New Practical Attacks on GEA-1 Based on a New-Found Weakness
GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2024-01-01
|
| Series: | IET Information Security |
| Online Access: | http://dx.doi.org/10.1049/2024/6674019 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558673610670080 |
|---|---|
| author | Zheng Wu Lin Ding Zhengting Li Xinhai Wang Ziyu Guan |
| author_facet | Zheng Wu Lin Ding Zhengting Li Xinhai Wang Ziyu Guan |
| author_sort | Zheng Wu |
| collection | DOAJ |
| description | GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to 2−7.30, which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of 221.02 GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices. |
| format | Article |
| id | doaj-art-9e31f9709c654d18aa7d7bb4bbb08527 |
| institution | Kabale University |
| issn | 1751-8717 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-9e31f9709c654d18aa7d7bb4bbb085272025-02-03T01:31:53ZengWileyIET Information Security1751-87172024-01-01202410.1049/2024/6674019New Practical Attacks on GEA-1 Based on a New-Found WeaknessZheng Wu0Lin Ding1Zhengting Li2Xinhai Wang3Ziyu Guan4PLA SSF Information Engineering UniversityPLA SSF Information Engineering UniversityPLA SSF Information Engineering UniversityPLA SSF Information Engineering UniversityPLA SSF Information Engineering UniversityGEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to 2−7.30, which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of 221.02 GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices.http://dx.doi.org/10.1049/2024/6674019 |
| spellingShingle | Zheng Wu Lin Ding Zhengting Li Xinhai Wang Ziyu Guan New Practical Attacks on GEA-1 Based on a New-Found Weakness IET Information Security |
| title | New Practical Attacks on GEA-1 Based on a New-Found Weakness |
| title_full | New Practical Attacks on GEA-1 Based on a New-Found Weakness |
| title_fullStr | New Practical Attacks on GEA-1 Based on a New-Found Weakness |
| title_full_unstemmed | New Practical Attacks on GEA-1 Based on a New-Found Weakness |
| title_short | New Practical Attacks on GEA-1 Based on a New-Found Weakness |
| title_sort | new practical attacks on gea 1 based on a new found weakness |
| url | http://dx.doi.org/10.1049/2024/6674019 |
| work_keys_str_mv | AT zhengwu newpracticalattacksongea1basedonanewfoundweakness AT linding newpracticalattacksongea1basedonanewfoundweakness AT zhengtingli newpracticalattacksongea1basedonanewfoundweakness AT xinhaiwang newpracticalattacksongea1basedonanewfoundweakness AT ziyuguan newpracticalattacksongea1basedonanewfoundweakness |