计算机科学技术学报 ›› 2019,Vol. 34 ›› Issue (5): 1079-1095.doi: 10.1007/s11390-019-1961-5

所属专题: Computer Networks and Distributed Computing

• • 上一篇    下一篇

针对CDMA蜂窝网络认证协议的侧信道分析

Chi Zhang1, Jun-Rong Liu1,2, Da-Wu Gu1,*, Distinguished Member, CCF, Member, ACM, Wei-Jia Wang3, Xiang-Jun Lu1, Zheng Guo1,2, Hai-Ning Lu1,4   

  1. 1 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 ZhiXun Crypto Testing and Evaluation Technology Co., Ltd., Shanghai 200240, China;
    3 Crypto Group, Electrical Engineering Department, Institute of Information and Communication Technologies Catholic University of Louvain, Louvain-la-Neuve B-1348, Belgium;
    4 Shanghai Viewsource Information Science and Technology Co., Ltd, Shanghai 200240, China
  • 收稿日期:2018-10-25 修回日期:2019-07-28 出版日期:2019-08-31 发布日期:2019-08-31
  • 通讯作者: Da-Wu Gu E-mail:dwgu@sjtu.edu.cn
  • 作者简介:Chi Zhang received his B.S. degree in computer science and technology from Southeast University, Nanjing, in 2014. He is currently a Ph.D. candidate at School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai. His research interests include hardware security, signal processing, and machine learning for side-channel analysis.
  • 基金资助:
    This work was supported by State Grid Science and Technology Project of China under Grant No. 546816190003.

Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

Chi Zhang1, Jun-Rong Liu1,2, Da-Wu Gu1,*, Distinguished Member, CCF, Member, ACM, Wei-Jia Wang3, Xiang-Jun Lu1, Zheng Guo1,2, Hai-Ning Lu1,4   

  1. 1 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 ZhiXun Crypto Testing and Evaluation Technology Co., Ltd., Shanghai 200240, China;
    3 Crypto Group, Electrical Engineering Department, Institute of Information and Communication Technologies Catholic University of Louvain, Louvain-la-Neuve B-1348, Belgium;
    4 Shanghai Viewsource Information Science and Technology Co., Ltd, Shanghai 200240, China
  • Received:2018-10-25 Revised:2019-07-28 Online:2019-08-31 Published:2019-08-31
  • Contact: Da-Wu Gu E-mail:dwgu@sjtu.edu.cn
  • About author:Chi Zhang received his B.S. degree in computer science and technology from Southeast University, Nanjing, in 2014. He is currently a Ph.D. candidate at School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai. His research interests include hardware security, signal processing, and machine learning for side-channel analysis.
  • Supported by:
    This work was supported by State Grid Science and Technology Project of China under Grant No. 546816190003.

PDF (PC)

139

补充材料

1

时分多址(Time-division multiple access,TDMA)和码分多址(code-division multiple access,CDMA)是两种主要的用在数字蜂窝网络中的技术。TDMA网络中的认证协议被证明易受到侧信道分析(side-channel analysis,SCA)的威胁,可利用侧信道分析方法成功恢复出未做侧信道防护的手机卡(subscriber identity module,SIM)中的认证密钥。由于CDMA网络中的认证协议与TDMA网络中的认证协议不同,已提出的在TMDA上的侧信道分析方法无法应用在CDMA网络上。为了填补该项空白,我们深入研究了CDMA网络中的两种认证协议,即基于蜂窝认证与语音加密(cellular authentication and voice encryption,CAVE)的认证协议及基于认证与密钥协商(authentication and key agreement,AKA)的认证协议。这两种协议分别使用CAVE算法和安全散列算法1(secure hash algorithm 1,SHA-1)算法作为他们的基本密码算法模块。我们发现了这两种散列类算法的易受侧信道攻击的脆弱点,提出了完整的基于侧信道分析方法的认证密钥恢复方案。我们在微控制器及商业CDMA手机卡上验证了我们提出的新攻击方案,可使用少量功耗曲线在短时间内完全恢复认证密钥。

关键词: 认证协议, 蜂窝认证与语音加密, 码分多址, 安全散列算法1, 侧信道分析

Abstract: Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.

Key words: authentication protocol, cellular authentication and voice encryption (CAVE), code-division multiple access (CDMA), secure hash algorithm 1 (SHA-1), side-channel analysis

[1] Shankar P M. Introduction to Wireless Systems. Wiley, 2002.
[2] Sauter M. From GSM to LTE:An Introduction to Mobile Networks and Mobile Broadband (1st edition). Wiley, 2011.
[3] Bertoni G, Daemen J, Peeters M, van Assche G. Keccak. In Proc. the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2013, pp.313-314.
[4] Steele R, Lee C C, Gould P. GSM, cdmaOne and 3G Systems (1st edition). Wiley, 2001.
[5] Mangard S, Oswald E, Popp T. Power Analysis Attacks:Revealing the Secrets of Smart Cards. Springer, 2007.
[6] Rao J R, Rohatgi P, Scherzer H, Tinguely S. Partitioning attacks:Or how to rapidly clone some GSM cards. In Proc. the 2002 IEEE Symposium on Security and Privacy, May 2002, pp.31-41.
[7] Zhou Y, Yu Y, Standaert F X, Quisquater J J. On the need of physical security for small embedded devices:A case study with COMP128-1 implementations in SIM cards. In Proc. the 17th International Conference on Financial Cryptography and Data Security, April 2013, pp.230-238.
[8] Liu J, Yu Y, Standaert F X, Guo Z, Gu D, Sun W, Ge Y, Xie X. Small tweaks do not help:Differential power analysis of MILENAGE implementations in 3G/4G USIM cards. In Proc. the 20th European Symposium on Research in Computer Security, September 2015, pp.468-480.
[9] Maghrebi H, Bringer J. Side-channel analysis of the TUAK algorithm used for authentication and key agreement in 3G/4G networks. In Proc. the 15th International Conference on Smart Card Research and Advanced Applications, November 2016, pp.39-56.
[10] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In Proc. the 6th International Workshop on Cryptographic Hardware and Embedded Systems, August 2004, pp.16-29.
[11] Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual International Cryptology Conference, August 1999, pp.388-397.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 刘明业; 洪恩宇;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[2] 陈世华;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[3] 高庆狮; 张祥; 杨树范; 陈树清;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[4] 陈肇雄; 高庆狮;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[5] 黄河燕;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[6] 闵应骅; 韩智德;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[7] 龚振和;. On Conceptual Model Specification and Verification[J]. , 1987, 2(1): 35 -50 .
[8] 唐同诰; 招兆铿;. Stack Method in Program Semantics[J]. , 1987, 2(1): 51 -63 .
[9] 闵应骅;. Easy Test Generation PLAs[J]. , 1987, 2(1): 72 -80 .
[10] 朱鸿;. Some Mathematical Properties of the Functional Programming Language FP[J]. , 1987, 2(3): 202 -216 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: