Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Contributions to Confidentiality and Integrity Algorithms for 5G

Yang, Jing LU (2021)
Abstract
The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient.

When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new... (More)
The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient.

When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software.

Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.

1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level.

2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search.

3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms.

4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search.

5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.


Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs).

6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters.

(Less)
Please use this url to cite or link to this publication:
author
supervisor
opponent
  • Prof. Cid, Carlos, University of London, United Kingdom.
organization
publishing date
type
Thesis
publication status
published
subject
keywords
Stream ciphers, 5G, Confidentiality and integrity algorithms, SNOW-V, SNOW-Vi, Local pseudorandom generators, SNOW 3G, ZUC-256, Linear cryptanalysis, Guess-and-determine attacks
pages
301 pages
publisher
Department of Electrical and Information Technology, Lund University
defense location
Lecture hall E:A, building E, John Ericssons väg 2, Faculty of Engineering LTH, Lund University, Lund.
defense date
2021-12-17 09:00:00
ISBN
978-91-8039-106-1
978-91-8039-105-4
language
English
LU publication?
yes
id
04d40b08-8885-4e1c-9fe0-c86c57af9640
date added to LUP
2021-11-22 17:20:15
date last changed
2022-04-04 12:03:54
@phdthesis{04d40b08-8885-4e1c-9fe0-c86c57af9640,
  abstract     = {{The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. <br/><br/>When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. <br/><br/>Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.<br/><br/>1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2<sup>172</sup> and 2<sup>177</sup>, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. <br/><br/>2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2<sup>236</sup>, which is 2<sup>20</sup> faster than exhaustive key search.  <br/><br/>3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. <br/><br/>4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. <br/><br/>5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.<br/><br/><br/>Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs).<br/><br/>    6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P<sub>5</sub> predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters.<br/>   <br/>}},
  author       = {{Yang, Jing}},
  isbn         = {{978-91-8039-106-1}},
  keywords     = {{Stream ciphers; 5G; Confidentiality and integrity algorithms; SNOW-V; SNOW-Vi; Local pseudorandom generators; SNOW 3G; ZUC-256; Linear cryptanalysis; Guess-and-determine attacks}},
  language     = {{eng}},
  month        = {{11}},
  publisher    = {{Department of Electrical and Information Technology, Lund University}},
  school       = {{Lund University}},
  title        = {{Contributions to Confidentiality and Integrity Algorithms for 5G}},
  url          = {{https://lup.lub.lu.se/search/files/110009600/thesis_Jing_Yang.pdf}},
  year         = {{2021}},
}