清华大学交叉信息研究院

Differential Power Analysis Attacks on COMP128-1: Or How to Clone Your GSM SIM c

演讲人： 郁昱华东师范大学、清华大学
时间： 2011-11-24 14:00-2011-11-24 15:00
地点：FIT 1-222
课件下载：点击下载
内容：

Despite the migration to 3G network being a major trend, the Global System for Mobile Communication (GSM) remains the current dominant technology for mobile communications worldwide, especially in many developing countries. As of August 2011, there are more than 740 million GSM subscribers in our country. The GSM specification mandates the use of a subscriber identity module (SIM) which is an integrated circuit situated in a mobile telephony device (typically a mobile phone) and it stores necessary credentials to identify itself and to authenticate to the networks. The oringinal COMP128-1 algorithm used for GSM authentication was found to be fatally flawed which leads to very efficient collision attacks. As a reaction, the major operators put several countermeasures in place to deter those attacks (any detected attempts will trigger a SIM card lock). In this talk, we introduce differential power analysis (DPA) attacks which bypass known countermeasures, and recover the secret key efficiently. We also propose countermeasures for defending DPA attacks and other related forms of side-channel attacks. No prior knowledge is required.

Disclaimer: this talk is intended for research purposes ONLY. The attacks presented require both physical access to victim SIM cards and special (advanced) equipment ($50000+), and thus are not easily realized in practice.

个人简介:

Yu Yu is an associate professor with the department of Computer Science, East China Normal University and adjunct associate professor at Institute for Interdisciplinary Information Sciences, Tsinghua University. He received his Ph.D from Nanyang Technological University, Singapore in 2006. Immediately after graduation, he joined the ICT security laboratory of T-Systems and worked as a cryptographic analyst with specialization in hands-on cryptanalysis, in particular, side-channel analysis of cryptographic hardware including SPA, DPA, EMA, etc. In 2008, he joined the UCL crypto group at Université catholique de Louvain (Belgium) as a postdoctoral researcher, where his research had focused on theoretical aspects of side-channel analysis, leakage-resilient cryptography and (pseudo)-randomness extraction. He has published more than 10 papers in top international conferences such as CRYPTO2011, CCS2010, ASIACCS2007.