Revision as of 18:26, 13 May 2012 editLfstevens (talk | contribs)Extended confirmed users68,585 edits ce, rem tag, links← Previous edit | Revision as of 23:03, 13 May 2012 edit undoBomazi (talk | contribs)Extended confirmed users3,446 edits Better, but still not grammatically correct.Next edit → | ||
Line 1: | Line 1: | ||
{{Copy edit|for=grammar|date=May 2012}} | |||
'''COMP128''' is an implementation of ] network-specified algorithms A3 and A8. A3 is the ] of the mobile station on the network or AuC (Authentication Center). A8 is used a ] for the ] transmission between the mobile station and the ]. | '''COMP128''' is an implementation of ] network-specified algorithms A3 and A8. A3 is the ] of the mobile station on the network or AuC (Authentication Center). A8 is used a ] for the ] transmission between the mobile station and the ]. | ||
Revision as of 23:03, 13 May 2012
This article may require copy editing for grammar. You can assist by editing it. (May 2012) (Learn how and when to remove this message) |
COMP128 is an implementation of GSM network-specified algorithms A3 and A8. A3 is the authentication of the mobile station on the network or AuC (Authentication Center). A8 is used a session key for the encrypted transmission between the mobile station and the BTS.
Technical details of the originally confidential algorithm arrived in 1998 by implementing reverse engineering to the public.
COMP128 works with nine rounds. The central core of the algorithm is a hash function. This hash function provides a 128-bit hash value for 256-bit input. It is based on a butterfly structure. The output of the algorithm contains the authentication used for the response and the session key for the A5 stream cipher, which is used to encrypt the language transfer.
Pseudocode
Let X, the 32-byte entry of the hash function, with K: = X the key goal of the SIM card and X sent by the station Challenge. are still , the tables T0, T1, T2 , T3 and T4 the secret permuted. Then passes through the first input 8 times the following compression (according to , see Related links):
For i=0 to 4 do: For j=0 to 2-1 do: For k=0 to 2-1 do: s = k + j*2 t = s + 2 x = (X + 2X) mod 2) y = (2X + X) mod 2) X = Ti X = Ti
After each permutation, the 16 bytes of output in X and K are stored in X.
Security
COMP128 is considered unsafe because small changes in the hash input are not sufficiently dispersed. Due to the birthday problem, the system can be exploited to, for example, extract the SIM card's key.
External links
- "Sicherheit Mobiler Systeme" - Prof. Dr. Hannes Federrath - Lehrstuhl für Management der Informationssicherheit - Uni Regensburg (PDF-Datei; 8,17 MB)
- Angriff von Briceno, Goldberg und Wagner
- HP00 Reducing the Collision Probability of Alleged Comp128 von H.Handschuh, P.Paillier, Springer-Verlag 2000 (PDF-Datei; 82 kB)
- Chaos Computer Club zur Angriffsmöglichkeit