Abstract
A5/2 is a synchronous stream cipher that is used for protecting GSM communication. Recently, some powerful attacks [2,5] on A5/2 have been proposed. In this contribution we enhance the ciphertext-only attack [2] by Barkan, Biham, and Keller by designing special-purpose hardware for generating and solving the required systems of linear equations. For realizing the LSE solver component, we use an approach recently introduced in [5,6] describing a parallelized hardware implementation of the Gauss-Jordan algorithm. Our hardware-only attacker immediately recovers the initial secret state of A5/2 - which is sufficient for decrypting all frames of a session - using a few ciphertext frames without any precomputations and memory. More precisely, in contrast to [2] our hardware architecture directly attacks the GSM speech channel (TCH/FS and TCH/EFS). It requires 16 ciphertext frames and completes the attack in about 1 second. With minor changes also input from other GSM channels (e.g., SDCCH/8) can be used to mount the attack.
Original language | English |
---|---|
Title of host publication | Cryptographic Hardware and Embedded Systems - CHES 2007 |
Editors | Pascal Paillier, Ingrid Verbauwhede |
Number of pages | 19 |
Volume | 4727 |
Place of Publication | Berlin, Heidelberg |
Publisher | Springer Berlin Heidelberg |
Publication date | 09.2007 |
Pages | 394-412 |
ISBN (Print) | 978-3-540-74734-5 |
ISBN (Electronic) | 978-3-540-74735-2 |
DOIs | |
Publication status | Published - 09.2007 |
Event | 9th International Workshop on Cryptographic Hardware and Embedded Systems - Vienna, Austria Duration: 10.09.2007 → 13.09.2007 |