: the GMR-1 algorithm needs less keystreams, but in the precomputation section, the space complexity is higher, and computing the matrix takes a long time; The GMR-2 algorithm does not has the precomputation section, and the real-time attack time is shorter, Algorithm's complexity is low, but it needs more keystreams. And for its safety, respectively to analyze the structure of this two algorithms and found that the safety of GMR-2 algorithm is relatively weak.