Optimization of Rainbow Tables for Practically Cracking GSM A5/1 Based on Validated Success Rate Modeling
Author: 
Zhen LiAuthors Info & Claims
Zhen LiAuthors Info & ClaimsPages 359 - 377
Abstract
GSM Global System for Mobile Communications communication is a ubiquitous technology developed by European Telecommunications Standards Institute for cellular network. To ensure the confidentiality of the user communication, it is protected against eavesdroppers by the A5/1 cryptographic algorithm. Various time-memory trade-off TMTO techniques have been proposed to crack A5/1. These techniques map the keystreams to the initial states of the algorithm at a reasonable success rate. Among TMTO techniques, rainbow table is an efficient method that allows a good trade-off between run-time and storage. The link between rainbow table parameters and the success rate is not well established yet. In view of this, a statistical success rate model is proposed in this paper, which takes various parameters of a given TMTO structure into consideration. The developed success rate model can be used to optimize the TMTO parameters for the best performance. Comprehensive experiments show that A5/1 can be broken with $$43\,\%$$ success rate in 9ï źs using 1.29ï źTB rainbow tables, which is consistent with the theoretically predicted success rate. When using 3.84ï źTB rainbow tables, the extrapolated success rate is $$81\,\%$$.
References
[1]
Anderson, R.: A5 was: Hacking digital phones. Newsgroup Communication 1994
[2]
Avoine, G., Junod, P., Oechslin, P.: Characterization and improvement of time-memory trade-off based on perfect tables. ACM Trans. Inf. Syst. Secur. 114, 17 2008
[3]
Barkan, E., Biham, E., Shamir, A.: Rigorous bounds on cryptanalytic time/memory tradeoffs. In: Dwork, C. ed. CRYPTO 2006. LNCS, vol. 4117, pp. 1---21. Springer, Heidelberg 2006
[4]
Biham, E.: A fast new DES implementation in software. In: Biham, E. ed. FSE 1997. LNCS, vol. 1267, pp. 260---272. Springer, Heidelberg 1997
[5]
Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: Roy, B., Okamoto, E. eds. INDOCRYPT 2000. LNCS, vol. 1977, pp. 43---51. Springer, Heidelberg 2000
[6]
Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. ed. FSE 2000. LNCS, vol. 1978, pp. 1---18. Springer, Heidelberg 2001
[7]
Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of the GSM A5/1 and A5/2 'voice privacy' encryption algorithms 1999. www.scard.org/gsm/a51.html
[8]
Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Trans. Inf. Theor. 491, 284---289 2003
[9]
Gendrullis, T., Novotný, M., Rupp, A.: A real-world attack breaking A5/1 within hours. In: Oswald, E., Rohatgi, P. eds. CHES 2008. LNCS, vol. 5154, pp. 266---282. Springer, Heidelberg 2008
[10]
Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. ed. EUROCRYPT 1997. LNCS, vol. 1233, pp. 239---255. Springer, Heidelberg 1997
[11]
Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theor. 264, 401---406 1980
[12]
Keller, J., Seitz, B.: A hardware-based attack on the A5/1 stream cipher. In: ITG FACHBERICHT, pp. 155---158 2001
[13]
Kim, B.-I., Hong, J.: Analysis of the non-perfect table fuzzy rainbow tradeoff. In: Boyd, C., Simpson, L. eds. ACISP 2013. LNCS, vol. 7959, pp. 347---362. Springer, Heidelberg 2013
[14]
Lu, J., Li, Z., Henricksen, M.: Time---memory trade-off attack on the GSM A5/1 stream cipher using commodity GPGPU. In: Malkin, T., et al. eds. ACNS 2015. LNCS, vol. 9092, pp. 350---369. Springer, Heidelberg 2015
[15]
Ma, D., Hong, J.: Success probability of the Hellman trade-off. Inf. Process. Lett. 1097, 347---351 2009
[16]
Nohl, K.: Attacking phone privacy. In: BlackHat 2010 Lecture Notes USA 2010. https://srlabs.de/decrypting_gsm
[17]
Oechslin, P.: Making a Faster cryptanalytic time-memory trade-off. In: Boneh, D. ed. CRYPTO 2003. LNCS, vol. 2729, pp. 617---630. Springer, Heidelberg 2003
[18]
Robling Denning, D.E.: Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston 1982
[19]
Sykes, E.R., Skoczen, W.: An improved parallel implementation of RainbowCrack using MPI. J. Comput. Sci. 53, 536---541 2014. Elsevier
Index Terms
- Optimization of Rainbow Tables for Practically Cracking GSM A5/1 Based on Validated Success Rate Modeling
Index terms have been assigned to the content through auto-classification.
Recommendations
Cryptanalysis of GSM Encryption in 2G/3G Networks Without Rainbow Tables
Advances in Cryptology – ASIACRYPT 2019AbstractThe GSM standard developed by ETSI for 2G networks adopts the A5/1 stream cipher to protect the over-the-air privacy in cell phone and has become the de-facto global standard in mobile communications, though the emerging of subsequent 3G/4G ...
Another attack on A5/1
A5/1 is a stream cipher used in the Global System for Mobile Communications (GSM) standard. Several time-memory tradeoff attacks against A5/1 have been proposed, most notably the attack by Biryukov, Shamir and Wagner (1978), which can break A5/1 in ...
Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication
In this paper we present a very practical ciphertext-only cryptanalysis of GSM (Global System for Mobile communications) encrypted communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “...
Comments
Information & Contributors
Information
Published In
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 29 February 2016
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in