BREAKING THE GSM A5/1 CRYPTOGRAPHY ALGORITHM WITH RAINBOW TABLES AND HIGH-END FPGAS

Maria Kalenderi1, Dionisios Pnevmatikatos1, Ioannis Papaefstathiou2, Charalampos Manifavas3

Microprocessor and Hardware Laboratory ECE Department, Technical University of Crete Chania, Crete, Greece [email protected], [email protected]
2 1

Applied Informatics & Multimedia Dept. Technological Educational Institute of Crete Heraklion, Crete, Greece [email protected]

Synelixis Solutions Ltd Farmakidou 10 Chalkida, Greece [email protected]

ABSTRACT A5 is the basic cryptographic algorithm used in GSM cellphones to ensure that the user communication is protected against illicit acts. The A5/1 version was developed in 1987 and has since been under attack. The most recent attack on A5/1 is the A51 security project, led by Karsten Nohl that consists of the creation of rainbow tables that map the internal state of the algorithm with the keystream. Rainbow tables are efficient structures that allow the tradeoff between run-time (computations performed to crack a conversation) and space (memory to hold pre-computed information). In this paper we describe a very effective parallel architecture for the creation of the A5/1 rainbow tables in reconfigurable hardware. Rainbow table creation is the most expensive portion of cracking a particular encrypted information exchange. Our approach achieves almost 3000x speedup over a single processor, and 2.5x speedup compared to GPUs. This performance is achieved with less than 5 Watt power consumption, achieving an energy efficiency in the order of 150x better that the GPU approach. 1. INTRODUCTION Cell-phone security and call privacy in an everyday issue for many people. To ensure protection against eavesdroppers in user communication GSM cell-phones employ a set of cryptography algorithms and protocols to provide authentication and encryption. The encryption algorithm used in GSM phones to protect the actual communication transmission is the A5/1. As it is usually the case with all encryption algorithms, the A5/1 algorithm has been under attack since its introduction. The actual algorithm has never been published, and the first pieces of information appeared in 1994 [16][2]. In 1999 the algorithm was reverse engineered from actual GSM equipment by Briceno, Goldberg, Wagner [6]. Since then several attacks have been published.

The general idea of an attack it to determine the encryption key for a particular piece of encoded information (transmission in this case). Then, the progress of the encryption process can be followed, and effectively all information after that point can be decrypted. Breaking a cryptographic algorithm is basically the computation of the inversion of the one-way function used in that particular algorithm. If a cryptographic function leads to an n-bit result, there are two straightforward methods: a) an exhaustive search can be performed computing an average of 2n1 values until the target is reached, b) 2n input and output pairs can be pre-computed and stored in a table. In order to invert a particular value, we just look up the preexisting image in the table; in this case the inverting function requires only a single lookup. A space time tradeoff exists between these two extremes. For example of n is large, computing but also storing the 2n table is impractical. The storage requirements can be reduced if we either accept that not all instances of encrypted texts can be decrypted, or if we add more computation to generate additional entries that for practical reasons cannot be actually stored in the table. Hellman [11] was the first to explore this tradeoff, followed by Oechslin [3][14] that extended Hellmans work and proposed Rainbow Tables, which are utilized in the pre-computation task of the algorithm. In this paper we exploit (a) the parallelism in the creation of rainbow tables and (b) the structure of reconfigurable logic to propose an architecture that provides high bandwidth in generating rainbow table entries. We implement our architecture on a high-end FPGA device; our implementation results clearly demonstrate that our approach is almost 3000 times faster than the corresponding software. Furthermore, our highly parallel architecture is very power and energy efficient compared to both microprocessors and GPUs, scales very well, and can be efficiently utilized in the future generations of the even larger reconfigurable devices.

2. DESCRIPTION OF THE A5/1 STREAM CIPHER A5/1 is a stream cipher whose keystream generator produces according to a key and a frame counter a sequence of pseudo-random bits, the keystream. The 64-bits key, denoted Kc, is extracted from the A8 algorithm and its 10 least significant bits are usually set to zero. The 22-bits frame counter, denoted Fn, is a value produced by the frame number, which is assigned in every frame in GSM. A frame comprises of 8 bursts with each one lasting 0.5769 ms and therefore the frame counter is renewed approximately every 4.615 ms. Internally the generator consists of three Linear Feedback Shift Registers (LFSR) R1, R2,R3 which are clocked either regularly or according to the clock rule described below. All three registers are maximum length and table 1 represents their primitive feedback polynomials, their periods and their tap positions. The clocking rule of the LFSRs works as follows: The clocking bits of each LFSR C1,C2,C3 are respectively the bits 8,10,10 of R1,R2,R3 starting from 0. The values of these bits are compared and the LFSRs whose clocking bit agrees with the majority are clocked. Therefore at each clock cycle either two of the LFSRs are clocked or all three of them.
Register Length Perio d Primitive Polynomial
19 2 5

1). The first 114 bits form BLOCK1 and the subsequent 114 bits form BLOCK2. BLOCK1 and BLOCK2 are combined by XOR with the 114-bits plaintext and the 114-bits ciphertext to be used as follows: on the mobile station side BLOCK1 is used for encrypting on the uplink and BLOCK2 for decrypting on the downlink, and on the network side BLOCK1 is used for decrypting on the uplink and BLOCK2 for encrypting on the downlink. Plaintext is organized into blocks of 114 bits as a result of the technique of TDMA.

C1 R1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 C2
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

keystream

R2

C3 R3 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

Clock -ing bit

Tap positi ons

Clock Rule = maj(C1,C2,C3) Figure 1: A5/1 design with registers R1, R2 and R3
1. RELATED WORK Cryptanalysis is indispensable part of the strength of a cryptographic algorithm. Although not being published, the first information about the design of A5/1 appeared in 1994 [16][2], as well as an attack on alleged A5/1 [9], followed by the algorithm being reverse engineered from actual GSM equipment by Briceno, Goldberg, Wagner in 1999 [6]. Since then several attacks have been published with few examples being those by Eli Biham, Orr Dunkelman [4], by Biryukov, Shamir, Wagner [5], by Keller, Seitz [12], and by Gendrullis, Novotny, Rupp [8]. The most recent attack, on which our implementation is based on, is Karsten Nohls A5/1 Security Project [1]. The project aimed at generating a set of rainbow tables that can crack any conversation. Constructing of the tables was implemented in specialized processors such as in GPUs and PS3 cell and they have a total size of approximately 2 Terabyte. COPACOBANA, the Cost-Optimized Parallel COde Breaker, is a large scale FPGA-based parallel machine optimized for running cryptanalytical algorithms [10]. It is using 120 FPGA chips and is has been used for DES cracking using a brute-force, exhaustive key search. It has also being used for space-time approaches, but as a complete system, with little information revealed on individual functions. [10] offers a short discussion of their approach on A5/1 using rainbow tables using a similar approach for parallelism. However, their system is based on multiple 2

R1 R2 R3

19 22 23

219-1 222-1 2 -1
23

x +x + x +x+1
22

8 10 10

18,17 16,13 21,20 22,21 20,7

x +x+1
23 2 15

x +x +

x +x+1 Table 1: Parameters of the LFSRs of 5/1 The keystream is produced by performing the following steps [5]: 1. The LFSRs are zeroed and then Kc is loaded. This process requires 64 clockings of the registers; at each one of them every bit of Kc (from lsb to msb) is XORed with the lsb bit of the registers. 2. The same process is then followed for Fn which is loaded into the registers during the following 22 cycles, at the end of which the registers contain what is called the initial state of the algorithm. 3. The clock rule is then enabled and all three registers are clocked for 100 clock cycles during which the output is discarded. 4. In the final step of the algorithm the registers are clocked 228 cycles with the clock rule enabled, leading to two 114-bits keystream sequences. Each keystream bit is generated by XORing the most significant bits of the three LFSRs at each clock cycle (shown in Figure

FPGA devices and they report the entire breaking process varying the quality (coverage) of the produced tables, so it is difficult to extract the creation cost to directly compare with our approach and results. 2. TIME-MEMORY TRADE-OFF AND RAINBOW TABLES Time-memory tradeoff (TMTO) attack was first introduced in 1980 by Hellman [11] and since then has gone through many improvements with the most significant being the ones proposed by Rivest (as reported in [7]) and Oechslin [14]. Time-memory tradeoff attack consists of two stages, the precomputation and the real-time attack stage. The precomputation stage is time consuming and results in a table which contains pairs of keys (or internal states)keystream, whereas the real-time stage is completed usually in a short time and yields the corresponding key (internal state) of a given keystream. The table (or tables) is formed by the construction of chains of length t and the table size is m x t, where m is the number of startpoints. Startpoints (SPs) theoretically cover the keyspace and they are the input to a function f. The output of f is fed back to f t times and the last point forms the endpoint (EP) of each chain. Intermediate points are discarded and only SPs and EPs are stored to the memory. The operation of f is f()= R [SK (P0)] [11], where SK is the function of the cryptographic algorithm seeded by a key K, P0 is a plaintext and R is a reduction function. At the stage of real-time attack, given a plaintext P0, or a ciphertext C0 (where C0 = SK (P0)), Y1 is computed Y1=R(C0)=f() and checked if it exists in the table as an endpoint. If it exists then the chain is recomputed and the penultimate point is checked if it comprises the requested key. If Y1 doesnt exist as an endpoint then Y2=f(Y1) is calculated and checked if it is an endpoint and so forth with all Yt =f(Yt-1). In 1982 Rivest [7] suggested the use of distinguished points (DP); that means stored points satisfy a specific condition such as the last bits being zeroed. This improvement reduces by a significant margin the lookup operations required for a hit. In 2003 Philippe Oechslin [14] introduced rainbow tables, a variation of the original time-memory tradeoff by Hellman. The basic idea is the use of multiple round functions R. Given the fact that in every step corresponds a different Ri, where 1 i t-1 and consecutively a different function fi , 1 i t-1 where t represents the length of the chains, the possibility of merges is decreased (possibility of merge 1/t at a collision). Also decreased are the lookups in a table (by a factor t) and the calculations required to find a key (by a factor 2). In the A5/1 Security project the time-memory tradeoff method is a rainbow table combined with distinguished

points, in a way that R changes whenever a DP is found as well as the endpoint is DP. One of the table designs utilized by Karsten Nohl, and the one that is implemented in this paper, has the format of 15-bits wide DPs and 32 round functions. The first column of the table is made of 64-bit startpoints which are the initial state of the algorithm, meaning the internal state of the registers after Kc and Fn have been loaded. The second column is a 64-bit keystream that is produced by the procedure of the algorithm on the corresponding initial state. So the table lookup process gives the internal state before the 100 clockings and then backclocking in the simple mode, without the clock rule enabled, is needed to remove the frame counter. Once the internal state after loading Kc is retrieved, it is meaningless to backclock more because whats necessary is solely this state of the registers to decrypt the whole conversation, given the known plaintext and thus known keystream.

SP

f0

DP

f1

DP

f2

DP

f3-f29

DP

f30

DP

f31

EP

Figure 2: Rainbow Table structure In this paper the implementation is based on the theoretical background provided by the A5/1 Security project. The structure of the tables is based on the computation of the chains and storing of their startpoints and endpoints to pairs. The fundamental parts needed for the computation of the chains are the 5/1 machine and the functions R. The 5/1 machine basically operates by clocking forward the LFSRs R1, R2, R3 for 64 clock cycles with the clock rule enabled. The functions R consist of the operation XOR with different 64-bits pseudo-random values produced by clocking 64* times a 64-bit wide LFSR, where is the current round of the procedure (132). Basically the functions R are round functions and not reduction, since resizing is not a necessity because the 5/1 machines output and the internal state of the algorithm are both equal in the length of 64 bits.

input 64 bits

Round Function lfsr64 values 64bits

clk reset

count 32 rounds

64bits A51 module

0 outputDP

fsm

reset a51 enable a51

validDP done last 15 bits

Comparator 15dp

is_DP

Figure 3: Procedure for the calculation of a chain array and drawn according to a counter that marks each round. The result of the operation XOR of the 5/1 module and the value of the RF that maps the first round is checked through the functionality of a comparator whether it satisfies the DP condition, that is if the last 15 bits are zero. Fsm takes hold of the comparators output and decides for the following step of the execution. If the result is not DP, then it is refed like a new SP to the 5/1 module and the same process through the modules with the same value of round function is repeated until the result is a DP. As soon as this DP is found, it consists the first chain link and the procedure is iterated by changing the round function value to map the next rainbow table color, until all 32 values have been used to calculate all DP chain links. In the end of all the rounds a signal done is activated and the last result is stored as the EP. Due to the parallelization supported in hardware, multiple chains are calculated simultaneously to form a table. The overall architecture is depicted below. Demultiplexer is used to face the problem of IOBs; at each cycle it takes as input a SP of 64 bits and gives as output an array of 64-bits entries and size equal to the number of instances. The cycles spent for the operation of the demultiplexer are negligible compared to the total number of cycles of the implementation. Then the array is loaded to the registers and all values are loaded at the same time in the subunits chains. Apart from the timing use, registers serve as factors that reduce the time spent to route the signals for the step of synthesize.

Construction of the chains is conducted as follows: each SP is fed to the 5/1 machine and the 64-bit output is XORed with the first value of R. If the result is a distinguished point then it forms the first after the SP chain link and the process moves to find the next link. If it doesnt satisfy the DP condition then the result after the XOR is reloaded into the 5/1 machine and the same procedure is followed until a DP is found. The chain is completed once the DP that forms the endpoint is retrieved after the last R. Intermediate links are then discarded and only the pairs of SPs-EPs are stored in the table.

3. ARCHITECTURE AND IMPLMENTATION The procedure followed for the construction of a chain is shown concisely in figure 3 and is described below: SP enters the 5/1 module where it is divided to 3 parts and fed to the LFSRs, meaning that bits 63-45 are loaded to R1, bits 44-23 to R2 and bits 22-0 to R3. R1, R2, R3 are Fibonacci LFSRs and their feedback gate type is XOR. An fsm inside the 5/1 module performs the 64 clockings with clock rule enabled and the bits produced by XORing the 3 most significant bits make up a 64-bit signal. This signal is then XORed with the 64-bits value coming from RF module which implements the operation of the round function. The values that are XORed at each round are produced by a maximum length 64-bit Fibonacci LFSR with feedback gate type XNOR. To reduce the required resources and runtime, the values are precomputed into an

EP1 64bits reg1 64bits EP2 64bits SP 64bits demux 64bits reg2 SP2 64bits chain2 done2 SP1 64bits chain1 done1

concat 128bits 128bits concat 128bits MEM 128x65536 128x2^16

sel

64bits EP3 64bits reg3 SP3 64bits chain3 done3

concat doneall control AND

addr

Figure 4: Creation of a Rainbow table using 3 parallel chains The completion of each chain asserts its done signal and when all of them are finished signal doneall asserts the we signal for the memory. The memory used is a Block RAM of depth 216 = 65536 and 128 bits wide since every address holds the concatenation of SP (64 bits)-EP (64 bits). Block RAM was selected over Distributed RAM because it is more suitable and efficient for large sized memories. In this way SPs for each table are inserted incrementally as part of an arithmetic progression. This serves the fact that the tables must cover the wider width possible of all possible initial states. 4. EXPERIMENTAL EVALUATION The FPGA used for the implementation is Virtex-5 XC5VLX330T. The numbers of parallel chains that were implemented are 10, 128, 181, 200, 250, 300 with the maximum one, according to the recourses occupied in the particular FPGA, being 345. The implementation operates for one instance at maximum frequency 178 MHz, ~150MHz for 256 instances and at 146MHz for 345 instances. Tables 2, 3 depict the speedup and comparatively the runtime for the table calculation in hardware and in software for the numbers of parallel instances implemented up to 345. For the hardware part, time was calculated by the results of simulation and place and route. For the software part, Intel VTune Performance Analyzer 9.1 was used in Windows XP environment with Pentium 4 3.01 GHz processor. The codes used are in C++ language and they do not include any printing command. For the hardware implementations with multiple parallel instances, the total number of cycles to complete the procedure is equal to the cycles needed to calculate the longest chain. The clock period is only slightly increased as the number of chains increases and consecutively performance increases rapidly as the parallelism prevails. At 345 parallel instances, FPGA implementation of the rainbow table is 2824x faster than software implementation for the same startpoints. Figures 5 and 6 show this vast difference; indeed for 10 instances completion time in hardware is 614 ms, while in software 1.19 minutes and for 200 instances hardware time is 796 ms compared to 22.56 minutes in software. For 345 instances hardware time is a mere 830 ms against the 39.1 minutes of software. SPs #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 Total time Vtune in seconds 6,26 9,14 5,92 8,69 6,30 6,18 6,17 8,85 8,60 5,93 Total time FPGA in ms 375 563 355 531 376 369 369 536 527 362 Speedup (x times) 16,67 16,22 16,63 16,34 16,73 16,70 16,70 16,50 16,31 16,34

Table 2: Total execution time comparison for 10 different start points (SPs) for one chain # of instances 10 128 181 200 256 300 345 Total time Vtune in seconds 71,44 870,00 1217,80 1353,66 1670,04 2036,73 2346,70 Total time FPGA in ms 614,40 817,27 832,71 796,72 812,40 801,58 830,76 Speedup (x times) 116 1064 1462 1699 2055 2540 2824

Table 3: Total execution time comparison for 10, 128, 181, 200, 256, 300 and 345 parallel instances

Figure 5 Algorithm execution time in hardware and software same code and result quality, and roughly comparable with faster GPUs running a faster but lower quality software approach. Furthermore, the power consumption of a GTX 280 or a HD5870 card at full load is about 250 Watt while the power consumption of our FPGA is only 4.2 Watt. Combining the advantage in speed with the advantage in power consumption we find that for the same results, our approach requires about 150 times less energy that a GPU for equal quality results. 5. CONCLUSIONS An FPGA architecture was presented for the implementation of rainbow tables aimed at breaking the algorithm 5/1. Given 64 consecutive bits of a ciphertext, time-memory tradeoff attack retrieves the initial state of the algorithm and allows deciphering of a message, and furthermore deciphering of a conversation. We found that the creation of rainbow tables in hardware is -as expected- exceedingly faster than their creation on a PC. We achieved the parallel calculation of 345 specific chains which on a workstation requires 39.1 minutes whereas in this implementation in hardware only 830 ms are needed. Put in other words, a single FPGA device achieves speedup of almost 3000 times. Larger FPGA devices can achieve even greater throughput, while the processing can be split to other FPGA boards (much like the COPACOBANA approach) to achieve even greater performance. Our approach is also 2.5 times faster than an optimized GPU implementation of the same code and result quality, while it operates at sixty times less power. The overall energy efficiency of our approach is about 150 times better than that of a GPU.

Figure 6 Speedup obtained for table calculation in hardware versus software Comparison with GPU performance Our full-sized architecture with 345 modules is able to produce 415 chains/second (we compute 345 chains every 830 ms). Published results for the A5 Security Project show that the original rainbow generation code runs on a GTX 260 at a speed of 162 chains per second [15]. The current state of the art approach is to use a modified software code that runs much faster but produces lower quality tables (i.e. trades coverage for speed). With the modified code, more powerful GPUs (GTX280 and ATI HD5870) can produce up to 500 chains per second while a PS3 can produce 120 chains per second [13]. According to these figures, our approach is about 2.5 times faster than a GTX 260 on the

ACKNOWLEDGEMENTS This is partly funded by A Highly Efficient Adaptive multiProcessor framework research project (HEAP, project number: 247615), within the Seventh Framework Program and financed by Community Funds, and by Increasing EU citizen security by utilizing innovative intelligent signal processing systems for euro-coin validation and metal quality testing research project (SAFEMETAL, project number: 262558), implemented within the Seventh Framework Program and financed by Community Funds. REFERENCES
[1] A5/1 Security Project.2009 http://reflextor.com/trac/a51/wiki, http://opensource.srlabs.de/, http://events.ccc.de/congress/2009/Fahrplan/attachments/151 9_26C3.Karsten.Nohl.GSM.pdf, http://events.ccc.de/congress/2009/Fahrplan/events/3654.en. html R. Anderson, M. Roe.1994. Subject: A5 (Was: HACKING DIGITAL PHONES). Message at sci.crypt, alt.security, uk.telecom. http://groups.google.com/group/uk.telecom/msg/ba76615fef 32ba32 G. Avoine, P. Junod, and P. Oechslin, Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables, ACM Transactions on Information and System Security vol. 11, no 4, pp. 1-22, July 2008. Eli Biham, Orr Dunkelman.2000. Cryptanalysis of the A5/1 GSM Stream Cipher. PROGRESS IN CRYPTOLOGY INDOCRYPT 2000, Lecture Notes in Computer Science,Volume 1977/2000,43-51 Alex Biryukov, Adi Shamir, David Wagner. Real Time Cryptanalysis of A5/1 on a PC. Fast Software Encryption Workshop 2000, New York City

[6]

[7] [8]

[9]

[10]

[11]

[2]

[12] [13]

[3]

[14]

[4]

[15] [16]

[5]

Marc Briceno, Ian Goldberg, David Wagner. A pedagogical implementation of the GSM A5/1 and A5/2 voice privacy encryption algorithms, 1998-1999. http://www.scard.org/gsm/a51.html D.E. Denning. Cryptography and Data Security. AddisonWesley Publishing Company, 1982. Timo Gendrullis, Martin Novotn, Andy Rupp. A RealWorld Attack Breaking A5/1 within Hours. In 10th Workshop on Cryptographic Hardware and Embedded Systems - CHES 2008, volume 5154 of Lecture Notes in Computer Science, pages 266282. Springer-Verlag Jovan Dj. Goli. 1997. Cryptanalysis of Alleged A5 Stream Cipher. ADVANCES IN CRYPTOLOGY -EUROCRYPT 97, Lecture Notes in Computer Science, Volume 1233/1997, 239-255. Springer-Verlag Tim Guneysu, Timo Kasper, Martin Novotny, Christof Paar, and Andy Rupp, Cryptanalysis with COPACOBANA, IEEE Transactions on Computers, Nov. 2008, Volume 57, no 11, pp. 1498-1513. M. E. Hellman. A Cryptanalytic Time-Memory Tradeoff. IEEE Transactions on Information Theory. Vol. 26, pp. 401-406, 1980. Jrg Keller, Birgit Seitz. A Hardware-Based Attack on the A5/1 Stream Cipher, APC, 2001. Karsten Nohl, Chris Paget, GSM SRSLY?, 26th Chaos Communication Congress (26C3), December 2009, Berlin, http://www.cecm.sfu.ca/~lisonek/cryptography/Karsten.Nohl .GSM.pdf Philippe Oechslin. Making a Faster Cryptanalytic TimeMemory Trade-Off. CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA. 2003. Lecture Notes in Computer Science. Volume 2729/2003, 617-630, Springer http://reflextor.com/trac/a51/wiki/A51FAQ S. B. Xu, D. K. He, X. M. Wang. An Implementation of the GSM General Data Encryption Algorithm A5. CHINACRYPT 94, Xidian, China, pp. 287 -291 (in Chinese), 1994.