The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Provable Security of 3GPP Integrity Algorithm f9

3GPP 무결성 알고리즘 f9의 증명가능 안전성

  • Hong, Do-won (Electronics and Telecommunications Research Institute) ;
  • Shin, Sang-Uk (Electronics and Telecommunications Research Institute) ;
  • Ryu, Heui-su (Electronics and Telecommunications Research Institute) ;
  • Chung, Kyo-Il (Electronics and Telecommunications Research Institute)
  • Published : 2002.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Within the security architecture of the 3GPP system there is a standardised integrity algorithm f9. The integrity algorithm f9 computes a MAC to authenticate the data integrity and data origin of signalling data over a radio access link of W-CDMA IMT-2000. f9 is a variant of the standard CBC MAC based on the block cipher KASUMI. In this paper we provide the provable security of f9 We prove that f9 is secure by giving concrete bound on an adversary's inability to forge in terms of her inability to distinguish the underlying block cipher from a pseudorandom permutation.

3GPP의 비동기식 IMT-2000 시스템의 보안 구조에는 표준 무결성 알고리즘 f9가 있다. f9는 비동기식(W-CDMA) IMT-2000의 무선 구간에서 데이터 무결성과 시그널링 데이터의 출처를 인증하기 위한 메시지 인증 코드(MAC)를 계산하는 알고리즘으로 블록 암호 KASUMI에 기반한 CBC-MAC의 변형이다. 이 논문은 f9의 증명 가능한 안전성을 제공한다. 기반이 되는 블록 암호가 유사 랜덤 순열이면 어떤 공격자에 대해서도 f9가 안전함을 증명한다.

Keywords

References

  1. M. Bellare, J. Kilian, P. Rogaway, 'The security of cipher block chaining,' Advances in Cryptology-Crypto'94, Springer-Verlag, LNCS 839, pp.341-358, 1994. An updated version can be found in the personal URLs of the authors. See, for example, http://www-cse.ucsd.edu/users/mihir/
  2. J. Black and P. Rogaway, 'CBC MACs for arbitrary-length messages : the three-key constructions,' Advances in Cry-ptology-Crypto'2000, Springer-Verlag, LNCS 1880, pp.197-215, 2000
  3. L. Carter and M. Wegman, 'Universal hash functions,' J. of Computer and System Sciences, Vol.18, pp.143-154, 1979 https://doi.org/10.1016/0022-0000(79)90044-8
  4. V. Gligor and P. Donescu, 'Fast encryption and authentication : XCBC encryption and XECB authentication modes,' Contribution to NIST, Available at http://csrc.nist.gov/en cryption/modes/, April, 2001
  5. J. Kang, S. Shin, D. Hong and O. Yi, 'Provable security of KASUMI and 3GPP encryption mode f8,' Advances in Cryptology-ASIACRYPT '2001, Springer-Verlag, LNCS 2248, pp.255-271, 2001
  6. J. Kang, O. Yi, D. Hong, and H. Cho, 'Pseudorandomness of MISTY-type transformations and the block cipher KASUMI,' ACISP 2001, Springer-Verlag, LNCS 2119, pp.60-73, 2001
  7. M. Luby and C. Rackoff, 'How to construct pseudorandom permutations and pseudorandom functions,' SIAM J. Comput, Vol.17, pp.189-203, 1988
  8. E. Petrank, C. Rackoff, 'CBC MAC for Real-Time Data Source,' Journal of Cryptology, Vol.13, pp.315-338, 2000 https://doi.org/10.1007/s001450010009
  9. P. Rogaway, 'PMAC : A parallelizable message authentication code,' Contribution to NIST, Available at http:// csrc.nist.gov/encryption/modes/, April, 2001
  10. M. Wegman and L. Carter, 'New hash functions and their use in authentication and set equality,' J. of Computer and System Sciences, Vol.22, pp.265-279, 1981 https://doi.org/10.1016/0022-0000(81)90033-7
  11. 3G TS 35.201 'Specification of the 3GPP confidentiality and integrity algorithm ; Document 1 : f 8 and f 9 specifications,'