Recently, documents leaked from Edward Snowden alleged that NSA and GCHQ had stolen millions of SIM card encryption keys from one of the world's largest chip manufacturers. This incident draws the public attention to the longstanding concern for the mobile network security. Despite that various attacks against 2G (GSM) algorithms (COMP-128, A5) were found in literature, no practical attacks were known against 3G/4G (UMTS/LTE) SIM cards. 3G/4G SIM cards adopt a mutual authentication algorithm called MILENAGE, which is in turn based on AES-128, a mathematically secure block cipher standardized by NIST. In addition to the encryption key, MILENAGE also uses nearly a dozen of 128-bit secrets to further obfuscate the algorithm.
In this presentation, we show how to amount differential power analysis that recovers encryption key and other secrets in a divide-and-conquer manner within a few (10 to 40) minutes, allowing for SIM cards cloning. Our experiments succeeded on eight 3G/4G SIM cards from a variety of operators and manufacturers. The measurement setup of our experiment mainly consists of an oscilloscope (for power acquisition), an MP300-SC2 protocol analyzer (for interception of the messages), a self-made SIM card reader, and a PC (for signal processing and cryptanalysis). We finish the presentation by showing what happens to a 3G/4G SIM card and its duplicate when receiving texts/calls at the same time.
Yu Yu is currently a research professor with Shanghai Jiao Tong University specilized in side-channel analysis and cryptography. He received his PhD from Nanyang Technology University in 2006, and became a cryptanalyst with ICT security of T-Systems (part of Deutsche Telekom) immediately afterwards. He joined the UCL crypto group (Belgium) in 2008 as a postdoctoral researcher with a focus on side-channel analysis and countermeasures. He returned to China in 2010 and became an associate professor at East China Normal University and then at Tsinghua University. Yu has published more than 20 research papers (on side-channel analysis and cryptography) at major venues of information security and cryptography, e.g. CCS 2010, CRYPTO 2011, CRYPTO 2013, Asiacrypt 2013, CT-RSA 2013, etc. He is now serving as a board member of the IACR (International Association for Cryptologic Research).