new mobile phone algorithms a real world story
play

New mobile phone algorithms a real world story Steve Babbage - PowerPoint PPT Presentation

Sep 23, 2022 •130 likes •585 views

New mobile phone algorithms a real world story Steve Babbage Vodafone Group R&D 17 February 2011 1 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0 Standards groups 2 LTE algorithms,

  1. New mobile phone algorithms – a real world story Steve Babbage Vodafone Group R&D 17 February 2011 1 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  2. Standards groups 2 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  3. First generation 3 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  4. GSM security architecture Visited Home network network SIM Authentication RAND and cipher key generation algorithm K i AKA A3/A8 XRES K C RAND, XRES, K C RAND RAND K i AKA RES RES K C Encryption RES = XRES? algorithm K C A5 ENCRYPT USING K C 4 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  5. GSM security limitations > Key length > One-way authentication > Unprotected signalling > A5/1, A5/2 5 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  6. UMTS security architecture (slightly simplified) Visited Home network network SIM Authentication RAND SQN and key agreement K AKA algorithm f1 – f5 RAND SQN XRES CK RAND, XRES, CK, K AKA MAC IK IK, SQN, MAC RAND, SQN, MAC XRES CK MAC IK RES RES = XRES? Check SQN Check MAC CK, IK Encryption algorithm UEA, integrity algorithm UIA ENCRYPT USING CK INTEGRITY PROTECT USING IK 6 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  7. First UMTS algorithms, UEA1 / UIA1 KASUMI KASUMI KASUMI (CK  ) (CK  ) (CK  ) BLKCTR = 1 BLKCTR = 1 BLKCTR = 2 BLKCTR = 2 BLKCTR = n BLKCTR = n A A BLKCTR = 0 BLKCTR = 0 A5/3 ≈ UEA1 (but 64-bit key) KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI (CK) (CK) (CK) (CK) (CK) (CK) (CK) (CK) (CK) (CK) (CK) (CK) First 64 bits Second 64 bits Third 64 bits Last 64 bits KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI KASUMI (IK) (IK) (IK) (IK) (IK) (IK) (IK) (IK) KASUMI KASUMI (IK  ) (IK  ) MAC (left 32 bits) 7 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  8. So now we can replace A5/1 with A5/3 … Image from http://www.elkomas.lt/ 8 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  9. Second UMTS algorithms, UEA2 / UIA2 > SNOW 3G – Why not AES? – Why not SNOW 2.0? 9 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  10. LTE security architecture (part 1) Visited Home network network SIM Authentication RAND SQN and key agreement K AKA algorithm f1 – f5 RAND SQN XRES CK RAND, XRES, CK, IK, K AKA MAC IK SQN, MAC, K ASME RAND, SQN, MAC XRES CK PLMN ID MAC IK RES RES = XRES? Check SQN Check MAC CK, IK K ASME PLMN ID K ASME 10 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  11. GSM security limitations > Key length > One-way authentication > Unprotected signalling > A5/1, A5/2 > Same key regardless of algorithm choice 11 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  12. LTE security architecture (part 2) Visited Home network network SIM K ASME K ASME ALG ID ALG ID MOBILITY K α K α SIGNALLING: ALG ID ALG ID ENCRYPT USING K α INTEGRITY PROTECT K β K β USING K β ALG ID ALG ID RADIO RESOURCE Encryption K γ K γ SIGNALLING: algorithm EEA, ALG ID ENCRYPT USING K γ integrity ALG ID INTEGRITY PROTECT algorithm EIA K δ K δ USING K δ ALG ID ALG ID USER PLANE: K ε K ε ENCRYPT USING K ε 12 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  13. Original LTE algorithms (from day one) > Based on SNOW-3G – 128-EEA1: straightforward stream cipher use – 128-EIA1: polynomial evaluation UHF – Identical to UMTS algorithms > Could have been based on Kasumi or AES; chose AES – 128-EEA2: AES in counter mode – 128-EIA2: AES in CMAC mode 13 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  14. The designers DACAS: Data Assurance and communication security research center, Chinese Academy of Sciences Dongdai Lin Xiutao Feng 14 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  15. Plan A Paid expert team Algorithm Public evaluation SAGE acceptance evaluation evaluation (hopefully) May Feb Aug Jan Jun Sep Nov Dec May May Aug Oct Jan Feb Mar Jun Sep Nov Dec Mar Jun Jul Apr Apr Oct Jul Jul 2009 2010 2011 Under NDA 15 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  16. Plan B Paid expert team Algorithm Public evaluation SAGE acceptance evaluation evaluation (hopefully) Agree and sign NDA May Feb Aug Jan Jun Sep Nov Dec May May Aug Oct Jan Feb Mar Jun Sep Nov Dec Mar Jun Jul Apr Apr Oct Jul Jul 2009 2010 2011 16 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  17. Take your time Advanced Encryption Standard process From Wikipedia, the free encyclopedia Start of the process On January 2, 1997, NIST announced that they wished to choose a successor to DES to be known as AES …. The result of this feedback was a call for new algorithms on September 12, 1997 Rounds one and two In the nine months that followed, fifteen different designs were created and submitted …. NIST held two conferences to discuss the submissions (AES1, August 1998 and AES2, March 1999), and in August 1999 they announced that they were narrowing the field from fifteen to five …. … AES3 conference in April 2000 …. Selection of the winner On October 2, 2000 , NIST announced that Rijndael had been selected as the proposed AES …. 17 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  18. Encryption COUNT DIRECTION COUNT DIRECTION BEARER LENGTH BEARER LENGTH KEY KEY EEA EEA KEYSTREAM KEYSTREAM BLOCK BLOCK PLAINTEXT CIPHERTEXT PLAINTEXT BLOCK BLOCK BLOCK Sender Receiver 18 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  19. Integrity COUNT COUNT DIRECTION MESSAGE DIRECTION MESSAGE BEARER LENGTH BEARER LENGTH KEY EIA KEY EIA MAC-I XMAC-I Sender Receiver 19 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  20. ZUC – named after Zu Chongzhi 20 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  21. ZUC One of these words mixed into LFSR during nonlinear initialisation 21 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  22. Encryption algorithm 128-EEA3 22 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  23. Integrity algorithm 128-EIA3 Universal Hash Function 23 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  24. Initial SAGE evaluation > Fit for purpose > Smells OK – Must be not just strong, but free of suspicion 24 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  25. Plan B Paid expert team Algorithm Public evaluation SAGE acceptance evaluation evaluation (hopefully) Agree and sign NDA May Feb Aug Jan Jun Sep Nov Dec May May Aug Oct Jan Feb Mar Jun Sep Nov Dec Mar Jun Jul Apr Apr Oct Jul Jul 2009 2010 2011 25 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  26. Plan C Expert team contract Paid expert team Algorithm Public evaluation SAGE acceptance evaluation evaluation (hopefully) Agree and sign NDA May Feb Aug Jan Jun Sep Nov Dec May May Aug Oct Jan Feb Mar Jun Sep Nov Dec Mar Jun Jul Apr Apr Oct Jul Jul 2009 2010 2011 26 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  27. External expert team evaluation > Codes and Ciphers Limited – Carlos Cid, Sean Murphy, Fred Piper, Matthew Dodd > Alice and Bob Technologies – Lars Knudsen, Bart Preneel, Vincent Rijmen > Several corrections / improvements to existing evaluation > All standard attack types considered – all seem unlikely to succeed > Strength inherited from SNOW-like construction > Some components not fully explained > Like most UHF MACs – not robust against nonce reuse 27 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  28. Conclusion of the SAGE and paid evaluation > Transparency is vital – nothing suspicious 28 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

  29. Plan C Expert team contract Paid expert team Algorithm Public evaluation SAGE acceptance evaluation evaluation (hopefully) Agree and sign NDA May Feb Aug Jan Jun Sep Nov Dec May May Aug Oct Jan Feb Mar Jun Sep Nov Dec Mar Jun Jul Apr Apr Oct Jul Jul 2009 2010 2011 29 LTE algorithms, for SKEW 2011 C1 - Unrestricted 17 Feb 2011 Vodafone Group R&D Version 1.0

Recommend

Algorithms X. Zhang Fordham Univ. 1 Real World applications of algorithms Algorithms for

Algorithms X. Zhang Fordham Univ. 1 Real World applications of algorithms Algorithms for

Algorithms X. Zhang Fordham Univ. 1 Real World applications of algorithms Algorithms for solving specific, complex, real world problems: Google's success is largely due to its PageRank algorithm, which determines importance"

1.03k views • 46 slides
15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline Introduction: terminology, cryptanalysis, security Private-Key Algorithms: Rijndael, DES Number Theory Groups Public-Key Algorithms: RSA, ElGamal,

525 views • 26 slides
Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time

Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time

Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time When a phone was a phone Plus a story! CS 4720 2 Oh yes this was a phone The Motorola DynaTAC 8000X 1983 13 x 1.75 x

544 views • 35 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ & NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
15-853:Algorithms in the Real World Announcement: HW3 due tomorrow (Nov. 20) 11:59pm There

15-853:Algorithms in the Real World Announcement: HW3 due tomorrow (Nov. 20) 11:59pm There

15-853:Algorithms in the Real World Announcement: HW3 due tomorrow (Nov. 20) 11:59pm There is recitation this week: HW3 solution discussion and a few problems Scribe volunteer Exam: Nov. 26 5-pages of cheat sheet allowed

860 views • 35 slides
QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode readable by mobile devices Requires a QR Code reader application QR Code Types Static Instructions direct from QR code to mobile device. No

358 views • 22 slides
Mobile Interaction with the Real World (MIRW) 2007 Gregor Broll, Alexander De Luca, Enrico

Mobile Interaction with the Real World (MIRW) 2007 Gregor Broll, Alexander De Luca, Enrico

Joint Workshop Mobile Interaction with the Real World (MIRW) 2007 5th Workshop on HCI in Mobile Guides (MGuides 2007) 9th September 2007, Singapore Joint Workshop Mobile Interaction with the Real World (MIRW) 2007 Gregor Broll, Alexander De

204 views • 5 slides
15-853:Algorithms in the Real World Announcements: HW2 due tomorrow noon. Small correction

15-853:Algorithms in the Real World Announcements: HW2 due tomorrow noon. Small correction

15-853:Algorithms in the Real World Announcements: HW2 due tomorrow noon. Small correction made in the BWT question. Naamas office hour cancelled. Francisco holding additional office hours instead. 15-853 Page 1 15-853:Algorithms

532 views • 31 slides
15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression

15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression

15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression 15-853 Page1 The random erasure model We will continue looking at recovering from erasures Q: Why erasure recovery is quite useful in real-world

535 views • 42 slides
Mobile Interaction with Web Services through Associated Real World Objects Demo @ MobileHCI,

Mobile Interaction with Web Services through Associated Real World Objects Demo @ MobileHCI,

Mobile Interaction with Web Services through Associated Real World Objects Demo @ MobileHCI, 2007, Singapore Gregor Broll 1 , John Hamard 3 , Massimo Paolucci 3 , Markus Haarlnder 1 , Matthias Wagner 3 , Sven Siorpaes 1 , Enrico Rukzio 2 ,

242 views • 5 slides
15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov.

15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov.

15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov. 20 11:59pm Small typo corrected in Problem 3.2: Use part (a) -> Use part (1) No recitation tomorrow: Work on HW Naama will have two

551 views • 31 slides
Mobile Phone Programming Mobile Phone Programming Free Study Activity Day 3

Mobile Phone Programming Mobile Phone Programming Free Study Activity Day 3

DAY 3 J2ME Mobile Phone Programming Mobile Phone Programming Free Study Activity Day 3 http://mobilephones.kom.aau.dk DAY 3 J2ME Part 1 Java 2 Micro Edition (J2ME) overview Introduction J2ME architecture

161 views • 13 slides
15-853:Algorithms in the Real World Announcements: HW2 due this Friday noon. Small

15-853:Algorithms in the Real World Announcements: HW2 due this Friday noon. Small

15-853:Algorithms in the Real World Announcements: HW2 due this Friday noon. Small correction made in the BWT question. Naamas office hour cancelled. Francisco holding additional office hours instead. Mid-semester grades

763 views • 22 slides
What can a mobile phone do? Phone, texting Email, Web surfing, media player, camera Privacy

What can a mobile phone do? Phone, texting Email, Web surfing, media player, camera Privacy

8/27/2009 What can a mobile phone do? Phone, texting Email, Web surfing, media player, camera Privacy in GeoSIM System Mobile sensors with GPS Monitor traffic Weather, temperature, humidity Ling Hu Detecting

319 views • 3 slides
outline development of cryptographic algorithms for a real life application introduction

outline development of cryptographic algorithms for a real life application introduction

Design and Analysis of Cryptographic Algorithms for Mobile Communication Systems Henri Gilbert Orange Labs {firstname.lastname@orange-ftgroup.com} research & development outline development of cryptographic algorithms for a real life

486 views • 12 slides
15-853:Algorithms in the Real World Announcements: HW2 will be released tomorrow Oct 16 (Wed)

15-853:Algorithms in the Real World Announcements: HW2 will be released tomorrow Oct 16 (Wed)

15-853:Algorithms in the Real World Announcements: HW2 will be released tomorrow Oct 16 (Wed) Due on Oct 25 (Fri) noon There will be lectures on Oct 29 and 31. Please update your calendars. HW1 grades will be released in a day or

769 views • 46 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week:

15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week:

15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week: HW3 solution discussion and a few problems Exam: Nov. 26 5-pages of cheat sheet allowed Need not use all 5 pages of course! At

1.13k views • 94 slides
15-853:Algorithms in the Real World Announcements: Projects: Enter your team information in

15-853:Algorithms in the Real World Announcements: Projects: Enter your team information in

15-853:Algorithms in the Real World Announcements: Projects: Enter your team information in the Google Sheet by today (Nov. 8) Share the proposal and related papers in the shared Google Drive by Monday (Nov. 11) Project reports due

500 views • 32 slides
Comparing Techniques for Mobile Interaction with Objects from the Real World Gregor Broll 1 , Sven

Comparing Techniques for Mobile Interaction with Objects from the Real World Gregor Broll 1 , Sven

Comparing Techniques for Mobile Interaction with Objects from the Real World Gregor Broll 1 , Sven Siorpaes 1 , Enrico Rukzio 2 , Massimo Paolucci 3 , John Hamard 3 , Matthias Wagner 3 , Albrecht Schmidt 4 1 Media Informatics Group, University of

242 views • 13 slides
Implementing Geometric Algorithms for Real-World Applications With and Without EGC-Support Stefan

Implementing Geometric Algorithms for Real-World Applications With and Without EGC-Support Stefan

Implementing Geometric Algorithms for Real-World Applications With and Without EGC-Support Stefan Huber 1 Martin Held 2 1 Institute of Science and Technology Austria 2 FB Computerwissenschaften Universit at Salzburg, Austria GCC 2013, Rio de

1.42k views • 65 slides
The DCA++ Story How new algorithms, new computers, and innovative software design allow us to

The DCA++ Story How new algorithms, new computers, and innovative software design allow us to

The DCA++ Story How new algorithms, new computers, and innovative software design allow us to solve real simulation problems of high temperature superconductivity Thomas C. Schulthess schulthess@cscs.chschulthess@cscs.ch Cray User Group

637 views • 38 slides
15-853:Algorithms in the Real World Announcement: No recitation this week. Scribe Volunteer?

15-853:Algorithms in the Real World Announcement: No recitation this week. Scribe Volunteer?

15-853:Algorithms in the Real World Announcement: No recitation this week. Scribe Volunteer? 15-853 Page 1 Recap Model generates probabilities, Coder uses them Probabilities are related to information . The more you know, the less info a

889 views • 46 slides
15-853:Algorithms in the Real World Error Correcting Codes (cont..) Scribe volunteers: ?

15-853:Algorithms in the Real World Error Correcting Codes (cont..) Scribe volunteers: ?

15-853:Algorithms in the Real World Error Correcting Codes (cont..) Scribe volunteers: ? Announcement: Scribe notes template and instructions on the course webpage 15-853 Page1 General Model Noise introduced by the channel: message

531 views • 32 slides

More recommend