International Journal of Network Security, Vol.20, No.5, PP.890-897, Sept. 2018 (DOI: 10.6633/IJNS.201809 20(5).10) 890 Application of FSM Machine and S-Box in KASUMI Block Cipher to Improve Its Resistance Against Attack Raja Muthalagu and Subeen Jain (Corresponding author: Raja Muthalagu) Department of Electrical and Electronic Engineering, Birla Institute of Technology and Science, Pilani 345055 Dubai International Academic City, Dubai, United Arab Emirates (Email: [email protected]) (Received July 2, 2017; revised and accepted Oct. 22 & Nov. 5, 2017) Abstract to provide end-to-end secure transmission of data among various users. It poses a challenge for designers to design In this paper, modifications in the original KASUMI block highly secure and attack-resistant algorithm for encryp- cipher is proposed by introducing a finite-state machine tion of data. (FSM) and substitution box (S- box) to provide better The KASUMI block cipher is used for providing en- confidentiality and integrity function in global system for cryption services in mobile networks like GSM, universal mobile communications (GSM) and 3G networks. The mobile telecommunications system (UMTS) and general FSM constitute the nonlinear combiner of SNOW 3G packet radio service (GPRS). In UMTS, KASUMI is used block cipher and it uses two S-box to provide strong dif- in the confidentiality (f8) and integrity algorithms (f9) fusion. The addition of FSM in KASUMI is introducing with names UEA1 and UIA1, respectively. In GSM, KA- the non-linearity in output bits and it will increase the SUMI is used in the A5/3 key stream generator and in complexity for an attacker to make an attack. Also, few GPRS in the GEA3 key stream generator. The KASUMI changes are made in a KI and KL keys that are used in is evolved from MISTY1 algorithm to provide users safe a different rounds of KASUMI to prevent various attacks and secure way for exchange of data. The KASUMI is a such as a rectangle attack, sandwich attack, single key slightly modified version of MISTY1. And it provides easy attack, etc. The simulation results show the performance hardware implementation that meets security require- improvement of the proposed modified KASUMI design is ment of 3G mobile communications. In [3, 4, 11, 12, 14] compared with the conventional KASUMI in terms both attacks related to KASUMI were discussed which indicate the encryption speed and encryption time taken. that KASUMI is weak algorithm. Though these attacks Keywords: Finite-state Machine (FSM); KASUMI; S- were very powerful and posed a threat on it, they were not box; SNOW-3G considered due to impractical assumptions made as sug- gested in [11] by 3GPP society and thus, inapplicable to real-life attack on full KASUMI. But as there are chances 1 Introduction of these or other attacks related to them being carried out practically, new algorithms are designed and worked The rapid growth of mobile communications has increased upon to provide high confidentiality and security of data. the requirement of having secure network/communication The experimental study of the obtained encryptor from between the users. Multiple ways of attacking or hacking various researchers are demonstrated its effectiveness in a network are used by attackers. As the wireless mode of protecting from many existing types of attacks aimed at communications provides feasibility and ease to the users, block cipher algorithms [13]. Also Reference [10] present a the security of information being exchanged within two new concept called a certificateless key insulated encryp- users or group of users is always at threat. Many algo- tion scheme (CL-KIE). rithms have been proposed which are used for different In this paper, it proposed the modified KASUMI block encryption purposes [5, 6, 16]. Some have proved resis- cipher to improve its resistance against attack. The tant towards attacks while some have high security issues SNOW-3G block cipher is a another encryption algo- with them and hence, proved as weaker one by attack- rithm for mobile networks and the concept of SNOW-3G ers. For having secure network, encryption services and is widely used in our proposed method. The SNOW-3G algorithms involved need to be robust and secure enough is used as UEA2 and UIA2 algorithm for providing con- International Journal of Network Security, Vol.20, No.5, PP.890-897, Sept. 2018 (DOI: 10.6633/IJNS.201809 20(5).10) 891 L R fidentiality and integrity in 3rd Generation Partnership 0 64 0 32 16 Project (3GPP) [7, 8]. It is seen as strong enough for car- 32 32 16 16 9 7 KL KO , KI KO rying any attack as it has Rijndael's SR box and SQ box 1 1 1 i,1 S9 KI and LFSR. It also uses three 32-bit registers R1, R2, R3 FL1 FO1 FIi1 i,1 zero-extend and 16 s-boxes and each having capacity to hold 32-bits. KO 2, KI 2 KL 2 S7 As suggested in [9] inclusion of R3 had increased resis- KO i,2 FO2 FL2 truncate tance of SNOW-3G towards algebraic attacks along with FIi2 KI i,2 KI KI use of two S-box, and it can be used strengthen the pro- i,j,1 i,j,2 KL KO , KI posed modified KASUMI. The FSM is known to provide 3 3 3 FL3 FO3 KO resistance towards differential and linear attack and, alge- i,3 S9 KI zero-extend braic attack as it uses S and S 32-bit boxes along with FIi3 i,3 1 2 KO 4, KI 4 KL 4 three registers R1, R2, and R3. The proposed KASUMI FO4 FL4 is using a part of SNOW-3G security module which are S7 FSM machine and two S-boxes. We have taken into use truncate KL KO , KI three 32-bit Shift Registers two of them providing input 5 5 5 to FSM. Besides introducing SNOW-3G, small change in FL5 FO5 KL keys of 1st and 8th round as well as change in KI keys Fig.2: FO Function Fig.3: FI Function KO 6, KI 6 KL 6 is also made which is discussed in further section of paper. 32 FO6 FL6 This paper is organized in following way: Section 2 16 16 KL gives briefly an overview of KASUMI. Different functions i,1 KL 7 KO 7, KI 7 and keys used in each rounds for their respective func- FL7 FO7 KL tions are described. Section 3 contains brief descrip- i,2 tion of SNOW-3G and describes about its two modules KO 8, KI 8 KL 8 LFSR and, FSM. Functioning of initialization and key- FO8 FL8 stream mode for generation of key-stream is also dis- cussed. Section 4 discusses about our proposed work re- bitwise AND operation bitwise OR operation lated to changes in KASUMI. Section 5 provides results of L8 R8 one bit left rotation our work done. Finally conclusions are given in Section 6. C Throughout this paper, ⊕ stands for EX-OR operation, Fig. 1: KASUMI Fig.4: FL Function k stands for Concatenation operation and is addition modulo 223. Figure 1: The original KASUMI algorithm, FO, FI and FL functions. 2 Overview of KASUMI KASUMI is modified form of cipher algorithm MISTY1. It is Fiestel network of 8-rounds taking input of 64-bit Input is divided in two 16-bit values, L (left) and R and giving output of 64-bit by using 128-bit key for each (right) as given below: round. Functions of KASUMI are FI, FO and FL func- 0 tions performed by them are completely different from R = R ⊕ ROL(L \ KLi;1) 0 each other and they use key values for doing their oper- L = L ⊕ ROL(R \ KLi;2) ations. The key values are KI for FI function, KO for 0 0 FO function and, KL for FL function for all 8 rounds. R and L are each 16-bit values obtained after performing Figure 1 provides Fiestel structure of 8-round KASUMI operations on R and L. These values obtained are then algorithm [2]. For odd numbered rounds, function FL concatenated to make 32-bit output. comes before FO, FI functions while in even numbered rounds, FO, FI comes before FL function. Brief descrip- tion of three functions of algorithm is given below along 2.2 FO Function with key-value operations done in them. This function has three rounds of operation as shown in Figure 1. It first takes 32-bit input, divides it in two 2.1 FL Function equal 16-bit values and, performs operation on it using This function has two rounds of operation as shown in 48-bit key KO and, another 48-bit sub-key KI used in FI Figure 1 It takes 32-bit input and performs operation on function. Figure for FO function is shown in Figure 1. it using 32-bit key, KL, to produce 32-bit output. Key, The 48-bit sub-keys are subdivided into three 16-bit sub- KL, is divided in two 16-bit values for each of the two keys where: rounds as shown below: KOi = KOi;1kKOi;2kKOi;3 KLi = KLi;1kKLi;2 KIi = KIi;1kKIi;2kKIi;3 International Journal of Network Security, Vol.20, No.5, PP.890-897, Sept. 2018 (DOI: 10.6633/IJNS.201809 20(5).10) 892 For each integer j (number of rounds within FO) with 1 ≤ j ≤ 3, Rj and Lj are given as: -1 s15 s11 s5 s2 s1 s0 Rj = FI(Lj−1 ⊕ KOi;j; KIi;j) ⊕ Rj−1 FSM Lj = Rj−1 ⊞ We then, return the 32-bit concatenated value obtained S1 S2 R1 R2 R3 (L3kR3) after completion of FO function.