06-06-2010, 01:51 PM
[attachment=3692]
Presented By:
Anita
Rita Mahajan
Dr. Nupur Prakash
ABSTRACT
3G provides two types of security algorithms, KASUMI for encryption and Milenage for authentication. This paper presents performance analysis and comparison between the algorithms in terms of time complexity. Parameters considered are processing power and input size. Security features may have adverse effect on quality of services offered to the end users and the system capacity. The computational cost overhead that the security protocols and algorithms impose on lightweight and users devices is analyzed. The analysis results revealed the effect of authentication and encryption algorithms of 3G on system performance defined in terms of throughput.
1. INTRODUCTION
The Universal Mobile Telecommunication system (UMTS) is a realization of third generation (3G) networks, which intend to establish a single integrated and secure network. Mobile/wireless Internet is becoming available with 3G mobile communication systems. Wireless networks are as such less secure and mobility further adds to security risk. Therefore, it is desirable that 3G is at least as secure as fixed networks. The complete 3G security architecture consists of five major security classes: (i) network access security, (ii) network domain security, (iii) user domain security, (iv) application domain security and (v) visibility and configurability of security .
Security is achieved at the cost of performance degradation; it is critical and fundamental to quantitatively measure overhead caused by various security services.
Network access security is a key component in the 3G security. The class deals with the set of security mechanisms that provide users with secure access to 3G services. Such mechanisms include: (i) user identity confidentiality, ii) authentication and key agreement, (iii) Data confidentiality and (iv) Integrity Protection. In 3G UMTS, encryption is implemented using KASUMI algorithm and authentication is implemented using MILENAGE algorithm.
The rest of this article is organized as follows. 3G security overview is presented in section 2. In section 3, analytical analysis is provided for 3G encryption and authentication algorithms with respect to time complexity. Section 4, provides the throughput of encryption and authentication algorithm. Finally, summary and conclusion are discussed in section 5.
2. 3G SECURITY OVERVIEW
Third generation mobile systems such as UMTS revolutionized telecommunications technology by offering mobile users content rich services, wireless broadband access to Internet, and worldwide roaming. However, the broadcast nature of the wireless communication and increased popularity of wireless devices introduce serious security vulnerabilities. Mobile users and providers must be assured of the correct identity of the communicating party; user and signaling data must be protected with confidentiality and integrity mechanisms.
Encryption and Authentication are the two main security mechanisms in 3G network access securities.
Authentication Protocols
Within the security architecture of the 3GPP system there are two standardized algorithm: a confidentiality algorithm f8, and an integrity algorithm f9 [4]. Each of these algorithms is based on the KASUMI algorithm.
Authentication
The UMTS authentication algorithm consists of seven functions f1,f1*,f2,f3,f4,f5 and f5*. The standardized algorithm set for these seven functions is called MILENAGE [4][8]. MILENAGE has been designed by the experienced group that already designed KASUMI, f8 and f9. For MILENAGE, a specific kernel has to be chosen, and therefore Rijndael was selected [7]. Rijndael is an iterated block cipher with a 128 bit block length and a 128 bit key length. It is composed of eleven rounds that transform the input into the output.
3. Analytical Analysis
This section focuses on 3G authentication and encryption computation time complexity. Before analyzing the encryption and authentication algorithm cryptographic algorithm requirements must be known.
3.1. Encryption
3G encryption uses KASUMI algorithm. KASUMI uses a 128 bit key and block size of 64 bits. The algorithm has 8 distinct steps and 8 rounds [6]. Steps 1 to 8 are functionally identical and are dependent on different portions of input key. Out of 8 steps, in Steps 1,3,5,7 Fodd (I, RKi) = FOi (FL (I, KL ), KOi, KIi) Steps 2,4,6,8 Feven ( I, RKi ) = FLi ( FOi ( I, , KOi, KIi ) , KLi )
3.1.1. FL Function The function FL consists of two XOR (16-bit each), four 16-bit copy, one AND, one OR and two left shifts (cyclic) by one bit each [6]. The input to the function FL comprises a 32-bit data input I and a 32-bit sub key KLi. The sub key is split into two 16-bit sub keys, KLi,1 and KLi,2 where KLi = KL i,1 | KL i,2 . The input data I is split into two 16-bit halves, L and R where I = L | R.
The 32-bit output value is ( Lâ„¢| Râ„¢ ). Where Râ„¢ =R? ROL( L ? KL i,1 ) and Lâ„¢ =L? ROL( R ? KL i,2 ) 3.1.2. FO Function The input to the function FO comprises a 32-bit data input I and two sets of sub keys, a 48-bit sub key KOi and 48-bit sub key KIi [6]. The 32- bit data input is split into two halves, L0 and R0 where I = L0 | R0. The 48-bit sub keys are subdivided into three 16-bit sub keys where KOi = KOi,1 | KOi,2 | KOi,3 and KIi = KIi,1 | KIi,2 | KIi,3 . Then for each integer j with 1 ? ? ? 3 we define: Rj = FI(Lj-1 ? KOi,j , KIi,j ) ? Rj-1 Lj = Rj-1 Finally we return the 32-bit value (L3 | R3). This function consists of six 16-bit XOR, six 16-bit copy and three FI function call.
3.1.3. FI Function The function FI takes a 16-bit data input I and 16-bit sub key KIi,j. The input I is split into two unequal components, a 9-bit left half L and a 7-bit right half R0 where I = L0 | R0. Similarly the key KIi,j is split into a 7-bit component KIi,j,1 and a 9-bit component KIi,j,2 where KIi,j = KIi,j,1 | KIi,j,2 .
The function uses two S-boxes, S7 and S9. It also uses two additional functions which we designate ZE( ) and TR( ).
L1 = R0 R1 = S9[L0] ? Z E(R0)
L2 = R1 ? KIi,j,2 R2 = S7[L1] ? TR(R1) ? KI i,j,1
L3 = R2 R3 = S9[L2] ? Z E(R2)
L4 = S7[L3] ? T R(R3) R4 = R3
The function returns the 16-bit value (L4 | R4).This function consists of three 9-bit XOR, three 7-bit XOR and six 7-bit copy. Two times S9 and S7 mappings respectively, and invokes ZE( ) and TR( ) functions
3.1.4. S-boxes The two S-boxes have been designed so that they may be easily implemented in combinational logic as well as by a look-up table. Both forms are given for each table.
x = x8 | x7 | x6 | x5 | x4 | x3 | x2 | x1 | x0
y = y 8 | y 7 | y 6 | y 5 | y 4 | y 3 | y 2 | y 1 | y 0
where the x8, y8 and x7,y7 bits only apply to S9, and the x0 and y0 bits are the least significant bits. In the logic equations: x0x1x2 implies x0 ? x1 ? x2 where ? ?s the AND operator.
3.1.5. Key Schedule:KASUMI has a 128-bit key K. Each round of KASUMI uses 128 bits of key that are derived from K [6]. Before the round keys can be calculated two 16-bit arrays Kj and Kj™ (j=1 to 8) are derived. The 128-bit key K is subdivided into eight 16- bit values K1¦K8 where K = K1 | K2 | K3 |¦| K8. A second array of sub-keys, Kj™ is derived fro m Kj by applying:
For each integer j with 1 ? ? ? 8 Kjâ„¢= Kj ? Cj where C is the constant value.
Authentication Protocols
This function consists of eight 16-bit XOR, eight 1-bit cyclic left shift, eight 5-bit cyclic left shift, eight 8-bit
cyclic left shift and eight 13-bit cyclic left shift. The extraction of round sub-keys is a 2-D table lookup.
EQUIVALENT SIMPLE
Basic operation
SUMMARY AND CONCLUSION
Encryption consumes significantly more processing resources compared to authentication. The time required for security transformation increases proportionally with the required number of operations, but it also involves the processor capabilities. Since the numbers of operations are greater for encryption then authentication, throughput for encryption is low compared to authentication. Encryption should be used in critical user information not for regular traffic flow. Encryption if needed should be combined with authentication. In this case if the message fails authentication, decryption process is saved (not performed). Further, quantifying the authentication and encryption time will help in improving or generating new protocols for 3G mobile security.
PERFORMANCE ANALYSIS OF 3G PROTOCOL: ENCRYPTION AND AUTHENTICATION
Presented By:
Anita
Rita Mahajan
Dr. Nupur Prakash
ABSTRACT
3G provides two types of security algorithms, KASUMI for encryption and Milenage for authentication. This paper presents performance analysis and comparison between the algorithms in terms of time complexity. Parameters considered are processing power and input size. Security features may have adverse effect on quality of services offered to the end users and the system capacity. The computational cost overhead that the security protocols and algorithms impose on lightweight and users devices is analyzed. The analysis results revealed the effect of authentication and encryption algorithms of 3G on system performance defined in terms of throughput.
1. INTRODUCTION
The Universal Mobile Telecommunication system (UMTS) is a realization of third generation (3G) networks, which intend to establish a single integrated and secure network. Mobile/wireless Internet is becoming available with 3G mobile communication systems. Wireless networks are as such less secure and mobility further adds to security risk. Therefore, it is desirable that 3G is at least as secure as fixed networks. The complete 3G security architecture consists of five major security classes: (i) network access security, (ii) network domain security, (iii) user domain security, (iv) application domain security and (v) visibility and configurability of security .
Security is achieved at the cost of performance degradation; it is critical and fundamental to quantitatively measure overhead caused by various security services.
Network access security is a key component in the 3G security. The class deals with the set of security mechanisms that provide users with secure access to 3G services. Such mechanisms include: (i) user identity confidentiality, ii) authentication and key agreement, (iii) Data confidentiality and (iv) Integrity Protection. In 3G UMTS, encryption is implemented using KASUMI algorithm and authentication is implemented using MILENAGE algorithm.
The rest of this article is organized as follows. 3G security overview is presented in section 2. In section 3, analytical analysis is provided for 3G encryption and authentication algorithms with respect to time complexity. Section 4, provides the throughput of encryption and authentication algorithm. Finally, summary and conclusion are discussed in section 5.
2. 3G SECURITY OVERVIEW
Third generation mobile systems such as UMTS revolutionized telecommunications technology by offering mobile users content rich services, wireless broadband access to Internet, and worldwide roaming. However, the broadcast nature of the wireless communication and increased popularity of wireless devices introduce serious security vulnerabilities. Mobile users and providers must be assured of the correct identity of the communicating party; user and signaling data must be protected with confidentiality and integrity mechanisms.
Encryption and Authentication are the two main security mechanisms in 3G network access securities.
Authentication Protocols
Within the security architecture of the 3GPP system there are two standardized algorithm: a confidentiality algorithm f8, and an integrity algorithm f9 [4]. Each of these algorithms is based on the KASUMI algorithm.
Authentication
The UMTS authentication algorithm consists of seven functions f1,f1*,f2,f3,f4,f5 and f5*. The standardized algorithm set for these seven functions is called MILENAGE [4][8]. MILENAGE has been designed by the experienced group that already designed KASUMI, f8 and f9. For MILENAGE, a specific kernel has to be chosen, and therefore Rijndael was selected [7]. Rijndael is an iterated block cipher with a 128 bit block length and a 128 bit key length. It is composed of eleven rounds that transform the input into the output.
3. Analytical Analysis
This section focuses on 3G authentication and encryption computation time complexity. Before analyzing the encryption and authentication algorithm cryptographic algorithm requirements must be known.
3.1. Encryption
3G encryption uses KASUMI algorithm. KASUMI uses a 128 bit key and block size of 64 bits. The algorithm has 8 distinct steps and 8 rounds [6]. Steps 1 to 8 are functionally identical and are dependent on different portions of input key. Out of 8 steps, in Steps 1,3,5,7 Fodd (I, RKi) = FOi (FL (I, KL ), KOi, KIi) Steps 2,4,6,8 Feven ( I, RKi ) = FLi ( FOi ( I, , KOi, KIi ) , KLi )
3.1.1. FL Function The function FL consists of two XOR (16-bit each), four 16-bit copy, one AND, one OR and two left shifts (cyclic) by one bit each [6]. The input to the function FL comprises a 32-bit data input I and a 32-bit sub key KLi. The sub key is split into two 16-bit sub keys, KLi,1 and KLi,2 where KLi = KL i,1 | KL i,2 . The input data I is split into two 16-bit halves, L and R where I = L | R.
The 32-bit output value is ( Lâ„¢| Râ„¢ ). Where Râ„¢ =R? ROL( L ? KL i,1 ) and Lâ„¢ =L? ROL( R ? KL i,2 ) 3.1.2. FO Function The input to the function FO comprises a 32-bit data input I and two sets of sub keys, a 48-bit sub key KOi and 48-bit sub key KIi [6]. The 32- bit data input is split into two halves, L0 and R0 where I = L0 | R0. The 48-bit sub keys are subdivided into three 16-bit sub keys where KOi = KOi,1 | KOi,2 | KOi,3 and KIi = KIi,1 | KIi,2 | KIi,3 . Then for each integer j with 1 ? ? ? 3 we define: Rj = FI(Lj-1 ? KOi,j , KIi,j ) ? Rj-1 Lj = Rj-1 Finally we return the 32-bit value (L3 | R3). This function consists of six 16-bit XOR, six 16-bit copy and three FI function call.
3.1.3. FI Function The function FI takes a 16-bit data input I and 16-bit sub key KIi,j. The input I is split into two unequal components, a 9-bit left half L and a 7-bit right half R0 where I = L0 | R0. Similarly the key KIi,j is split into a 7-bit component KIi,j,1 and a 9-bit component KIi,j,2 where KIi,j = KIi,j,1 | KIi,j,2 .
The function uses two S-boxes, S7 and S9. It also uses two additional functions which we designate ZE( ) and TR( ).
L1 = R0 R1 = S9[L0] ? Z E(R0)
L2 = R1 ? KIi,j,2 R2 = S7[L1] ? TR(R1) ? KI i,j,1
L3 = R2 R3 = S9[L2] ? Z E(R2)
L4 = S7[L3] ? T R(R3) R4 = R3
The function returns the 16-bit value (L4 | R4).This function consists of three 9-bit XOR, three 7-bit XOR and six 7-bit copy. Two times S9 and S7 mappings respectively, and invokes ZE( ) and TR( ) functions
3.1.4. S-boxes The two S-boxes have been designed so that they may be easily implemented in combinational logic as well as by a look-up table. Both forms are given for each table.
x = x8 | x7 | x6 | x5 | x4 | x3 | x2 | x1 | x0
y = y 8 | y 7 | y 6 | y 5 | y 4 | y 3 | y 2 | y 1 | y 0
where the x8, y8 and x7,y7 bits only apply to S9, and the x0 and y0 bits are the least significant bits. In the logic equations: x0x1x2 implies x0 ? x1 ? x2 where ? ?s the AND operator.
3.1.5. Key Schedule:KASUMI has a 128-bit key K. Each round of KASUMI uses 128 bits of key that are derived from K [6]. Before the round keys can be calculated two 16-bit arrays Kj and Kj™ (j=1 to 8) are derived. The 128-bit key K is subdivided into eight 16- bit values K1¦K8 where K = K1 | K2 | K3 |¦| K8. A second array of sub-keys, Kj™ is derived fro m Kj by applying:
For each integer j with 1 ? ? ? 8 Kjâ„¢= Kj ? Cj where C is the constant value.
Authentication Protocols
This function consists of eight 16-bit XOR, eight 1-bit cyclic left shift, eight 5-bit cyclic left shift, eight 8-bit
cyclic left shift and eight 13-bit cyclic left shift. The extraction of round sub-keys is a 2-D table lookup.
EQUIVALENT SIMPLE
Basic operation
SUMMARY AND CONCLUSION
Encryption consumes significantly more processing resources compared to authentication. The time required for security transformation increases proportionally with the required number of operations, but it also involves the processor capabilities. Since the numbers of operations are greater for encryption then authentication, throughput for encryption is low compared to authentication. Encryption should be used in critical user information not for regular traffic flow. Encryption if needed should be combined with authentication. In this case if the message fails authentication, decryption process is saved (not performed). Further, quantifying the authentication and encryption time will help in improving or generating new protocols for 3G mobile security.