Abstract
We consider the 3GPP confidentiality and integrity schemes that were adopted by Universal Mobile Telecommunication System, an emerging standard for third generation wireless communications. The schemes, known as f8 and f9, are based on the block cipher KASUMI. Although previous works claim security proofs for f8 and f9′, where f9′ is a generalized version of f9, it was shown that these proofs are incorrect; it is impossible to prove f8 and f9′ secure under the standard PRP assumption on the underlying block cipher. Following the results, it was shown that it is possible to prove f8′ and f9′ secure if we make the assumption that the underlying block cipher is a secure PRP-RKA against a certain class of related-key attacks; here f8′ is a generalized version of f8. Needless to say, the assumptions here are stronger than the standard PRP assumptions, and it is natural to seek a practical way to modify f8′ and f9′ to establish security proofs under the standard PRP assumption. In this paper, we propose f8 + and f9 + , slightly modified versions of f8′ and f9′, but they allow proofs of security under the standard PRP assumption. Our results are practical in the sense that we insist on the minimal modifications; f8 + is obtained from f8′ by setting the key modifier to all-zero, and f9 + is obtained from f9′ by setting the key modifier to all-zero, and using the encryptions of two constants in the CBC MAC computation.
Chapter PDF
Similar content being viewed by others
Keywords
- Encryption Algorithm
- Message Authentication Code
- Universal Mobile Telecommunication System
- Random String
- Security Proof
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
3GPP TS 35.201 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 1: f8 and f9 specification, Available at http://www.3gpp.org/tb/other/algorithms.htm
3GPP TS 35.202 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 2: KASUMI specification, Available at http://www.3gpp.org/tb/other/algorithms.htm
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of The 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–405. IEEE, Los Alamitos (1997)
Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)
Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)
Black, J., Rogaway, P.: CBC mACs for arbitrary-length messages:The three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)
Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)
Blunden, M., Escott, A.: Related key attacks on reduced round KASUMI. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 277–285. Springer, Heidelberg (2002)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Berlin (2002)
Evaluation report (version 2.0). Specification of the 3GPP confidentiality and integrity algorithms, Report on the evaluation of 3GPP confidentiality and integrity algorithms, Available at http://www.3gpp.org/tb/other/algorithms.htm
Hong, D., Kang, J.-s., Preneel, B., Ryu, H.: A concrete security analysis for 3GPP-MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 154–169. Springer, Heidelberg (2003)
Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 427–445. Springer, Heidelberg (2004)
Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms. Full version of [14], available at IACR Cryptology ePrint Archive, Report 2004/019 (2004), http://eprint.iacr.org/
Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Iwata, T., Kurosawa, K.: On the correctness of security proofs for the 3GPP confidentiality and integrity algorithms. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 306–318. Springer, Heidelberg (2003)
Iwata, T., Kurosawa, K.: How to enhance the security of the 3GPP confidentiality and integrity algorithms. Full version of this paper, available from the authors (2005)
Jonsson, J.: On the security of CTR + CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003)
Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)
Kang, J.-s., Shin, S.-U., Hong, D., Yi, O.: Provable security of KASUMI and 3GPP encryption mode f8. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 255–271. Springer, Heidelberg (2001)
Knudsen, L.R., Mitchell, C.J.: Analysis of 3gpp-MAC and two-key 3gpp-MAC. Discrete Applied Mathematics 128(1), 181–191 (2003)
Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)
McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode of operation. IACR Cryptology ePrint Archive, Report 2004/193 (2004), http://eprint.iacr.org/
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM Conference on Computer and Communications Security, ACM CCS 2001. ACM, New York (2001)
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Submission to NIST, Available at http://csrc.nist.gov/CryptoToolkit/modes/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iwata, T., Kurosawa, K. (2005). How to Enhance the Security of the 3GPP Confidentiality and Integrity Algorithms. In: Gilbert, H., Handschuh, H. (eds) Fast Software Encryption. FSE 2005. Lecture Notes in Computer Science, vol 3557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11502760_18
Download citation
DOI: https://doi.org/10.1007/11502760_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26541-2
Online ISBN: 978-3-540-31669-5
eBook Packages: Computer ScienceComputer Science (R0)