KASUMI

KASUMI is a block cipher, which is used as a building block for cryptographic algorithms that are used in GSM and UMTS mobile networks are used. KASUMI is in stream ciphers A5 / 3, and A5 / 4 (GSM ) and GEA3 and GEA4 (GPRS ) is used for encrypting the communication via a radio link, and thus to guarantee confidentiality. In the UMTS network KASUMI is used for the production of all the keys for authentication and encryption. For example, the algorithm is used as a component of a Message Authentication Code to ensure the integrity of data.

KASUMI is a modification of Misty1. The developers of KASUMI have Misty1 made ​​faster and hardware- friendly. To this end, the key management has been simplified and changed some internal parameters. This means that Kasumi is prone to "related -key attacks".

Cryptanalysis

2001 " Impossible differential" attack on six rounds of KASUMI cipher of Ulrich Kühn was presented.

Presented in 2003 Elad Barkan, Eli Biham and Nathan Keller a man-in -the -middle attack against GSM, which makes it possible to bypass the A5/3-Verschlüsselungsalgorithmus. This attack is an attack against the GSM protocol and no attack on KASUMI itself A longer version of this paper was published in 2006. For more details, the Security section deficits in the article GSM dar.

In 2005, a "related key boomerang " - and presents a "related key rectangle" attack against KASUMI. Both crack faster than the brute- force method. The "related key rectangle" attack requires 254.6 chosen plaintexts, each must be encrypted by one of four "related keys". This attack has a time complexity of 276.1 KASUMI encryptions. This is a inpraktikable time complexity and prevents practical attacks. The "related key boomerang " attack takes place within the first six rounds of KASUMI. As a result, the attack takes 16 bits of the key with only 768 chosen plaintext and ciphertext. The paper challenges the testimony of experts regarding the safety of 3GPP KASUMI and recommends a review of the security of 3GPP protocols.

2010, a much more practical attack of Orr Dunkelman, Nathan Keller and Adi Shamir presented. The " sandwich " attack allows an attacker to extract the complete 128- bit key. First, adopts a " distinguisher " the first seven of eight rounds. Then the last round is analyzed. These four "related keys" and complexities of data at 256, 230 (about 1 GB) of memory and 232 for the time needed. The simulated attacks were carried out on an Intel Core Duo T7200 with 2 GB of RAM in 50 % of the tests in less than 112 minutes. Against the reference algorithm MISTY is known in contrast to KASUMI no faster attack than the brute- force method with a complexity of 2128. The paper shows that KASUMI is a much weaker algorithm than MISTY. However, can be made on the effectiveness of attacks against the implementation of KASUMI in the A5/3-Algorithmus for GSM networks no statement.