Skip to main content
SpringerLink
Log in

Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Shankar P M. Introduction to Wireless Systems. Wiley, 2002.

  2. Sauter M. From GSM to LTE: An Introduction to Mobile Networks and Mobile Broadband (1st edition). Wiley, 2011.

  3. Bertoni G, Daemen J, Peeters M, van Assche G. Keccak. In Proc. the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2013, pp.313-314.

  4. Steele R, Lee C C, Gould P. GSM, cdmaOne and 3G Systems (1st edition). Wiley, 2001.

  5. Mangard S, Oswald E, Popp T. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2007.

  6. Rao J R, Rohatgi P, Scherzer H, Tinguely S. Partitioning attacks: Or how to rapidly clone some GSM cards. In Proc. the 2002 IEEE Symposium on Security and Privacy, May 2002, pp. 31-41.

  7. Zhou Y, Yu Y, Standaert F X, Quisquater J J. On the need of physical security for small embedded devices: A case study with COMP128-1 implementations in SIM cards. In Proc. the 17th International Conference on Financial Cryptography and Data Security, April 2013, pp.230-238.

  8. Liu J, Yu Y, Standaert F X, Guo Z, Gu D, Sun W, Ge Y, Xie X. Small tweaks do not help: Differential power analysis of MILENAGE implementations in 3G/4G USIM cards. In Proc. the 20th European Symposium on Research in Computer Security, September 2015, pp.468-480.

Download references

Author information

Authors and Affiliations

  1. School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China

    Chi Zhang, Jun-Rong Liu, Da-Wu Gu, Xiang-Jun Lu, Zheng Guo & Hai-Ning Lu

  2. ZhiXun Crypto Testing and Evaluation Technology Co., Ltd., Shanghai, 200240, China

    Jun-Rong Liu & Zheng Guo

  3. Crypto Group, Electrical Engineering Department, Institute of Information and Communication Technologies, Catholic University of Louvain, B-1348, Louvain-la-Neuve, Belgium

    Wei-Jia Wang

  4. Shanghai Viewsource Information Science and Technology Co., Ltd, Shanghai, 200240, China

    Hai-Ning Lu

Authors
  1. Chi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun-Rong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Da-Wu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei-Jia Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiang-Jun Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zheng Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Hai-Ning Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Da-Wu Gu.

Electronic supplementary material

ESM 1

(PDF 561 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, C., Liu, JR., Gu, DW. et al. Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks. J. Comput. Sci. Technol. 34, 1079–1095 (2019). https://doi.org/10.1007/s11390-019-1961-5

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-019-1961-5

Keywords

Search

Navigation