COMP128: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 17:46, 15 May 2012 editJac16888 (talk \| contribs)Administrators55,279 edits restore redirect to GSM until such time as someone can create it properly← Previous edit		Revision as of 19:08, 15 May 2012 edit undoBomazi (talk \| contribs)Extended confirmed users3,446 edits Preliminary english-language version :-)Next edit →
Line 1:		Line 1:
			'''COMP128''' is an implementation of the A3 and A8 algorithms defined in the ] standard. A3 is used to ] the mobile station to the network. A8 is used to generate the ] used to encrypt the data exchanged between the mobile station and the ].
	#redirect ]

			The algorithm was originally confidential. A partial description was leaked in 1997 and completed via ].

			The core of COMP128 is a ] with a 256 bits input and a 128 bits output. This function has nine rounds and a butterfly structure.

			==Security==
			COMP128 is considered unsafe because small changes in the hash input are not sufficiently dispersed. Due to the ], the system can be exploited to, for example, extract the ] card's key.

			== External links ==
			* (PDF-Datei; 8,17 MB)
			*
			* ''Reducing the Collision Probability of Alleged Comp128'' von H.Handschuh, P.Paillier, Springer-Verlag 2000 (PDF-Datei; 82 kB)
			*


			]

			]
			]

Revision as of 19:08, 15 May 2012

COMP128 is an implementation of the A3 and A8 algorithms defined in the GSM standard. A3 is used to authenticate the mobile station to the network. A8 is used to generate the session key used to encrypt the data exchanged between the mobile station and the BTS.

The algorithm was originally confidential. A partial description was leaked in 1997 and completed via reverse engineering.

The core of COMP128 is a hash function with a 256 bits input and a 128 bits output. This function has nine rounds and a butterfly structure.

Security

COMP128 is considered unsafe because small changes in the hash input are not sufficiently dispersed. Due to the birthday problem, the system can be exploited to, for example, extract the SIM card's key.

External links

"Sicherheit Mobiler Systeme" - Prof. Dr. Hannes Federrath - Lehrstuhl für Management der Informationssicherheit - Uni Regensburg (PDF-Datei; 8,17 MB)
Angriff von Briceno, Goldberg und Wagner
HP00 Reducing the Collision Probability of Alleged Comp128 von H.Handschuh, P.Paillier, Springer-Verlag 2000 (PDF-Datei; 82 kB)
Chaos Computer Club zur Angriffsmöglichkeit

Category:

GSM standard