Small Tweaks Do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards

详细信息    查看全文

• 关键词：Side ; channel attacks ; Mobile network security ; SIM cards cloning
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9326
• 期：1
• 页码：468-480
• 全文大小：861 KB
• 参考文献：1.3GPP specification: 35.206 (Specification of the MILENAGE algorithm set). http://​www.​3gpp.​org/​DynaReport/​35206.​htm
  2.Cryptography for mobile network - C implementation and Python bindings. https://​github.​com/​mitshell/​CryptoMobile
  3.List of LTE networks. http://​en.​wikipedia.​org/​wiki/​List_​of_​LTE_​networks
  4.List of UMTS networks. http://​en.​wikipedia.​org/​wiki/​List_​of_​UMTS_​networks
  5.Security Technology for SAE/LTE. https://​www.​nttdocomo.​co.​jp/​english/​binary/​pdf/​corporate/​technology/​rd/​technical_​journal/​bn/​vol11_​3/​vol11_​3_​027en.​pdf . Accessed 6 January 2015
  6. Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003) CrossRef
  7. Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 43–51. Springer, Heidelberg (2000) CrossRef
  8. Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001) CrossRef
  9. Bogdanov, A., Eisenbarth, T., Rupp, A.: A hardware-assisted realtime attack on A5/2 without precomputations. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 394–412. Springer, Heidelberg (2007) CrossRef
  10.Briceno, M., Goldberg, I., Wagner, D.: GSM Cloning (1998). http://​www.​isaac.​cs.​berkeley.​edu/​isaac/​gsm-faq.​html . Accessed 6 January 2015
  11. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004) CrossRef
  12.Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRef
  13.Gindraux, S.: From 2G to 3G: a guide to mobile security. In: 3rd International Conference on 3G Mobile Communication Technologies, pp. 308–311 (2002)
  14.Mangard, S., Oswald, E., Standaert, F.: One for all - all for one: unifying standard differential power analysis attacks. IET Inform. Secur. 5(2), 100–110 (2011)CrossRef
  15. Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004) CrossRef
  16.Niemi, V., Nyberg, K.: UMTS Security. Wiley Online Library (2003)
  17. Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005) CrossRef
  18.Rao, J.R., Rohatgi, P., Scherzer, H., Tinguely, S.: Partitioning attacks: or how to rapidly clone some GSM cards. In: 2002 IEEE Symposium on Security and Privacy, Berkeley, California, USA, pp. 31–41 (2002)
  19. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013) CrossRef
  20. Zhou, Y., Yu, Y., Standaert, F.-X., Quisquater, J.-J.: On the need of physical security for small embedded devices: a case study with COMP128-1 implementations in SIM cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 230–238. Springer, Heidelberg (2013) CrossRef
  
• 作者单位：Junrong Liu (16)
  Yu Yu (16) (17) (18)
  François-Xavier Standaert (19)
  Zheng Guo (16) (20)
  Dawu Gu (16)
  Wei Sun (16)
  Yijie Ge (16)
  Xinjun Xie (21)
  
  16. School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, China
  17. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
  18. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China
  19. ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Louvain-la-Neuve, Belgium
  20. Shanghai Viewsource Information Science and Technology Co., Ltd, Shanghai, China
  21. Shanghai Modern General Recognition Technology Corporation, Shanghai, China
  
• 丛书名：Computer Security -- ESORICS 2015
• ISBN：978-3-319-24174-6
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

Side-channel attacks are an increasingly important concern for the security of cryptographic embedded devices, such as the SIM cards used in mobile phones. Previous works have exhibited such attacks against implementations of the 2G GSM algorithms (COMP-128, A5). In this paper, we show that they remain an important issue for USIM cards implementing the AES-based MILENAGE algorithm used in 3G/4G communications. In particular, we analyze instances of cards from a variety of operators and manufacturers, and describe successful Differential Power Analysis attacks that recover encryption keys and other secrets (needed to clone the USIM cards) within a few minutes. Further, we discuss the impact of the operator-defined secret parameters in MILENAGE on the difficulty to perform Differential Power Analysis, and show that they do not improve implementation security. Our results back up the observation that physical security issues raise long-term challenges that should be solved early in the development of cryptographic implementations, with adequate countermeasures.