This is an old revision of this page, as edited by Bomazi (talk | contribs) at 17:44, 12 May 2012. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 17:44, 12 May 2012 by Bomazi (talk | contribs)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff) | This article may require copy editing for grammar. You can assist by editing it. (May 2012) (Learn how and when to remove this message) |
COMP128 is an implementation of the GSM network specified algorithms A3 and A8. A3 is the authentication of the mobile station on the network or AuC (Authentication Center) is required, while A8 is used, a session key for the encrypted transmission between the mobile station / handset and the BTS to generate.
Technical details of the confidential originally arrived in 1998 by implementing reverse engineering to the public.
COMP128 is working with nine rounds, with the central core of the algorithm, a hash function is. This hash function provides a 128-bit hash value for 256-bit input. It is based on a butterfly structure. The output of the algorithm contains the authentication used for the response and the session key for the A5 stream cipher, which is used for encryption of language transfer.
Let X, the 32-byte entry of the hash function, with K: = X the key goal of the SIM card and X sent by the station Challenge. are still , the tables T0, T1, T2 , T3 and T4 the secret permuted. Then passes through the first input 8 times the following compression (according to , see Related links):
For i=0 to 4 do:
For j=0 to 2-1 do:
For k=0 to 2-1 do:
s = k + j*2
t = s + 2
x = (X + 2X) mod 2)
y = (2X + X) mod 2)
X = Ti
X = Ti
After each permutation, the 16 bytes of output in X and K again be stored in X.
COMP128 is considered unsafe because of the small changes in the hash input is not sufficiently dispersed. Due to the birthday problem , this can be a challenge Chosen attack exploiting such that within queries to extract the SIM card of the entire key can.
External links
- "Sicherheit Mobiler Systeme" - Prof. Dr. Hannes Federrath - Lehrstuhl für Management der Informationssicherheit - Uni Regensburg (PDF-Datei; 8,17 MB)
- Angriff von Briceno, Goldberg und Wagner
- HP00 Reducing the Collision Probability of Alleged Comp128 von H.Handschuh, P.Paillier, Springer-Verlag 2000 (PDF-Datei; 82 kB)
- Chaos Computer Club zur Angriffsmöglichkeit