This is an old revision of this page, as edited by Bomazi (talk | contribs) at 19:48, 15 May 2012. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 19:48, 15 May 2012 by Bomazi (talk | contribs)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)COMP128 is an implementation of the A3 and A8 algorithms defined in the GSM standard. A3 is used to authenticate the mobile station to the network. A8 is used to generate the session key used to encrypt the data exchanged between the mobile station and the BTS.
The algorithm was originally confidential. A partial description was leaked in 1997 and completed via reverse engineering.
The core of COMP128 is a hash function with a 256 bits input and a 128 bits output. This function has nine rounds and a butterfly structure.
Security
COMP128 is considered unsafe because small changes in the hash input are not sufficiently dispersed. Due to the birthday problem, the system can be exploited to, for example, extract the SIM card's key.
References
- Brumley, Billy (2004), A3/A8 & COMP128 (PDF)
External links
- "Sicherheit Mobiler Systeme" - Prof. Dr. Hannes Federrath - Lehrstuhl für Management der Informationssicherheit - Uni Regensburg (PDF-Datei; 8,17 MB)
- Angriff von Briceno, Goldberg und Wagner
- HP00 Reducing the Collision Probability of Alleged Comp128 von H.Handschuh, P.Paillier, Springer-Verlag 2000 (PDF-Datei; 82 kB)
- Chaos Computer Club zur Angriffsmöglichkeit