John Mattsson

Authentication Key Recovery on Galois/Counter Mode GCM

GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers due to its exceptional performance. In this paper we analyze the NIST standardized version SP 800-38D of GCM, and in particular the use of short tag lengths. We show that feedback of successful or unsuccessful forgery attempt is almost always possible, contradicting the NIST assumptions for short tags. We also provide a complexity estimation of Fergusons authentication key recovery method on short tags, and suggest several novel improvements to Fergusonss attacks that significantly reduce the security level for short tags. We show that for many truncated tag sizes; the security levels are far below, not only the current NIST requirement of 112-bit security, but also the old NIST requirement of 80-bit security. We therefore strongly recommend NIST to revise SP 800-38D.

Evaluation of VoIP media security for smartphones in the context of IMS

Market research reports by In-Stat, Gartner, and the Swedish Post and Telecom Agency (PTS) reveal a growing worldwide demand for Voice over IP (VoIP) and smartphones. This trend is expected to continue over the coming years and there is wide scope for mobile VoIP solutions. With this growth in VoIP adoption come challenges related with quality of service and security. Most consumer VoIP solutions, even in PCs, analog telephony adapters, and home gateways, do not yet support media encryption or other forms of security. VoIP applications based on mobile platforms are even further behind in adopting media security. In this paper, we explore the alternatives and feasibility of achieving VoIP media security for smartphones in the realm of IP Multimedia Subsystem (IMS).