Fast correlation attacks on certain stream ciphers
Journal of Cryptology
A Method for the Solution of the Nth Best Path Problem
Journal of the ACM (JACM)
Cryptanalysis of the A5/1 GSM Stream Cipher
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Decrypting a Class of Stream Ciphers Using Ciphertext Only
IEEE Transactions on Computers
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
An improved correlation attack on a5/1
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
IEEE Transactions on Information Theory
A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A Real-World Attack Breaking A5/1 within Hours
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Security enhancements against UMTS-GSM interworking attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Cryptanalysis of the DECT standard cipher
FSE'10 Proceedings of the 17th international conference on Fast software encryption
A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A secure approach for SMS in GSM network
Proceedings of the CUBE International Information Technology Conference
Slid pairs in the initialisation of the A5/1 stream cipher
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
SMS-based one-time passwords: attacks and defense
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
Irregularly-clocked linear feedback shift registers (LFSRs) are commonly used in stream ciphers. We propose to harness the power of conditional estimators for correlation attacks on these ciphers. Conditional estimators compensate for some of the obfuscating effects of the irregular clocking, resulting in a correlation with a considerably higher bias. On GSM's cipher A5/1, a factor two is gained in the correlation bias compared to previous correlation attacks. We mount an attack on A5/1 using conditional estimators and using three weaknesses that we observe in one of A5/1's LFSRs (known as R2). The weaknesses imply a new criterion that should be taken into account by cipher designers. Given 1500–2000 known-frames (about 4.9–9.2 conversation seconds of known keystream), our attack completes within a few tens of seconds to a few minutes on a PC, with a success rate of about 91%. To complete our attack, we present a source of known-keystream in GSM that can provide the keystream for our attack given 3–4 minutes of GSM ciphertext, transforming our attack to a ciphertext-only attack.