Paper 2012/690

The Weakness of Integrity Protection for LTE

Teng Wu and Guang Gong

Abstract

In this paper, we concentrate on the security issues of the integrity protection of LTE and present two different forgery attacks. For the first attack, referred to as a {\em linear forgery attack}, EIA1 and EIA3, two integrity protection algorithms of LTE, are insecure if the initial value (IV) can be repeated twice during the life cycle of an integrity key (IK). Because of the linearity of EIA1 and EIA3, given two valid Message Authentication Codes (MACs) our algorithm can forge up to $2^{32}$ valid MACs. Thus, the probability of finding a valid MAC is dramatically increased. Although the combination of IV and IK never repeats in the ordinary case, in our well-designed scenario, the attacker can make the same combination occur twice. The duplication provides the opportunity to conduct our linear forgery attack, which may harm the security of communication. To test our linear forgery attack algorithm, we generate two counter check messages and successfully forge the third one. We also examine the attack timing by simulating real communication. From the experimental results, our attack is applicable. The second attack is referred to as a {\em trace extension forgery attack}, which works only in theory. However, this attack is more general than the linear forgery attack. Known only one MAC and message pair, we can construct a different message, who has the same MAC as the original one, with the probability $\frac{1}{2^{16}}$. In this attack, trace function is applied to the message to shrink the guessing space.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. this is the full version of the paper submitted to WiSec'13
Keywords
ForgeryMACLTEman-in-the-middle
Contact author(s)
teng wu @ uwaterloo ca
History
2012-12-11: revised
2012-12-10: received
See all versions
Short URL
https://ia.cr/2012/690
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/690,
      author = {Teng Wu and Guang Gong},
      title = {The Weakness of Integrity Protection for LTE},
      howpublished = {Cryptology ePrint Archive, Paper 2012/690},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/690}},
      url = {https://eprint.iacr.org/2012/690}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.