A forgery attack on UMTA/4G-LTE integrity check and authentication

Subject:Computer SciencePrice: Bought3

Share With

A forgery attack on UMTA/4G-LTE integrity check and authentication.

Let a small size UIA2/EIA1 be defined over a finite field GF(31) where there is no truncating operation (i.e., each of P,Q,OTP is 5-bit, which is an element in GF(31)).

Let P = 00111 and M = 001100101111100. The GHASH of M, the component in UIA2/EIA 1, is given by

GHASHP(M)=M1P3 +M2P2 +M3P

where M = (M1, M2, M3) where

M1 = 00110, M2 = 01011, M3 = 11100

which are treated as binary numbers in GF(31), and the right most the least significant

bit.

(a) Compute GHASHP (M), the GHASH component in EIA 1.

(b) For M′ = 100000011100000, compute GHASHP (M′).

(c) With Q = 00011 and OTP = 00110, show that after attacker intercepts the MAC(M) and MAC(M′), he can forge a valid MAC(M2) where M2 = a(M + M′)+M where a is any nonzero element in GF(31). (Hint. Show that MAC(M2) = a[MAC(M) - MAC(M′)] + MAC(M).)