Paper 2012/690
The Weakness of Integrity Protection for LTE
Teng Wu and Guang Gong
Abstract
In this paper, we concentrate on the security issues of the integrity protection of LTE and present two different forgery attacks. For the first attack, referred to as a {\em linear forgery attack}, EIA1 and EIA3, two integrity protection algorithms of LTE, are insecure if the initial value (IV) can be repeated twice during the life cycle of an integrity key (IK). Because of the linearity of EIA1 and EIA3, given two valid Message Authentication Codes (MACs) our algorithm can forge up to $2^{32}$ valid MACs. Thus, the probability of finding a valid MAC is dramatically increased. Although the combination of IV and IK never repeats in the ordinary case, in our well-designed scenario, the attacker can make the same combination occur twice. The duplication provides the opportunity to conduct our linear forgery attack, which may harm the security of communication. To test our linear forgery attack algorithm, we generate two counter check messages and successfully forge the third one. We also examine the attack timing by simulating real communication. From the experimental results, our attack is applicable. The second attack is referred to as a {\em trace extension forgery attack}, which works only in theory. However, this attack is more general than the linear forgery attack. Known only one MAC and message pair, we can construct a different message, who has the same MAC as the original one, with the probability $\frac{1}{2^{16}}$. In this attack, trace function is applied to the message to shrink the guessing space.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. this is the full version of the paper submitted to WiSec'13
- Keywords
- ForgeryMACLTEman-in-the-middle
- Contact author(s)
- teng wu @ uwaterloo ca
- History
- 2012-12-11: revised
- 2012-12-10: received
- See all versions
- Short URL
- https://ia.cr/2012/690
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/690, author = {Teng Wu and Guang Gong}, title = {The Weakness of Integrity Protection for {LTE}}, howpublished = {Cryptology {ePrint} Archive, Paper 2012/690}, year = {2012}, url = {https://eprint.iacr.org/2012/690} }