Siyang Tian

TOPIC 1.SIM CARD card embedded with subscriber identity module 2. 3G network 3rd generation mobile telecommunications

SIM CARD 3 most important serial numbers in SIM CARD: IMSI, ICCID and KI 1. IMSI:It is a unique identification associated with all GSM and UMTS network mobile phone users. 2.ICCID: integrated circuit card identifier. This serial number is used to identify the subscriber identity module 3.KI: The Ki is the individual subscriber authentication key. It is a 128-bit number that is paired with an IMSI when the SIM card is created. The Ki is only stored on the SIM card and at the Authentication Center (AuC). The Ki will never be transmitted across the network on any link.

KI IS THE MOST IMPORTANT NUMBER As IMSI and ICCD can be read from the SIM card directly by using a SIM card reader, KI is the most important serial number for your SIM Card security. Once the KI number of a SIM card is cracked, the SIM card can be cloned. By making a duplicate SIM card: 1.You can integrate more than one SIM card into one and switch from one to another by using one mobile phone. 2. Others can eavesdropping on your phone conversations, Voice mail, make calls charged to the your SIM, ect

AUTHENTICATION & ENCRYPTION RAND: a random 128-bit number that is generated by the AuC when the network requests to authenticate a subscriber. The RAND is used to generate the Signed Response (SRES) and Kc crypto-variables. A3 algorithm: it computes a 32-bit Signed Response (SRES). A8 algorithm: it computes computes a 64-bit ciphering key (Kc). COMP128: A keyed hash function that combines the A3 and A8 algorithms into a single function. The 128-bit Ki and 128-bit RAND are input into the COMP128 which generates a 32-bit SRES and a 54-bit Kc in a single function. COMP128 is weak because it can give away information about the Ki.

AUTHENTICATION & ENCRYPTION

3G NETWORK 3 algorithms were used: A5/1, A5/2 and A5/3 A5/1 and A5/2 are stream cipher. A5/3 is block cipher. A5/2 is much weaker than the other two

A5/1 The Linear feedback shift register LFSR is used to generate “expected” random numbers The period of a n bit LFSR is (2^n)-1. 00…0 is always forceclosed. A5/1: Stream cipher. Every random stream keys is used only once.

TAP: The bit positions that affect the next state are called the taps. The taps are XOR'd sequentially with the output bit and then fed back into the leftmost bit. The sequence of bits in the rightmost position is called the output stream 3 LFSR are used in A5/1 algorithm. They are LFSR1, LFSR2 and LFSR3

HOW KEY INVOLVED

Each register has an associated clocking bit(majority bit). Say, for LFSR1,2,3 they are x1,x2,x3 Majority function F: F(x1,x2,x3)=(y1,y2,y3) The majority function determines which LFSR is clocked. When clocked, bits that are not taps are shifted one position to the left unchanged. By using this stop/go control, it looks like that the 3LFSR generates number more randomly.

Majority bits: 11, 12, 13

Majority function F: F(x1,x2,x3)=(y1,y2,y3) For example, at time t, if F(a(t+11), b(t+12), c(t+13)) = (1, 1, 0) (y1, y2, y3) = (1, 1, 0), then LFSR 1 and LFSR 2 are clocked and LFSR 3 has no clock pulse.

KASUMI(A5/3) 8 round Feistel network. A block with 128-bit key and 64-bit input and output, which is also as known as A5/3 Input 64 bits I, I=L 0 ||R 0 where L 0, R 0 are 32 bits 128 bits key K=K1||K2||…||K8 Ki is 16 bits subkey

For 1,3,5,7 rounds: f i (I,RK i )=FO(FL(I,KL i ), KO i KI) For 2,4,6,8 rounds: f i (I,K i )=FL(FO(I, KO i, KI),KL)

Algorithm FL: 32bit input I and 32 bit sub key KL i KL i =KL i,1 ||KL i,2 where KL i,1 and KL i,2 are 16 bits ROL: rotate one bit left

Algorithm FO: 32bit input I and two 48 bits sub keys KO i and KI i KI i =KI i,1 ||KI i,2 ||KI i,3 where KI i,1, KI i,2 and KIi,3 are 16 bits KO i =KO i,1 ||KO i,2 ||KO i,3 where KO i,1, KO i,2 and KIi,3 are 16 bits

Algorithm FI: 16 bits input I and one 16 bits sub key KI i,j I is divided into L 0 and R 0. I= L 0 || R 0 L 0 is 9-bit and R 0 is 7 bit KI i,j is divided into L 0 and R 0. KI i,j = KI i,j,1,|| KI i,j,2 KI i,j,1 is 9 bits KI i,j,2 is 7 bits S7 and S9 boxes are used ZE(x) add 00 to x from right TR(x) remove the left most two bits

128 bits key K=K1||K2||…||K8 where Ki is 16 bits subkey Sub keys for each round

WHY IT IS SAFE Because of S7 and S9, a small change in one bit of the plain text will cause a large difference in the cypher text. Using FO and FI repeatedly in the Feistel structure will cause confusion and diffusion, it also provides the security

REFERENCE

QUESTION 1.What is a tap in LFSR? 2.For the majority function in A5/1. If the output of F is F(x1,x2,x3)=F(1,0,0), Which LFSR is clocked? 3.True or false: The Kasumi algorithm uses S8. 4.Which two of FO, FI,G8,RE and FL? 5.Why KI is the most important serial number in the SIM card?

QUESTION 1.What is a tap in LFSR? The bit positions that affect the next state are called the taps. 2.For the majority function in A5/1. If the output of F is F(x1,x2,x3)=F(1,0,0), Which LFSR is clocked? LFSR2 and LFSR3. 3.True or false: The Kasumi algorithm uses S8. False 4.Which two of FO, FI,G8,RE and FL? FO, FI. 5.Why KI is the most important serial number in the SIM card? Because the other two can be read directly by using a SIM card reader, and once Ki is cracked, the SIM card can be cloned.