Advertisement

Reducing the time required by KASUMI to generate output by modifying the FL and FI functions

  • Raja Muthalagu
  • Subeen Jain
Original Article

Abstract

KASUMI is an eight-round Fiestel network that produces 64-bit output data from 64-bit input data using a 128-bit key. Three functions, FL, FO, FI , are involved in each round and each function has its respective keys KL, KO, KI. This work proposed the modifications in existing KASUMI block cipher, which can reduce time delay for generating 64-bit encrypted data. Also, we proposed a modification in FL functions: FL(a) and FL(b) of the existing KASUMI block cipher. Rijndael’s 32-bit S-box is introduced in FL (a) function of standard FL function so that it can only work with 16-bit data. The second modification is introduced in the FL(b) function by adding a third stage where XOR and shift operations are involved before the final concatenation of two 16-bit data inside the standard FL function. In addition, the FI function uses S7 and S9 tables only one time instead of two times in the existing KASUMI block cipher, which leads to reduce the overall time delay. The performance improvement of the proposed algorithm over the conventional algorithm is verified by simulation results.

Keywords

KASUMI FL function FI function S\(_{R}\)- box NIST statistical suite 

1 Introduction

The rapid growth of mobile communications has increased the requirement of having secure network/communication between the users. Multiple ways of attacking or hacking a network are used by an attacker. As the wireless mode of communications provides feasibility and ease to the users, the security of information being exchanged within two users or group of users is always a threat. Many algorithms which are used for different encryption purposes have been proposed, of which some have proved resistant toward attacks while some are attacked and, hence, proved weaker by attackers [1, 2]. For having a secure network, encryption services and algorithms involved need to be robust to provide end-to-end secure transmission of data among various users. It poses a challenge for designers to design highly secure and attack-resistant algorithm for encryption of data. We have one such algorithm used for mobile communication, KASUMI, for providing encryption services in mobile networks like 3G network. Confidentiality algorithms f8, encryption algorithm, and f9, integrity algorithm, are based on the KASUMI algorithm. KASUMI is evolved from MISTY1 algorithm to provide users a safe and secure way for exchange of data. KASUMI was slightly modified from MISTY1 to make its hardware implementation easier to meets security requirements for 3G mobile communications.

In [3, 4, 5, 6], various attacks such as boomerang attack, single-key attack, related key attack and various others related to KASUMI were discussed, which indicates that KASUMI is a weak algorithm. Though these attacks were powerful and posed a threat, they were not considered a serious threat due to impractical assumptions made as given by 3GPP in [2] and, thus, inapplicable to real-life attack on full KASUMI. But since there are chances of these or other similar attacks being carried out practically, new algorithms are designed and worked upon to provide high confidentiality and security of data.

In this paper, we have discussed a way to reduce the time taken by KASUMI using two different FL functions that are FL1(a) and FL(b). FL1(a) uses S- box, which carries operation on one of the 16-bit data in a standard FL function. FL(b) function has a third round where cyclic rotation of the bits is performed on one of the 16-bit data of the FL function, which is then XOR with another 16-bit data in the FL function. The second important change that we have made is a reduction in the number of rounds of the FI function from four to two. We have eliminated the last two rounds in the FI function, i.e., we have taken the use of S9 and S7 lookup tables only once. We have kept only the first two rounds. The time consumed by the two removed rounds of FI function is now utilized by the S\(_{R}\)- box in FL1(a) and one added third round in the FL(b) function. After making out these changes, the overall time taken by KASUMI to produce the output is few seconds less than that of the conventional one.

This paper is organized in the following way. Section 2 gives briefly an overview of KASUMI. Different functions and keys used in each round for their respective functions are described. Section 3 discusses our proposed work in KASUMI. It discusses about changes and modifications proposed in the FL and FI function. After implementing these changes, the overall time taken to generate the final output is less than a conventional KASUMI algorithm. Section 4 provides the results of our proposed work where we have provided tables and graphs for making a comparison among modified and conventional KASUMI. At the end, we have Sect. 6 which provides a conclusion of the proposed work.

2 Literature survey

Many works related to KASUMI are presented and mostly deal with performance analysis of KASUMI. Various attacks are published related to the security of KASUMI and prove that attack on all eight rounds of algorithm can be done. Few papers have discussed about increasing the number of rounds in KASUMI from the present eight to more rounds to improve its security, while some have proved that KASUMI is rather weaker than the MISTY algorithm [3, 4]. People came with KASUMI’s alternative like XXTEA, SMS4 and others to make data more secure than using KASUMI. As discussed in [7], the first serious attack on KASUMI was the “related key” attack done on the fifth and sixth round and succeeded in obtaining the key (Blunden & Escott, 2002). After that, a new attack based on KASUMI was differential cryptanalysis which used efficiently chosen plain texts for five rounds of KASUMI. Another study done by a group of researchers came up with “related-key rectangle” attack on full round KASUMI, but this type of attack was successful theoretically only.

In 2010, the entire 128-bit key used in all rounds of KASUMI was taken out by using only 4 related key with a new attack called ‘sandwich attack’ by Dunkelman, Keller and Shamir. Some of the modifications were also proposed to optimize the functioning of KASUMI [8]. In 2014, Wang et al. DFA attacked KASUMI-64, which is the base of the A5/3 cryptosystem. Through this attack it was shown that only one 16-bit word fault was enough to perform a successful key recovery attack. Emphasis was made on the last two rounds of KASUMI and was proposed that these two rounds should be specially designed to protect against fault injection [9]. Many algorithms have been proposed and are used for different encryption purposes [10, 11, 12, 13]. Some have proved resistant toward attacks, while some have high security issue with them and, hence, prove to be weaker by attackers.

3 Overview of KASUMI

KASUMI is a modified form of cipher algorithm MISTY1 [14, 15, 16, 17, 18]. It is a Fiestel network of eight rounds taking an input of 64 bits and giving an output of 64 bits by using a 128-bit key for each round. The functions of KASUMI, FI, FO and FL, performed by them are completely different from each other and they use key values for doing their operations. The key values are KI for FI function, KO for FO function and, KL for FL function for all eight rounds. Figure 1. provides the Fiestel structure of the eight- round KASUMI algorithm. For odd numbered rounds, the function FL comes before FO, FI functions, while in even numbered rounds, FO, FI comes before the FL function. A brief description of the three functions of the algorithm is given below along with the key-value operations done with them. The FO, FI and FL functions are shown in Figs. 2, 3 and 4, respectively.
Fig. 1

KASUMI

3.1 FL function

This function has two rounds of operation as shown in Fig. 4. It takes 32-bit input and performs operation on it using a 32-bit key and KL to produce a 32-bit output. In each round, the key and KL is divided into two 16-bit values as shown below:
$$\begin{aligned} \textit{KL}_{\textit{i}}= \textit{KL}_{\textit{i,1}}{\vert }{\vert }{} \textit{KL}_{\textit{i,2}}. \end{aligned}$$
(1)
The input is divided into two 16-bit values, L (left) and R (right), as given below:
$$\begin{aligned} \textit{R}^{\varvec{\prime }}= \textit{R}{{\oplus }}{} \textit{ROL}(\textit{L} \cap \textit{KL}_\textit{i,1}) \end{aligned}$$
(2)
and
$$\begin{aligned} \textit{L}^{\varvec{\prime }} = \textit{L} \oplus \textit{ROL}(\textit{R}^{\varvec{\prime }}\cup \textit{KL}_{\textit{i,2}}), \end{aligned}$$
(3)
where R’ and L’ are each 16-bit value obtained after performing operations on L and R. Values obtained are then concatenated to make a 32-bit output which is passed further for operations on it.

3.2 FO function

This function has three rounds of operation as shown in Fig. 1. It first takes a 32-bit input, divides it into two equal 16-bit values and performs operation on it using a 48-bit key KO, and another 48-bit sub-key KI is used in FI function. The FO function is shown in Fig. 2. The 48-bit sub-keys are subdivided into three 16-bit sub-keys, where:
$$\begin{aligned} \textit{KO}_{\textit{i}}= \textit{KO}_{\textit{i,1}}{\vert }{\vert }{} \textit{KO}_{\textit{i,2}} {\vert }{\vert } \textit{KO}_{\textit{i,3}} \end{aligned}$$
(4)
and
$$\begin{aligned} \textit{KI}_{\textit{i}}= \textit{KI}_{\textit{i,1}}{\vert }{\vert } \textit{KI}_{\textit{i,2}}{\vert }{\vert } \textit{KI}_{\textit{i,3}}. \end{aligned}$$
(5)
For each integerj (number of rounds within FO) with 1 \(\le \) j \(\le \) 3, R\(_{j}\) and L\(_{j }\)are given as:
$$ \begin{aligned} \textit{R}_{\textit{j}}= \textit{FI} (\textit{L}_{\textit{j-1}} \oplus \textit{KO}_{\textit{i,j}}, \textit{KI}_{\textit{i,j}}) \oplus \textit{R}_{\textit{j-1}}\;\; \& \;\; \textit{L}_{\textit{j}}= \textit{R}_{\textit{j-1}}. \end{aligned}$$
(6)
Then, we return the 32-bit concatenated value obtained (L\(_{3}{\vert }{\vert }\) R\(_{3}\)) after completion of the FO function. The FL function is used three times in the FO function. In the FLi1 function, ‘i’ indicates the \(\;n\mathrm{th}\) round value and ‘1’ indicates one of the three rounds of FL inside the FO function.
Fig. 2

FO Function

3.3 FI function

This function involves four rounds of operation. The FI function takes 16 bits of input data and gives an output of 16 bits. The data is split into 9 bits, say L\(_{0}\), which goes to the left side of the FI function, and a 7-bit value, say R\(_{0}\), which goes to the right side of the FI function. S9 box is used when the 9-bit data is operated and S7 box is used when the 7-bit data is operated. The FI box is shown in Fig. 3.

Truncation of the 9-bit data is done by removing the two most significant bits when it operates with 7-bit data and that 7-bit data is zero padded by adding two zeros as the most significant bits when it is operated with 9-bit data. The symbols for truncation and zero padding are given by TR() and ZE(), respectively. We define the following series of operations:
$$\begin{aligned} {\textit{L}}_{\textit{1}}= & {} {\textit{R}}_{\textit{0}}\qquad {\textit{R}}_{{\textit{1}}}= {\textit{S9}}[{\textit{L}}_{{\textit{0}}}] \oplus {\textit{ZE}}({\textit{R}}_{{\textit{0}}}), \end{aligned}$$
(7)
$$\begin{aligned} {\textit{L}}_{{\textit{2}}}= & {} {\textit{R}}_{{\textit{1}}}\oplus {\textit{KI}}_{{\textit{i,j,2}}}\qquad {\textit{R}}_{{\textit{2}}}= {\textit{S7}}[{\textit{L}}_{{\textit{1}}}] \oplus {\textit{TR}}({\textit{R}}_{{\textit{1}}}) \oplus {\textit{KI}}_{{\textit{i,j,1}}}, \end{aligned}$$
(8)
$$\begin{aligned} {\textit{L}}_{{\textit{3}}}= & {} {\textit{R}}_{{\textit{2}}}\qquad {\textit{R}}_{{\textit{3}}}= {\textit{S9}}[{\textit{L}}_{{\textit{2}}}] \oplus {\textit{ZE}}({\textit{R}}_{{\textit{2}}}), \end{aligned}$$
(9)
$$\begin{aligned} {\textit{L}}_{{\textit{4}}}= & {} {\textit{S7}}[{\textit{L}}_{{\textit{3}}}] \oplus {\textit{TR}}({\textit{R}}_{{\textit{3}}}) \qquad {\textit{R}}_{{\textit{4}}}= {\textit{R}}_{{\textit{3}}}. \end{aligned}$$
(10)
The function returns the 16-bit value \({\textit{(L}_{4} {\vert }{\vert } \textit{R}}_{4 }{\textit{).}}\)
Figures. 1, 2, 3, and 4 provide the structure of KASUMI [19] along with three functions used in it.
Fig. 3

FI Function

4 32 X 32-bit S-Box

The S-box maps the 32-bit input to produce the 32-bit output. Let \({\textit{w = w}}_{0}{\vert }{\vert }{\textit{w}}_{1}{\vert }{\vert }{\textit{w}}_{2} {\vert }{\vert }{\textit{w}}_{3},\) where w is the 32-bit input data and \(\hbox {w}_{0}\) is the most significant byte and \({\textit{w}}_{3}\) is the least significant byte. Then we have \({\textit{S}}_{1}{\textit{(w) =r}}_{0}{\vert }{\vert }{\textit{r}}_{1}{\vert } {\vert }{\textit{r}}_{2}{\vert }{\vert }{\textit{r}}_{3},\) where r\(_{0}\) is the most and r\(_{3}\) is the least significant byte. The values corresponding to r\(_{0}\), r\(_{1}\), r\(_{2}\), r\(_{3}\) are obtained using equations as described in [20]. These 8-bit r values involve the use of S\(_{R}\)-box which is briefly described in the next part. In this paper, we have considered using Rijndael’s S-box for computing values of the input bits in FL function. We have taken the use of the 16-bit S-box by converting the 32-bit S-box. Instead of using all 8-bit r values (r\(_{0}\) , r\(_{1}\) , r\(_{2}\) , r\(_{3}\)), we used only two r values to get the 16-bit data with small modification in them. This is given in Sect. 6 of this paper.

4.1 Rijndael S \(_{R}\) -box

It has an 8-bit operation and maps from 8-bit to 8-bit. Both the input and output are taken in hexadecimal forms. The input values use the computing tables to produce the output. Let \({\textit{x}}_{0}, {\textit{x}}_{1}, {\textit{y}}_{0}, {\textit{y}}_{1}\) be hexadecimal digits with \({\textit{S}}_{R}({\textit{x}}_{0}{\textit{2}}^{4}+{\textit{x}}_{1}) = y_{0}{\textit{2}}^{4}+{\textit{y}}_{1}\), then the cell at the intersection of the \({\textit{x}}_{0}^\mathrm{th}\) row and the \({\textit{x}}_{1}^\mathrm{th}\) column contains the values for \({\textit{y}}_{0}{{\vert }{\vert }}{\textit{y}_{1}}\) in hexadecimal form. We can find one example already given in [20], which explains how values using Rijndael S-box table can be computed.
Fig. 4

FL Function

5 Proposed work on KASUMI

In this paper, we have made modifications in the FL function by making two separate FL functions. The second change which we made is in the FI function, where we removed the last two rounds of operations and, so, used S9 and S7 tables only once.

In this paper, we have suggested modifications in the FL function. Two FL functions are used after modifying the original FL function, which are FL1(a) and FL(b) functions.

FL1(a) function uses a 16-bit S\(_{R}\)- box. Its diagram is shown in Fig. 5. Functioning of FL1(a) is the same as that of the original FL function except for the inclusion of the S\(_{R}\)- box. This S- box performs operation on the 16-bit data entering FL function from the right side. This FL1(a) function is used four times in eight rounds of KASUMI (i.e., 1st, 3rd, 5th and 7th round).
Fig. 5

The FL1(a) function

We made the second small change in the original FL function by adding a third round to it, naming it FL(b). Its diagram is shown in Fig. 6. We have done a cyclic shift of the bits present on the right side of the FL function and then XOR it with the 16-bit data from the left side, which is shown in Fig. 6. This FL(b) function is used four times in the 2nd, 4th, 6th, and 8th round of KASUMI.
Fig. 6

The FL(b) function

Fig. 7

The FI function

Figure 8 shows where we have used the FL1(a) and FL(b) functions in the eight-round structure of KASUMI. The FL1(a) function and FL(b) function have KL keys in them, which are used in a different pattern. For the FL1(a) function, both the KL keys (KL\(_{i,1 }\)and KL\(_{i,2})\) used over here are of \(n\mathrm{th}\) round value, i.e.,
$$ \begin{aligned} \textit{KL}_{\textit{i,1}}{} \textit{[(index) \& 0x7]}\,\mathrm{{and}} \end{aligned}$$
(11)
$$ \begin{aligned} \textit{KL}_{\textit{i,2}}{} \textit{[(index) \& 0x7]}, \end{aligned}$$
(12)
while in the FL(b) function KL the keys use \((n+1)\mathrm{{th}}\) round key value, i.e.,
$$ \begin{aligned} {\textit{KL}}_{i,1 }{\textit{[(index+1) \& 0x7] }}\mathrm{{and}} \end{aligned}$$
(13)
$$ \begin{aligned} {\textit{KL}}_{i,2}{\textit{[(index+1) \& 0x7] }}. \end{aligned}$$
(14)
This was done so that two different FL functions do not use the same key value.
Fig. 8

Proposed KASUMI structure (using FL1(a) and FL(b) function)

The 16-bit S\(_{R}\)- box used in the FL1(a) function use the following operations:
$$\begin{aligned} {\textit{r0}}= & {} ({\textit{srw2}} \;^{\wedge }\; (({\textit{MULx}}({\textit{srw3}},\, {\textit{0x1b}})) \hat{} {\textit{srw3}})), \end{aligned}$$
(15)
$$\begin{aligned} {\textit{r1}}= & {} (((\textit{MULx} (\textit{srw2},\, \textit{0x1b})) \hat{} \textit{srw2}) \hat{} (\textit{MULx}(\textit{srw3,0x1b}))),\nonumber \\ \end{aligned}$$
(16)
where ‘srw2’ and ‘srw3’ are 8-bit values and are computed as shown in [20] and ‘r0’, and ‘r1’ are each 8-bit values, which take input data, perform certain operations on input data and produce output data. The output values produced from these two equations are then concatenated. After concatenating the above two 8-bit values ‘r0’ and ‘r1’, we will get a 16-bit value as an output from the S\(_{R}\)- box. In traditional KASUMI, we have KLi,1 [(index)] as a key present in the first stage of the FL function, which is present in each of the eight rounds of KASUMI. In our case, we have just done masking operation, in case the index value becomes greater than 7. The KLi,1 [(index) & 0x7] is the same as the KLi,1 [(index)].

As given in [1, 2], the FL function is not seen from the point of security and FO & FI provide security features to KASUMI. The FL is a linear function, and the security of the algorithm does not depend on this function. The main purpose is to be a low cost additional scrambling, making individual bits harder to track through the rounds. So, we proposed a change in the FL function using 16-bit S\(_{R}\)- box to make FL one of the security components in the algorithm. Using this S\(_{R}\)- box, we can introduce some non-linearity in the FL function, which can, hence, make it difficult to track the output bits from the FL function. The S\(_{R}\)- box is used in many algorithms like in AES, SNOW-3G is one of the main components of security.

S9 and S7 are lookup tables only which have no operations involved, like the one present in Rijndael’s S- box that computes output bits. But as given in [2], S9 and S7 also provide some non-linearity to the data, and we have not discarded them completely or made any change in their operation/function. Instead of using both S9 and S7 tables two times in four rounds of the standard FI function, we have used both of them once in two rounds of the FI function. The FI function is now reduced to two rounds rather than four rounds, and the time consumed, when we used S9 and S7 twice in FI function, is now used over in two new different FL functions. In fact, the time is consumed lesser by few seconds in the new design proposed. The FI function is shown in Figs. 7, 8.

6 Simulation results

The algorithm was tested using the NIST [15] statistical test suite where all 15 tests were passed. This suite is used for testing of randomness produced in the proposed modified algorithm. The encryption time required by the modified algorithm indicates a decrease by few seconds compared to the original KASUMI as given in Table 1. The comparison methods used in [11, 12, 13] and many other ways of testing are different from our paper. Some of these are based on FIPS or SAC standards which are also another way of testing algorithms. In our case, for making comparison, we have given a large array of numbers at a single time to the proposed KASUMI algorithm to find out the approximate time taken. The ‘No. of iterations’ mentioned in tables below indicate number of times the output values are generated continuously when the algorithm is in operation mode without any halt. For example, 9*10\(^{6}\) means that the algorithm will run this number of times to produce the output values. Testing was software based (MobaXterm linux application), done on Intel (R) Core(TM) i7-4770 CPU @ 3.4GHz Table 2.
Table 1

Proposed modified KASUMI algorithm (using FL1(a) and FL(b) function)

No. of iterations

Encryption time taken

Encryption speed (Mbps)

9 \(\times \) 10\(^{6}\)

4 s

2.25

1 \(\times \) 10\(^{7}\)

4 s

2.5

2 \(\times \) 10\(^{7}\)

9 s

2.22

3 \(\times \) 10\(^{7}\)

14 s

2.1428

4 \(\times \) 10\(^{7}\)

19 s

2.1052

5 \(\times \) 10\(^{7}\)

23 s

2.1739

6 \(\times \) 10\(^{7}\)

28 s

2.1428

7 \(\times \) 10\(^{7}\)

33 s

2.1212

8 \(\times \) 10\(^{7}\)

38 s

2.1052

9 \(\times \) 10\(^{7}\)

42 s

2.1428

1 \(\times \) 10\(^{8}\)

47 s

2.1276

Table 2

The original KASUMI algorithm

No. of iterations

Encryption time taken

Encryption speed (Mbps)

9 \(\times \) 10\(^{6}\)

4 s

2.25

1 \(\times \) 10\(^{7}\)

5 s

2.00

2 \(\times \) 10\(^{7}\)

10 s

2.00

3 \(\times \) 10\(^{7}\)

15 s

2.00

4 \(\times \) 10\(^{7}\)

20 s

2.00

5 \(\times \) 10\(^{7}\)

25 s

2.00

6 \(\times \) 10\(^{7}\)

30 s

2.00

7 \(\times \) 10\(^{7}\)

35 s

2.00

8 \(\times \) 10\(^{7}\)

40 s

2.00

9 \(\times \) 10\(^{7}\)

45 s

2.00

1 \(\times \) 10\(^{8}\)

50 s

2.00

Fig. 9

Time comparison of modified KASUMI and conventional KASUMI

Fig. 10

Encryption speed comparison of modified and conventional KASUMI

Figures. 9 and 10 illustrate the comparison between modified KASUMI and conventional KASUMI in terms of time (in seconds) and encryption speed (in Mbps). We can observe from the results that the modified algorithm consumes less time and has better encryption speed than conventional KASUMI.

7 Conclusion and future works

In this paper, we have proposed modifications in the FL function by, firstly, adding a third round to it and, secondly, adding Rijndael’s S- box. By the use of S\(_{R}\)- box, we have made the FL function produce non-linear bits in output, which can make it difficult to track down bits in the output. We have reduced the use of S7 and S9 box lookup tables in the FI function using both of them once each, i.e., in the first round of the FI function, only the S9 box will be used and the second round will have only the S7 box. After making these changes in the FI and FL functions, we have reduced the total time consumption of the algorithm to produce the output by a few seconds. In future, it is possible to make the FL function more secure by adding security elements, as it has no role in providing security, according to the conventional KASUMI algorithm. It is also possible to modify S7 and S9 boxes in the FI function to make them more robust toward attacks. This work considers only using S7 and S9 boxes in the FI function in the first two rounds while eliminating the third and fourth round operations.

References

  1. 1.
    Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms. In: Roy, B., Meier, W. (eds.) Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol. 3017. Springer, Berlin (2004)Google Scholar
  2. 2.
    3GPP TS 35.201 v 3.1.1.: Specification of the 3GPP confidentiality and integrity algorithms, Document 1: f8 and f9 specification. Available at https://portal.etsi.org/new3g/tb/other/algorithms/35201-311.pdf
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: A related–key rectangle attack on the full KASUMI. In: Roy, B. (eds.) Advances inCryptology–ASIACRYPT 2005. ASIACRYPT 2005. Lecture Notes in Computer Science, vol. 3788. Springer, Berlin (2005)Google Scholar
  4. 4.
    Dunkelman, O., Keller, N., Shamir, A.: A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony. In: Cryptology ePrint Archive, Report 2010/013 (2010)Google Scholar
  5. 5.
    Saito, T.: A single-key attack on 6-round KASUMI. pp. 1–13Google Scholar
  6. 6.
    Zongyue, W., Xiaoyang, D., Keting, J., Jingyuan, Z.: Differential fault attack on KASUMI cipher used in GSM telephony. Math. Probl. Eng. 2014, 7 (2014) (Article ID 251853)Google Scholar
  7. 7.
    Akgün, F., Buluş, E.: Comparison of encryption algorithms strength used in 3G mobile communication. Trakya Univ. J. Eng. Sci. 17(1), 1–11 (2016)Google Scholar
  8. 8.
    Fang, R., Ying-jian, Y., Xiao-bing, F.: A small and efficient hardware implementation of the KASUMI. In: Proceedings of WASE International Conference on Information Engineering, Taiyuan, Chanxi, 2009, pp. 377–380. IEEE (2009).  https://doi.org/10.1109/ICIE.2009.187
  9. 9.
    Wang, Z., Dong, X., Jia, K., Zhao, J.: Differential fault attack on KASUMI cipher used in GSM telephony. Math Probl Eng. 2014, 7 (2014). Art ID 251853.  https://doi.org/10.1155/2014/251853
  10. 10.
    Chetioui, K., Orhanou, G., El Hajji, S.: New protocol E-DNSSEC to enhance DNSSEC security. Int. J. Netw. Secur. 20(1), 19–24 (2018)Google Scholar
  11. 11.
    Zhu, H., Zhang, Y., Sun, Y.: Provably secure multi-server privacy-protection system based on Chebyshev Chaotic maps without using symmetric cryptography. Int. J. Netw. Secur. 18(5), 803–815 (2016)Google Scholar
  12. 12.
    Chen, C.-S., Xi, Y., Xiang, Y.-X., Li, X., Li, T.: An improved DPA attack on DES with forth and back random round algorithm. Int. J. Netw. Secur. 19(2), 285–294 (2017)Google Scholar
  13. 13.
    Raja, M., Jain, S.: Modifying LFSR of ZUC to reduce time for key-stream generation. J. Cyber Secur. Mobil. 5–4, 257–268 (2017)Google Scholar
  14. 14.
    3GPP TS 35.202 v 3.1.1.: Specification of the 3GPP confidentiality and integrity algorithms, Document 2: KASUMI specification. Available at https://portal.etsi.org/new3g/tb/other/algorithms/35202-311.pdf
  15. 15.
    Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST special publication 800-22, Revision 1a. National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA (2001). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf
  16. 16.
    Yi, W., Chen, S.: Multidimensional zero-correlation linear cryptanalysis of the block cipher KASUMI. IET Inf. Secur. 10(4), 215–221 (2016).  https://doi.org/10.1049/iet-ifs.2014.0543
  17. 17.
    Yingsong, W., Wei, C.: f8 keystream generator with SMS4 as core algorithm. In: Proceedings of Fifth International Conference on Information Assurance and Security Xi’an, 2009, pp. 23–26. IEEE (2009).  https://doi.org/10.1109/IAS.2009.290
  18. 18.
    Shi, H., Deng, Y., Guan, Y., Jia, P., Ma, F.: Analysis of the avalanche property of the KASUMI algorithm. In: Proceedings of International Conference on Automatic Control and Artificial Intelligence (ACAI 2012), Xiamen, pp. 500–503. IEEE (2012).  https://doi.org/10.1049/cp.2012.1025
  19. 19.
    Sima, I., Tarmurean, D., Greu, V., Diaconu, A.: XXTEA, an alternative replacement of KASUMI cipher algorithm in A5/3 GSM and f8, f9 UMTS data security functions In: Proceedings of 9th International Conference on Communications (COMM), Bucharest, pp. 323–326. IEEE (2012).  https://doi.org/10.1109/ICComm.2012.6262617
  20. 20.
    ETSI/SAGE: The SNOW 3G algorithm is the core of the standardised 3GPP Confidentiality and Integrity algorithms UEA2 & UIA2. In: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification, Version 1.1 (2006)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of EEEBITS, PilaniDubaiUAE

Personalised recommendations