Abstract | ||
---|---|---|
A5/2 is a synchronous stream cipher that is used for protecting GSM communication. Recently, some powerful attacks [2,5] on A5/2 have been proposed. In this contribution we enhance the ciphertext-only attack [2] by Barkan, Biham, and Keller by designing special-purpose hardware for generating and solvingthe required systems of linear equations. For realizing the LSE solver component, we use an approach recently introduced in [5,6] describing a parallelized hardware implementation of the Gauss-Jordan algorithm. Our hardware-only attacker immediately recovers the initial secret state of A5/2 - which is sufficient for decrypting all frames of a session - using a few ciphertext frames without any precomputations and memory. More precisely, in contrast to [2] our hardware architecture directly attacks the GSM speech channel (TCH/FS and TCH/EFS). It requires 16 ciphertext frames and completes the attack in about 1 second. With minor changes also input from other GSM channels (e.g., SDCCH/8) can be used to mount the attack. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1007/978-3-540-74735-2_27 | CHES |
Keywords | Field | DocType |
ciphertext-only attack,parallelized hardware implementation,gsm channel,gauss-jordan algorithm,powerful attack,special-purpose hardware,gsm speech channel,hardware architecture,ciphertext frame,hardware-assisted realtime attack,gsm communication,a5 2,gsm,linear system of equations,stream cipher,cryptanalysis,gaussian elimination | GSM,Computer science,Communication channel,Cryptanalysis,Theoretical computer science,Stream cipher,Solver,Gaussian elimination,Ciphertext,Computer hardware,Hardware architecture | Conference |
Volume | ISSN | Citations |
4727 | 0302-9743 | 8 |
PageRank | References | Authors |
0.89 | 11 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Andrey Bogdanov | 1 | 2067 | 98.10 |
Thomas Eisenbarth | 2 | 840 | 61.33 |
Andy Rupp | 3 | 196 | 16.95 |