A Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3
نویسندگان
چکیده
In this note we show that the message authentication code 128-EIA3 considered for adoption as a third integrity algorithm in the emerging mobile standard LTE is vulnerable to a simple existential forgery attack. This attack allows, given any message and the associated MAC value under an unknown integrity key and an initial vector, to predict the MAC value of a related message under the same key and the same initial vector with a success probability 1/2.
منابع مشابه
Birthday Forgery Attack on 128 - EIA 3 (
128-EIA3 is an integrity algorithm considered for adoption as a third integrity algorithm by European Telecommunication Standard Institute (ETSI) for 4th generation of GSM networks.128-EIA3 is vulnerable to birthday forgery attack. Birthday forgery attack requires minimum 2 known message-MAC pairs for finding collision in 128-EIA3. 128-EIA3 is susceptible to internal collision of its universal ...
متن کاملAnalysis of the Initial and Modified Versions of the Candidate 3GPP Integrity Algorithm 128-EIA3
In this paper we investigate the security of the two most recent versions of the message authentication code 128-EIA3, which is considered for adoption as a third integrity algorithm in the emerging 3GPP standard LTE. We first present an efficient existential forgery attack against the June 2010 version of the algorithm. This attack allows, given any message and the associated MAC value under a...
متن کاملFaster 128-EEA3 and 128-EIA3 Software
The 3GPP Task Force recently supplemented mobile LTE network security with an additional set of confidentiality and integrity algorithms, namely 128-EEA3 and 128-EIA3 built on top of ZUC, a new keystream generator. We propose two novel techniques to improve the software performance of these algorithms. We show how delayed modular reduction increases the efficiency of the LFSR feedback function,...
متن کاملOn Message Authentication in 4G LTE System
After decades of evolution, the cellular system has become an indispensable part of modern life. Together with the convenience brought by the cellular system, many security issues have arisen. Message integrity protection is one of the urgent problems. The integrity of a message is usually protected by message authentication code (MAC). Forgery attacks are the primary threat to message integrit...
متن کاملAnalysis of Indirect Message Injection for MAC Generation Using Stream Ciphers
This paper presents a model for generating a MAC tag with a stream cipher using the input message indirectly. Several recent proposals represent instances of this model with slightly different options. We investigate the security of this model for different options, and identify cases which permit forgery attacks. Based on this, we present a new forgery attack on version 1.4 of 128-EIA3. Design...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010