Cryptanalysis of the DECT Standard Cipher

  • Karsten Nohl
  • Erik Tews
  • Ralf-Philipp Weinmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)

Abstract

The DECT Standard Cipher (DSC) is a proprietary 64-bit stream cipher based on irregularly clocked LFSRs and a non-linear output combiner. The cipher is meant to provide confidentiality for cordless telephony. This paper illustrates how the DSC was reverse-engineered from a hardware implementation using custom firmware and information on the structure of the cipher gathered from a patent. Beyond disclosing the DSC, the paper proposes a practical attack against DSC that recovers the secret key from 215 keystreams on a standard PC with a success rate of 50% within hours; somewhat faster when a CUDA graphics adapter is available.

Keywords

DECT DECT Standard Cipher stream cipher cryptanalysis linear feedback shift register 

References

  1. 1.
    MZA Telecoms & IT Analysts: Global cordless phone market. Press Release (August 2009)Google Scholar
  2. 2.
    DECT Forum: Positioning of DECT in relation to other radio access technologies. Report (June 2002)Google Scholar
  3. 3.
    Lucks, S., Schuler, A., Tews, E., Weinmann, R.P., Wenzel, M.: Attacks on the DECT authentication mechanisms. In: Fischlin, M. (ed.) RSA Conference 2009. LNCS, vol. 5473, pp. 48–65. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Transactions on Information Theory 49(1), 284–289 (2003)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Barkan, E., Biham, E.: Conditional estimators: An effective attack on A5/1. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Alcatel: Data ciphering device. U.S. Patent 5,608,802 (1994)Google Scholar
  8. 8.
    Nohl, K., Evans, D., Starbug, Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: van Oorschot, P.C. (ed.) USENIX Security Symposium 2008, USENIX Association, pp. 185–194 (2008)Google Scholar
  9. 9.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. Journal of Cryptology 21(3), 392–429 (2008)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Biham, E., Dunkelman, O.: Differential cryptanalysis in stream ciphers. Cryptology ePrint Archive, Report 2007/218 (2007), http://eprint.iacr.org/2007/218

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Karsten Nohl
    • 1
  • Erik Tews
    • 2
  • Ralf-Philipp Weinmann
    • 3
  1. 1.University of Virginia 
  2. 2.Technische Universität Darmstadt 
  3. 3.University of Luxembourg 

Personalised recommendations