Differential Fault Attack on KASUMI Cipher Used in GSM Telephony

The confidentiality of GSM cellular telephony depends on the security of A5 family of cryptosystems. As an algorithm in this family survived from cryptanalysis, A5/3 is based on the block cipher KASUMI. This paper describes a novel differential fault attack on KAUSMI with a 64-bit key. Taking advantage of some mathematical observations on the FL, FO functions, and key schedule, only one 16-bit word fault is required to recover all information of the 64-bit key. The time complexity is only 232 encryptions. We have practically simulated the attack on a PC which takes only a few minutes to recover all the key bits. The simulation also experimentally verifies the correctness and complexity.

[1]  Lin Teng,et al.  A novel colour image encryption algorithm based on chaos , 2012, Signal Process..

[2]  Chao Li,et al.  Differential Fault Analysis on SMS4 using a single fault , 2010, Inf. Process. Lett..

[3]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, CRYPTO.

[4]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[5]  Xing-Yuan Wang,et al.  A symmetric image encryption algorithm based on mixed linear-nonlinear coupled map lattice , 2014, Inf. Sci..

[6]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[7]  Eli Biham,et al.  A Related-Key Rectangle Attack on the Full KASUMI , 2005, ASIACRYPT.

[8]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[9]  Chong Hee Kim,et al.  Differential fault analysis of AES: Toward reducing number of faults , 2012, Inf. Sci..

[10]  Sang-Uk Shin,et al.  Provable Security of KASUMI and 3GPP Encryption Mode f8 , 2001, ASIACRYPT.

[11]  Michael Tunstall,et al.  Round Reduction Using Faults , 2005 .

[12]  Xing-yuan Wang,et al.  A chaotic image encryption algorithm based on perceptron model , 2010 .

[13]  Junko Takahashi,et al.  Practical Fault Attack on a Cryptographic LSI with ISO/IEC 18033-3 Block Ciphers , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[14]  Junko Takahashi,et al.  Improved Differential Fault Analysis on CLEFIA , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[15]  Juanru Li,et al.  Differential fault analysis on the ARIA algorithm , 2008, Inf. Sci..

[16]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[17]  Adi Shamir,et al.  A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony , 2010, CRYPTO.

[18]  Hua Chen,et al.  Differential Fault Analysis on CLEFIA , 2007, ICICS.

[19]  Ulrich Kühn,et al.  Improved Cryptanalysis of MISTY1 , 2002, FSE.

[20]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[21]  Xingyuan Wang,et al.  Color image encryption using spatial bit-level permutation and high-dimension chaotic system , 2011 .

[22]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[23]  Xingyuan Wang,et al.  An anonymous key agreement protocol based on chaotic maps , 2011 .

[24]  Keting Jia,et al.  Green Cryptanalysis: Meet-in-the-Middle Key-Recovery for the Full KASUMI Cipher ? , 2013 .

[25]  Xing-yuan Wang,et al.  An improved key agreement protocol based on chaos , 2010 .

[26]  Seokhie Hong,et al.  Fault Injection Attack on A5/3 , 2011, 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications.