[Back]


Doctor's Theses (authored and supervised):

E. Trojer:
"Security Functions in Mobile Communication Systems";
Supervisor, Reviewer: E. Bonek, T. Johansson; Institut für Nachrichtentechnik und Hochfrequenztechnik, 2004.



English abstract:
The security features provided to a user by a communication network represent a key parameter
for the success of the system. Data confidentiality, entity authentication and bindingness are thus main
design principles of new generation mobile communication systems. To obtain this goal, new security
related protocols and algorithms for data encryption and authentication are used in these systems.
Most information on the security architectures can be found in standards and researchers can analyze the security
system for weaknesses by trying to mount efficient attacks. If such holes in a standard are found, protocol and
cipher designers can react by changing the design principle or by exchanging broken algorithms.
The aim of the present work is to evaluate the security functions of almost all
mobile systems in terms of protocol and crypto security by advanced mathematical tools. For weaknesses found,
countermeasurements are investigated and researched. The main attention is thereby focused on the
access part of the mobile network, i.e. the radio interface, which is vulnerable to eavesdropping by
an adversary. The following list gives a more detailed outline of the systems and algorithms discussed.

The authentication algorithms (Algorithm: COMP128/1, COMP128/2-R) and the data encryption functions
(Algorithms: A5/1, A5/2) of the second generation cell phone system GSM (Global System for
Mobile Communications) are cryptanalysed and several attacks and improvements are summarized. Together
with some exploits on the protocol layer, the GSM system can be viewed as insecure. Two new algorithms
COMP128/2 and A5/3 have been standardized recently. Since the details of these cipher designs are
not publicly available, cryptanalysis has not been possible. It is assumed that these two algorithms
are improved, but they will not be in use soon.

Also the security of the encryption algorithm used for the packet switched GPRS service (General Packet
Radio Service) is discussed on the basis of a reference algorithm (Algorithm: GEA-R) which is inherited from
the secret original version (Algorithm: GEA). It turns out, that the reference algorithm, as well as the
original, exhibit weaknesses that allow for practical key recovery by eavesdropping.

The third generation mobile network UMTS (Universal Mobile Telecommunications System) uses an improved
security architecture derivated from the one used in GSM. Stronger cipher primitives for data encryption
(Algorithm: Kasumi) and authentication (Algorithm: MILENAGE) have been chosen. This result is obtained by
analyzing the resistancy of the cryptobox against the two most powerful attacks (linear and differential
cryptanalysis).
The short range mobile communications standard Bluetooth represents a challenging task in terms of security
because of its ad-hoc character. The data encryption over the radio interface (Algorithm: E0) is presented and
cryptanalysed. Although several efficient attacks are found, the complexities are to high for gaining practical
relevancy.



Created from the Publication Database of the Vienna University of Technology.