New Practical Attacks on GEA-1 Based on a New-Found Weakness
GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2024-01-01
|
| Series: | IET Information Security |
| Online Access: | http://dx.doi.org/10.1049/2024/6674019 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to 2−7.30, which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of 221.02 GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices. |
|---|---|
| ISSN: | 1751-8717 |