Cryptography Reference
In-Depth Information
(
*+,
!
'%
"
!
)
"
$
!
"
!
"
%&
Fig. 3.
Block Diagram of Key Search Unit
5.4
Performance Evaluation
This section compares the performance achieved by our FPGA implementation
with the CUDA performance published in [4].
We used five different, randomly generated equation systems for evaluating
the maximum frequency by synthesizing the design for each of the equation
systems. Table 2 shows the achieved results.
Table 2.
Performance Evaluation (using 2
32
equations)
Max Frequency Performance [
keys
s
] Cost [
US
$] Cost-Performance
10
6
10
6
keys
US
$
·s
FPGA
140 MHz
408
.
8
·
169
2
.
42
·
10
6
10
6
keys
US
$
·s
[4] CUDA / GTX 260
unknown
148
·
190
0
.
78
·
6 Summary
The final attack could be applied as follows: In the first phase of the attack, the
adversary recovers keystreams by eavesdropping on a DECT call. If a phone is
used which displays a call duration counter that is implemented on the base sta-
tion, the adversary might be able to recover about 5 known keystreams per sec-
ond. After nearly two hours, the adversary has collected 2
15
known keystreams,
which can be processed in the next phase of the attack.
In the second phase of the attack, the adversary needs to generate frequency
tables from the known keystreams. We did not modify this step in our paper.
In the original attack, Nohl, Tews, and Weinmann used a SUN X4440 using 4
Quad-Core AMD Opteron CPUs running at 2.3 GHz to generate the tables in 20
minutes. This process is highly CPU bound, so that a single Opteron CPU could
accomplish the task in about 80 minutes. Because this can be started while the
first phase is still running, phases one and two need only two hours to complete.
Search WWH ::
Custom Search