0 0 21 views

**Unformatted text preview: **

CMEA CMEA 1 CMEA Cellular Message Encryption Algorithm Designed for use with cell phones o To protect confidentiality of called number o For control channel not the data channel o Data channel encrypted with ORYX Part of a standard developed by TIA o Flaw in cipher discovered in 1997 Cipher design process not open o In violation of Kerckoffs Principle CMEA 2 CMEA Block cipher o 64 bit key o Variable block size typically 2 to 6 bytes CMEA is its own inverse o Recall that Enigma is its own inverse o Not clear that this is useful for CMEA CMEA uses Cave Table o A fixed 256 byte lookup table o Not a permutation CMEA 3 Cave Table Table has 256 bytes o 164 distinct values o 97 appear just once o 44 occur twice o 21 occur three times o 2 occur four times o Highly non uniform CMEA For example C 0x6a 0xf3 4 CMEA Let K0 K1 K7 be bytes of 64 bit key Let C be Cave Table For byte x define all are mod 256 Q x C x K0 K1 x R x C Q x K2 K3 x S x C R x K4 K5 x T x C S x K6 K7 x Table defined by T x used in CMEA CMEA 5 CMEA We have Q x C x K0 K1 x R x C Q x K2 K3 x S x C R x K4 K5 x T x C S x K6 K7 x Note that T x x is in C o Same is true of S x x R x x and Q x x Implies these values are biased o These facts used heavily in attacks CMEA 6 CMEA Algorithm Encrypt block of n bytes Uses T table o Which uses Cave Table Cipher is its own inverse o Same algorithm used for decryption CMEA 7 SCMEA The 1 in line 10 of CMEA complicates attack We define Simplified CMEA SCMEA to be same as CMEA without 1 That CMEA is replace line 10 of CMEA with 8 SCMEA Chosen Plaintext Attack Consider plaintext block of the form Corresponding 1st ciphertext byte is The plan of attack o Use chosen plaintext to find putative T 0 o With more chosen plaintext can then find putative T j for j 1 2 255 Note Recover T table and key is broken CMEA 9 SCMEA Chosen Plaintext Choose plaintext blocks of the form p0 p1 p2 1 x0 1 x0 0 where x0 is in the Cave Table Suppose we obtain Setting l j 0 in and we see that such an x0 is