As is well known, in a 3G (3rd generation) mobile communication, subscriber authentication is done via a USIM (Universal Subscriber Identity Module). The USIM has a form which is a combination of a SIM (Subscriber Identity Module) in an application form equipped with subscriber information and a UICC (Universal IC Card) which means a smart card hardware platform to accommodate multi-application. Such a USIM is a smart card that is mounted on a 3G mobile telecommunication terminal, enables the 3G mobile communication terminal to access services provided from a mobile communication network or to receive communication services such as a subscriber authentication and global roaming, and, in addition to, supports various additional services such as e-commerce and the like.
In the 3G generation mobile communication, a new authentication protocol has been designed in order for the vulnerability complement of a 2G authentication mechanism and for two-way authentication. Accordingly, the 3GPP (3rd Generation Partnership Project) has recommended the use of the Milenage key generation algorithm which is a core algorithm of authentication mechanisms.
The Milenage key generation algorithm is a kind of key generation algorithms used in authentication, integrity, anonymity and the like and uses a block cipher algorithm. Authentication and key generation are internally done in the Milenage key generation algorithm using an AES (Advanced Encryption Standard). Inputs to the Milenage key generation algorithm are a randomly generated 128-bit random number RAND and an OPc value that has been generated by encrypting a 128-bit OP specified by an operator with a block cipher algorithm. The RAND and the OPc value are experienced a logical exclusive-OR operation to generate a value, which in turn is provided to an input to the block cipher algorithm, to thereby produce a set of session keys f1, f1*, f2, f3, f4, f5, f5*.
However, the Milenage key generation algorithm has inherently a problem that a master key used to generate an authentication key may be leaked out by a CPA (Correlation Power Analysis).
A process of an attack using the CPA is as follows.
A random number RAND which is experienced a logical exclusive-OR operation in the USIM is a plaintext to the input of the Milenage key generation algorithm, and an OPc value is a fixed value that is calculated in the USIM or stored in advance, all of which are unknown to an attacker.
The attacker needs to know the input values entering an AES in order to attack the AES. In order to achieve this, it is necessary to catch the value of the OPc first. Therefore, the attacker generates a random number NAND and an OPc value to the input of the Milenage key generation algorithm first.
Next, the random number RAND and the OPc value are experienced a logical exclusive-OR operation. During the operation, in order for carrying out a sub-channel attack to which a power model is applied on the logical exclusive-OR operation, a value for estimating the amount of power consumed in performing the logical exclusive-OR operation, i.e., a value of a hamming weight is obtained.
Moreover, the random number RAND is actually entered into the input of the Milenage key generation algorithm and a power consumption waveform is collected at a point where the logical exclusive-OR operation is performed on the OPc value and the random number RAND.
Next, a correlation coefficient is calculated using a Pearson correlation formula between the power consumption waveform collected from the point of an attack and the Hamming weight previously obtained. In this case, the CPA is done by calculating the value of the correlation coefficient between the power consumption and the Hamming weight.
The OPc value is gotten by obtaining a point that the highest value of the correlation coefficients occurs and a value corresponding to the point. When the OPc value has been obtained, the attacker can select the random number RAND already, and, therefore, able to know the input values to the AES. Consequently, the attacker can make a CPA attack on the AES to which a prevention technology is eliminated.