Collision analysis of the GMR-2 cipher used in the satellite phone

Ruilin LI; Jiao HU; Chaojing TANG

doi:10.11959/j.issn.1000-436x.2018026

您当前的位置：

首页 >

文章列表页 >

Collision analysis of the GMR-2 cipher used in the satellite phone

Papers | 更新时间：2024-06-05

- Collision analysis of the GMR-2 cipher used in the satellite phone
- Journal on Communications Vol. 39, Issue 2, Pages: 88-95(2018)
- 作者机构：
  
  国防科技大学电子科学学院，湖南长沙410073
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61402515);The National Natural Science Foundation of China(61702536)
- DOI：10.11959/j.issn.1000-436x.2018026
  CLC： TN918
- Online First：2018-02，
  
  Published：25 February 2018
- 稿件说明：
移动端阅览
Ruilin LI, Jiao HU, Chaojing TANG. Collision analysis of the GMR-2 cipher used in the satellite phone[J]. Journal on Communications, 2018, 39(2): 88-95.
DOI：

Ruilin LI, Jiao HU, Chaojing TANG. Collision analysis of the GMR-2 cipher used in the satellite phone[J]. Journal on Communications, 2018, 39(2): 88-95. DOI： 10.11959/j.issn.1000-436x.2018026.

摘要

研究了卫星电话GMR-2流密码算法的碰撞特性，以算法的F组件为桥梁，通过分析密钥差分与算法F组件输出碰撞以及F组件输出碰撞与密钥流字节碰撞之间的联系，最终得到密钥差分与密钥流碰撞之间的关系。研究表明，对于相同的帧号，当密钥对只在某一个字节上有差分，且差分的前4 bit与后4 bit相等时，该密钥对将以高概率使密钥流发生碰撞。实验结果显示，密钥流碰撞概率为2

−8.248

，远远高于理想碰撞概率2

−120

。这再次证明了GMR-2加密算法存在较大的安全隐患。

Abstract

A collision property analysis of the GMR-2 cipher used in the satellite phone was presented.By using the F-component as a bridge

the link between the difference of the key byte and the collision of the output ofFas well as the link between the collision of the output of F and the collision of keystream byte were analyzed

which finally revealed the relationship between the difference of the original key byte and the keystream collision.The theoretical analysis showed that for a random frame number

a special chosen key pair could lead to a keystream collision with a high probability

when the key pair has only one byte difference in which the most significant 4 bit of the difference was equal to the last significant 4 bit.The experimental result shows that the keystream collision probability is 2

−8.248

which is far higher than the ideal collision probability 2

−120

.This proves once again

that there exists serious potential security hazards in the GMR-2 cipher.

关键词

Keywords

references

何元智 . 军民融合重大举措—天通一号卫星移动通信系统 [C ] // 2016中国卫星应用大会 . 2016 .

HE Y Z , . A Milestone of civil-military integrated satellite communication:tiantong-01 system [C ] // China Satellite Conference 2016 . 2016 .

2016中国卫星应用若干重大进展 [J ] . 卫星应用 , 2017 ( 1 ): 32 - 39 .

Significant progress in Chinese satellite applications in 2016 [J ] . Satellite Application , 2017 ( 1 ): 32 - 39

李磊 . 移动通信GSM中密码算法安全性研究 [D ] . 郑州:解放军信息工程大学 , 2012 .

LI L . Research on security of cryptographic algorithm in GSM [D ] . Zhengzhou:PLA Information Engineering University , 2012 .

关杰 , 丁林 , 刘树凯 . SNOW 3G与ZUC流密码的猜测决定攻击 [J ] . 软件学报 , 2013 ( 6 ): 1324 - 1333 .

GUAN J , DING L , LIU S K . Guess and determine attack on SNOW 3G and ZUC [J ] . Journal of Software , 2013 ( 6 ): 1324 - 1333 .

吴泳钢 , 古天龙 , 徐周波 . SNOW 3G加密算法的BDD攻击 [J ] . 桂林电子科技大学学报 , 2016 , 36 ( 3 ): 199 - 203 .

WU Y G , GU T L , XU Z B . BDD attack on SNOW 3G encryption algorithm [J ] . Journal of Guilin University of Electronic Technology , 2016 , 36 ( 3 ): 199 - 203 .

BARKAN P , BIHAM E , KELLER N . Instant cipher-text only cryptanalysis of GSM encrypted communication [J ] . Journal of Cryptology , 2008 , 21 ( 3 ): 392 - 429 .

BIRYUKOV A , SHAMIR A , WAGNER D . Real time cryptanalysis of A5/1 on a PC [M ] // Fast Software Encryption,Springer Berlin Heidelberg , 2000 : 1 - 18 .

DUNKELMAN O , KELLER N , SHAMIR A . A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony [C ] // Icar Crgptology Eprint Archive . 2010 : 393 - 410 .

WU H , HUANG T , NGUYEN P , et al . Differential attacks against stream cipher ZUC [C ] // International Conference on the Theory and Application of Cryptology and Information Security . 2012 : 262 - 277 .

ZHANG B , XU C , MEIER W . Fast correlation attacks over extension fields,large-unit linear approximation and cryptanalysis of SNOW 2.0 [C ] // Cryptology Conference . 2015 : 643 - 662 .

ZHOU C , FENG X , LIN D . The Initialization stage analysis of ZUC v1.5 [C ] // Cryptology and Network Security . 2011 : 40 - 53 .

DRIESSEN B , HUND R , WILLEMS C , et al . Don't trust satellite phones:a security analysis of two satphone standards [C ] // Security and Privacy (SP) . 2012 : 128 - 142 .

DRIESSEN B , HUND R , WILLEMS C , et al . An experimental security analysis of two satphone standards [J ] . ACM Transactions on Information ＆ System Security , 2013 , 16 ( 3 ): 1 - 30 .

LI R , LI H , LI C , et al . A low data complexity attack on the GMR-2 Cipher Used in the Satellite Phones [C ] // FSE . 2013 : 485 - 501 .

Views

1959

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Survey on approaches of stream cipher cryptanalysis

On the linear complexity of a new generalized cyclotomic sequence with length mover GF(h)

Computing on the joint quadratic complexity of multiple periodic sequences

Review of algebraic attacks on stream ciphers

Class of constructions of even variables Boolean function with optimum algebraic immunity

Related Author

Dengguo FENG

Zhaocun ZHOU

Long-fei LIU

Kai YANG

Xiao-yuan YANG

Li-hua DONG

Yu-pu HU

Yong ZENG

Related Institution

Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences

University of Chinese Academy of Sciences

Key Laboratory of Network ＆Information Security of Armed Police Force,Engineering University of Armed Police Force

Key Laboratory of Computer Network ＆Information Security of the Ministry of Education,Xidian University

Key Laboratory of Computer Networks and Information Security,Ministry of Education School of Computer Science＆Technology,Xidian University

AI问答

⁰