Abstract
This paper analyses the 3GPP confidentiality and integrity schemes adopted by Universal Mobile Telecommunication System, an emerging standard for third generation wireless communications. The schemes, known as f8 and f9, are based on the block cipher KASUMI. Although previous works claim security proofs for f8 and f9′, where f9′ is a generalized versions of f9, it was recently shown that these proofs are incorrect. Moreover, Iwata and Kurosawa (2003) showed that it is impossible to prove f8 and f9′ secure under the standard PRP assumption on the underlying block cipher. We address this issue here, showing that it is possible to prove f8′ and f9′ secure if we make the assumption that the underlying block cipher is a secure PRP-RKA against a certain class of related-key attacks; here f8′ is a generalized version of f8. Our results clarify the assumptions necessary in order for f8 and f9 to be secure and, since no related-key attacks are known against the full eight rounds of KASUMI, lead us to believe that the confidentiality and integrity mechanisms used in real 3GPP applications are secure.
Download to read the full chapter text
Chapter PDF
References
3GPP TS 35.201 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 1: f8 and f9 specification, Available at http://www.3gpp.org/tb/other/algorithms.htm
GPP TS 35.202 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 2: KASUMI specification, Available at http://www.3gpp.org/tb/other/algorithms.htm
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of The 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–405. IEEE, Los Alamitos (1997)
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. JCSS 61(3), 362–399 (2000); In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)
Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKAPRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1993)
Black, J.A., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)
Blunden, M., Escott, A.: Related key attacks on reduced round KASUMI. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 277–285. Springer, Heidelberg (2002)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Berlin (2002)
Evaluation report (version 2.0). Specification of the 3GPP confidentiality and integrity algorithms, Report on the evaluation of 3GPP confidentiality and integrity algorithms, Available at http://www.3gpp.org/tb/other/algorithms.htm
Hong, D., Kang, J.-S., Preneel, B., Ryu, H.: A concrete security analysis for 3GPP-MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 154–169. Springer, Heidelberg (2003)
Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms (2004), Full version of this paper, available at http://eprint.iacr.org/
Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Iwata, T., Kurosawa, K.: On the correctness of security proofs for the 3GPP confidentiality and integrity algorithms. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 306–318. Springer, Heidelberg (2003)
Jonsson, J.: On the Security of CTR+CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2002)
Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)
Kang, J.-S., Shin, S.-U., Hong, D., Yi, O.: Provable security of KASUMI and 3GPP encryption mode f 8. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 255–271. Springer, Heidelberg (2001)
Knudsen, L.R., Mitchell, C.J.: Analysis of 3gpp-MAC and two-key 3gpp-MAC. Discrete Applied Mathematics 128(1), 181–191 (2003)
Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM Conference on Computer and Communications Security, ACM CCS 2001. ACM, New York (2001)
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Submission to NIST, Available at http://csrc.nist.gov/CryptoToolkit/modes/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iwata, T., Kohno, T. (2004). New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms. In: Roy, B., Meier, W. (eds) Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol 3017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25937-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-25937-4_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22171-5
Online ISBN: 978-3-540-25937-4
eBook Packages: Springer Book Archive