Professional Documents
Culture Documents
Lecture-9
20.07.2012 , v11
Prof. W. Adi
Page : 1
Page : 2
AES
Advanced Encryption Standard
Proposed for 3G Mobile Authentication
Functions
International Standard competition managed by NIST:
US National Institute of Science and Technology 1998-2001
Page : 3
Page : 4
Key Expansion
Round Keys
K1
K2
...
K9
K10
R1
R2
...
R9
R10
Page : 5
a16
Byte sub
a3
..
b16
Byte sub
a2
Byte sub
b3
b2
a1
b = [M] a-1 + C
Byte sub
b1
Transposition
A
Mix column
Mix
column
Mix column
Mix column
4 x 32 bits
B = [C] A
Linear mapping
B
4 x 32 bits
Page : 6
Page : 7
Page : 8
Network Security
Mechanisms to support security within and between networks
IMEI Integrity
Integrity mechanisms for IMEI provided from login
Secure Services
Protect against misuse of services provided by Service Network
and Home Environment
Page : 9
Fraud Detection
Flexibility
Security features can be extended and enhanced as required by new
threats and services
Lawful Interception
Page : 10
3G User Confidentiality
User Confidentiality
Permanent user identity IMSI, user location, and user services cannot be
determined by eavesdropping
Achieved by use of temporary identity (TMSI) which is assigned by VLR
(IMSI is sent in clear text when establishing TMSI)
Mobile
USIM
VLR
Network
IMSI request
Visiting Location Register
IMSI
TMSI allocation
TMSI acknowledgement
Technical University of Braunschweig
Page : 11
Page : 12
Generation of authentication
data at Home Network site
RAND
f5
SQN AK
AK
AMF
Generate SQN
MAC
Generate RAND
SQN
RAND
AMF
SQN
K
AES
f1
f2
f3
f4
XMAC
RES
CK
IK
f1
MAC
f2
f3
f4
f5
XRES
CK
IK
AK
Page : 13
DIRECTION
MESSAGE
IK
f9
MAC -I
Sender
UE or RNC
Technical University of Braunschweig
COUNT-I
FRESH
DIRECTION
MESSAGE
IK
FRESH
KASUMI
f9
XMAC -I
Receiver
RNC or UE
Page : 14
DIRECTION
BEARER
CK
COUNT-C
LENGTH
f8
BEARER
CK
KEYSTREAM
BLOCK
PLAINTEXT
BLOCK
DIRECTION
LENGTH
f8
KEYSTREAM
BLOCK
CIPHERTEXT
BLOCK
Sender
UE or RNC
KASUMI
PLAINTEXT
BLOCK
Receiver
RNC or UE
Page : 15
Modern Cryptography
Public-Key Cryptography
Published 1976 by (Diffie &Hellman) at Stanford University
Page : 17
K-open = K-close
(Symmetric System)
- Open and close with the same
key which has to be agreed
secretly !!
K-open K-close
(Asymmetric System)
Page : 18
(Diffie-Hellman)
Open Register
B
Secret key-B
Secret key-A
tion
injec
SHIELD
! Same thing !
Shared Secret
Technical University of Braunschweig
Page : 19
shielded secret
How:
2 6 mod 11 = 9
log2 9 (mod 11) = 6
Discrete logarithm : no formula is known to compute log2 9 modulo 11 !
Technical University of Braunschweig
Page : 20
A
53=6
Secret key-A= 3
K-open-A= 6
53
K-open-B=
5 5.3
55=3
Secret key-B= 5
55
55
Shield
! same thing !
Z =515= 6
53
5 3.5
Page : 21
User A
Public register
User B
Ko= Kc-1
Close
Kc
( )Kc (mod m)
MKc.Ko = M
Kc
open
Ko
MKc
(MKc)Ko
Technical University of Braunschweig
Page : 22
Mathematical Model of a
Public-Key Crypto-system
(using asymmetric keys)
Sender
Message
Receiver
E ( Zp,X )
Y = E (Zp,X)
D ( Zs,Y )
Message
Channel
Zp
Zs
Secret-Key Zs
Public-Key Zp
Public-Key Zp
Public Directory
Z..
Zp
Z...
Page : 23
ax
message
shielded secret
shielded message
To break, find : M = y
(Invert... Factorization)
-1
Page : 24
( )2
X
?
Page : 25
Y = ak
(mod p)
Exponentiation
Factoring
Squaring
Y = M k (mod m)
m= p.q
C = M 2 (mod m)
Discrete Log.
Problem
Factorizing
Problem
Knapsack Problem
m = p.q , p, q = large primes
Technical University of Braunschweig
Page : 26
Open question ?
Is modern security a sort of Magic
which could be disclosed at some time ?
Technical University of Braunschweig
Page : 27
Cryptographic Protocols
No key cryptography, Secret Sharing
Page : 28
Pass 1
User A
Pass 2
Pass 3
B
Page : 29
User A
User B
p = large prime
All computations modulo p
Eb = secret key
Db = Eb-1
Ea = secret key
Da = Ea-1
1
=M
Ea Eb
Da
Ea
Ea
Eb
Ea Eb
Eb
Eb
Db
=M
Page : 30
Part A
10010
1001010100
10100
Part B
Page : 31
Random
BSS
11101
10100
Secret
+
Give User A
11101
+
10100
Technical University of Braunschweig
01001
Exchange to generate
Common secret
Common Secret
Between A and B
Give User B
+
10100
Page : 32
Appendix
Knapsack One Way Function
Page : 33
W1
W2
W3
W3
W4
W5
SUM=
449
SUM= w i x i
i 1
Easy if:
Superincreasing Knapsack: if Wi is more than the sum of all other smaller weights
Technical University of Braunschweig
* Ref. J. Massey
Cellular & Wireless Networks
Page : 34
17
35
71
63
easy knapsack
hard knapsack
2. Permute locations
and publish
174 27 167
63
108 130
published knapsack
Encrypt:
X=[1 0 1 0 1 0]
Y = 174 + 167 + 108 = 449
Plaintext
Cryptogram
Decrypt :
* Ref. J. Massey
Cellular & Wireless Networks
Page : 35