FPGA Implementation of an Improved Attack against the DECT Standard Cipher - Information Security and Cryptology-ICISC 2010

Cryptography Reference

In-Depth Information

FPGA Implementation of an Improved Attack

against the DECT Standard Cipher

Michael Weiner, Erik Tews, Benedikt Heinz, and Johann Heyszl

Fraunhofer Institute for Secure Information Technology, Munich, Germany

TU Darmstadt, Germany

michaelweiner@mytum.de, e tews@cdc.informatik.tu-darmstadt.de,

{ benedikt.heinz,johann.heyszl } @aisec.fraunhofer.de

Abstract. The DECT Standard Cipher (DSC) is a proprietary stream

cipher used for enciphering payload of DECT transmissions such as cord-

less telephone calls. The algorithm was kept secret, but a team of cryp-

tologists reverse-engineered it and published a way to reduce the key

space when enough known keystreams are available [4]. The attack con-

sists of two phases: At first, the keystreams are analyzed to build up an

underdetermined linear equation system. In the second phase, a brute-

force attack is performed where the equation system limits the number

of potentially valid keys. In this paper, we present an improved variant

of the first phase of the attack as well as an optimized FPGA imple-

mentation of the second phase, which can be used with our improved

variant or with the original attack. Our improvement to the first phase

of the attack is able to more than double the success probability of the

attack, depending of the number of available keystreams. Our FPGA

implementation of the second phase of the attack is currently the most

cost-ecient way to execute the second phase of the attack.

Keywords: DECT, DECT Standard Cipher, DSC, Stream Cipher,

FPGA, Hardware-Accelerated Cryptanalysis.

1

Introduction

Digital Enhanced Cordless Telecommunications (DECT) is a standard for short

range cordless communication. DECT is mostly used for phones, however other

applications like wireless payment terminals, trac control and room monitor-

ing are possible. With more than 800 million DECT devices sold 1 ,itisoneof

the most commonly used systems for cordless phones besides GSM, UMTS and

CDMA. The DECT standard provides mutual authentication of devices and en-

cryption of the payload, however both features are optional and need not be

implemented on a device. DECT uses the DECT Standard Authentication Al-

gorithm (DSAA) for authentication and key exchange and the DECT Standard

Cipher (DSC) for encryption.

1 http://www.etsi.org/WebSite/NewsandEvents/201004 CATIQ.aspx

Search WWH ::

Custom Search

Home