In
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, the Cellular Message Encryption Algorithm (CMEA) is a
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
which was used for securing
mobile phone
A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive calls over a radio frequency link whil ...
s in the
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
. CMEA is one of four cryptographic primitives specified in a
Telecommunications Industry Association
The Telecommunications Industry Association (TIA) is accredited by the American National Standards Institute (ANSI) to develop voluntary, consensus-based industry standards for a wide variety of Information and Communication Technologies (Inform ...
(TIA) standard, and is designed to
encrypt
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
the control channel, rather than the voice data. In 1997, a group of cryptographers published attacks on the
cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
showing it had several weaknesses which give it a trivial effective strength of a 24-bit to 32-bit cipher.
[
]
Some accusations were made that the
NSA
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
had pressured the original designers into crippling CMEA, but the NSA has denied any role in the design or selection of the algorithm. The
ECMEA and
SCEMA ciphers are derived from CMEA.
CMEA is described in . It is
byte-oriented
Byte-oriented framing protocol is "a communications protocol in which full bytes are used as control codes. Also known as character-oriented protocol." For example UART communication is byte-oriented.
The term "character-oriented" is deprecated, ...
, with variable
block size, typically 2 to 6 bytes. The
key size
In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher).
Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastest ...
is only 64 bits. Both of these are unusually small for a modern cipher. The algorithm consists of only 3 passes over the data: a non-linear left-to-right diffusion operation, an unkeyed linear mixing, and another non-linear diffusion that is in fact the inverse of the first. The non-linear operations use a keyed
lookup table
In computer science, a lookup table (LUT) is an array that replaces runtime computation with a simpler array indexing operation. The process is termed as "direct addressing" and LUTs differ from hash tables in a way that, to retrieve a value v wi ...
called the ''T-box'', which uses an unkeyed lookup table called the ''CaveTable''. The algorithm is
self-inverse; re-encrypting the ciphertext with the same key is equivalent to decrypting it.
CMEA is severely insecure. There is a
chosen-plaintext attack
A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts.Ross Anderson, ''Security Engineering: A Guide to Building Dependable Distributed Systems''. ...
, effective for all block sizes, using 338 chosen plaintexts. For 3-byte blocks (typically used to encrypt each dialled digit), there is a
known-plaintext attack
The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secr ...
using 40 to 80 known plaintexts. For 2-byte blocks, 4 known plaintexts suffice.
The "improved" CMEA, CMEA-I, is not much better: chosen-plaintext attack of it requires less than 850 plaintexts in its adaptive version.
See also
*
A5/1, the broken encryption algorithm used in the
GSM
The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation ( 2G) digital cellular networks used by mobile devices such ...
cellular telephone standard
*
ORYX
''Oryx'' is a genus consisting of four large antelope species called oryxes. Their pelage is pale with contrasting dark markings in the face and on the legs, and their long horns are almost straight. The exception is the scimitar oryx, which l ...
*
CAVE
A cave or cavern is a natural void in the ground, specifically a space large enough for a human to enter. Caves often form by the weathering of rock and often extend deep underground. The word ''cave'' can refer to smaller openings such as sea ...
References
External links
The attack on CMEA
{{Cryptography navbox , block
Broken block ciphers