How to Enhance the Security of the 3GPP Confidentiality and Integrity Algorithms [chapter]

Tetsu Iwata, Kaoru Kurosawa
2005 Lecture Notes in Computer Science  
We consider the 3GPP confidentiality and integrity schemes that were adopted by Universal Mobile Telecommunication System, an emerging standard for third generation wireless communications. The schemes, known as f 8 and f 9, are based on the block cipher KASUMI. Although previous works claim security proofs for f 8 and f 9 , where f 9 is a generalized version of f 9, it was shown that these proofs are incorrect; it is impossible to prove f 8 and f 9 secure under the standard PRP assumption on
more » ... e underlying block cipher. Following the results, it was shown that it is possible to prove f 8 and f 9 secure if we make the assumption that the underlying block cipher is a secure PRP-RKA against a certain class of related-key attacks; here f 8 is a generalized version of f 8. Needless to say, the assumptions here are stronger than the standard PRP assumptions, and it is natural to seek a practical way to modify f 8 and f 9 to establish security proofs under the standard PRP assumption. In this paper, we propose f 8 + and f 9 + , slightly modified versions of f 8 and f 9 , but they allow proofs of security under the standard PRP assumption. Our results are practical in the sense that we insist on the minimal modifications; f 8 + is obtained from f 8 by setting the key modifier to all-zero, and f 9 + is obtained from f 9 by setting the key modifier to all-zero, and using the encryptions of two constants in the CBC MAC computation.
doi:10.1007/11502760_18 fatcat:3v4gz4p7trfc3czhykn6c4rtaa