An Improved SCARE Cryptanalysis Against a Secret A3/A8 GSM Algorithm

• Published in: Information Systems Security Vol. 4812; pp. 143 - 155
• Main Author: Clavier, Christophe
• Format: Book Chapter
• Language: English
• Published: Germany Springer Berlin / Heidelberg 2007; Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: A3/A8; Computer security; Data encryption; GSM Authentication; Network hardware; Reverse Engineering; Side Channel Analysis; Substitution Table
• ISBN: 9783540770855; 3540770852
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-540-77086-2_11

Side-channel analysis has been recognized for several years as a practical and powerful means to reveal secret keys of publicly known cryptographic algorithms. Rarely this kind of cryptanalysis has been applied to reverse engineer a non-trivial part of the specifications of a proprietary algorithm. The target here is no more one’s secret key value but the undisclosed specifications of the cryptographic algorithm itself. In [8], Novak described how to recover the content of one (out of two) substitution table of a secret instance of the A3/A8 algorithm, the authentication and session key generation algorithm for GSM networks. His attack presents however two drawbacks from a practical viewpoint. First, in order to retrieve one substitution table (T2), the attacker must know the content of an other one (T1). Second, the attacker must also know the value of the secret key K. In this paper, we improve on Novak’s cryptanalysis and show how to retrieve both substitution tables (T1 and T2) without any prior knowledge about the secret key. Furthermore, our attack also recovers the secret key. With this contribution, we intend to present a practical SCARE (Side Channel Analysis for Reverse Engineering) attack, anticipate a growing interest for this new area of side-channel signal exploitation, and remind, if needed, that security cannot be achieved by obscurity alone.