If you need some example pcap traces generated by any of these tools, just send an email to fasferraz@gmail.com


10/16/17

UMTS Security Algorithm – TUAK

This application implements the TUAK algorithm defined in 3GPP 35.231, that is the new algorithm proposed to replace Milenage as the AKA algorithm.



There are a few differences from the inputs and outputs to Milenage:

  • The K key can be 128 or 256 bits
  • MAC-A and MAC-S can be 64, 128 or 256 bits
  • RES can be 32, 64, 128 or 256 bits
  • CK and IK can be 128 or 256 bits.


Existing 3GPP specifications do not support all of these possibilities, but they were included in TUAK for future flexibility in case future releases of these specifications want to support them.
TUAK uses the Keccak-f permutation with 1600 bits as input/output.

Milenage uses a 128 bits OP that is used with K key to derive OPc. For TUAK a 256 bits TOP key is specified, and a 256 bits TOPc is derived using TOP and K.

As stated before, the lengths of K, MAC-A/MAC-S, RES, CK and IK can be chosen by the operator, although they have to be fixed for a particular implementation of TUAK.

For compatibility with current 3GPP specifications the length of K must be 128 bits, the length of RES must be between 32 and 128 bits, the length of MAC-A/MAC-S must be 64 bits, and the length of CK and IK must be 128 bits.

If a more secure version of this algorithm is required, this could be done by adding extra Keccak permutations before extracting the output.
This can be set in the application in the dropbox “keccak iterations”.

The application was tested with all test vectors from 3GPP 35.232 specification.

You can download it for free here.

3 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Hi Fabricio, nice explanation!
    I have unclear information in terms of the way Tuak used in the authenticate command APDU.

    How Tuak authenticate command is constructed? Is it still having apdu '00 88 00 00' (CLA INS P1 P2)?

    Thanks

    ReplyDelete