Side-channel analysis of the TUAK algorithm used for authentication and key agreement in 3G/4G networks

Abstract

Side-channel attacks are nowadays well known and most designers of security embedded systems are aware of them. Yet, these attacks are still major concerns and several implementations of cryptographic algorithms are still being broken. In fact, a recent work has exhibited a successful Differential Power Attack (DPA) on the Milenage algorithm used for authentication and key agreement in UMTS/LTE networks. Surprisingly, the targeted Milenage implementations in different USIM cards, coming from several mobile network operators, didn’t systematically take advantage of the large panel of the well-known sidechannel countermeasures. Recently, a new algorithm called Tuak, based on the Keccak permutation function, has been proposed as alternative to Milenage. Although Keccak was deeply analyzed in several works, the Tuak algorithm needs to be well investigated to assess its security level and to avoid inappropriate apply of Keccak. In this paper, we present a side-channel analysis of an unprotected Tuak implementation and we demonstrate that a successful side-channel attack is possible if the state-of-the-art countermeasures are not considered. Our results show that a few hundred of traces would roughly be needed to recover the subscriber key and other authentication secrets fixed by mobile operators. Actually, this work raises a warning flag to embedded systems developers alerting them to rely on adequate countermeasures, which effect shall be confirmed with thorough security analysis, when implementing cryptographic primitives in USIM cards.