An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm

  • Authors:

  • Christophe Clavier

  • Affiliations:

  • Gemalto, Security Labs, La Ciotat Cedex, France

  • Venue:
  • ICISS'07 Proceedings of the 3rd international conference on Information systems security
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Side-channel analysis has been recognized for several years as a practical and powerful means to reveal secret keys of publicly known cryptographic algorithms. Rarely this kind of cryptanalysis has been applied to reverse engineer a non-trivial part of the specifications of a proprietary algorithm. The target here is no more one's secret key value but the undisclosed specifications of the cryptographic algorithm itself. In [8], Novak described how to recover the content of one (out of two) substitution table of a secret instance of the A3/A8 algorithm, the authentication and session key generation algorithm for GSM networks. His attack presents however two drawbacks from a practical viewpoint. First, in order to retrieve one substitution table (T2), the attacker must know the content of an other one (T1). Second, the attacker must also know the value of the secret key K. In this paper, we improve on Novak's cryptanalysis and show how to retrieve both substitution tables (T1 and T2) without any prior knowledge about the secret key. Furthermore, our attack also recovers the secret key. With this contribution, we intend to present a practical SCARE (Side Channel Analysis for Reverse Engineering) attack, anticipate a growing interest for this new area of side-channel signal exploitation, and remind, if needed, that security cannot be achieved by obscurity alone.