Abstract
In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9800 encrypted packets (less than 20 seconds), instead of 24200 for the best previous attack.
Keywords
- Discrete Fourier Transform
- Exhaustive Search
- Success Probability
- Initialization Vector
- Stream Cipher
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download conference paper PDF
References
Biham, E., Carmeli, Y.: Efficient Reconstruction of RC4 Keys from Internal States. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 270–288. Springer, Heidelberg (2008)
Bittau, A.: Additional Weak IV Classes for the FMS Attack (2003), http://www.cs.ucl.ac.uk/staff/a.bittau/sorwep.txt
Chaabouni, R.: Breaking WEP Faster with Statistical Analysis. Ecole Polytechnique Fédérale de Lausanne, LASEC, Semester Project (2006)
Devine, C., Otreppe, T.: Aircrack, http://www.aircrack-ng.org/
Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Fluhrer, S.R., McGrew, D.A.: Statistical Analysis of the Alleged RC4 Keystream Generator. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2001)
Golic, J.D.: Linear statistical weakness of alleged RC4 keystream generator. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)
Golic, J.D.: Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator. In: Dawson, E., Clark, A., Boyd, C. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 220–233. Springer, Heidelberg (2000)
Hulton, D.: Practical Exploitation of RC4 Weaknesses in WEP Environments (2001), http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt
IEEE. ANSI/IEEE standard 802.11i: Amendment 6 Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3 (2003)
Jenkins, R.: ISAAC and RC4, http://burtleburtle.net/bob/rand/isaac.html
Klein, A.: Attacks on the RC4 Stream Cipher. Personal Andreas Klein website (2006), http://cage.ugent.be/~klein/RC4/RC4-en.ps
Klein, A.: Attacks on the RC4 Stream Cipher. Des. Codes Cryptography 48(3), 269–286 (2008)
Knudsen, L.R., Meier, W., Preneel, B., Rijmen, V., Verdoolaege, S.: Analysis Methods for (Alleged) RC4. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 327–341. Springer, Heidelberg (1998)
KoreK. Need Security Pointers (2004), http://www.netstumbler.org/showthread.php?postid=89036#post89036
KoreK. Next Generation of WEP Attacks? (2004), http://www.netstumbler.org/showpost.php?p=93942&postcount=35
Maitra, S., Paul, G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008)
Mantin, I.: Analysis of the Stream Cipher RC4, http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html
Mantin, I.: Predicting and Distinguishing Attacks on RC4 Keystream Generator. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)
Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005)
Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)
Mironov, I.: (Not So) Random Shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)
Moen, V., Raddum, H., Hole, K.J.: Weaknesses in the Temporal Key Hash of WPA. Mobile Computing and Communications Review 8(2), 76–83 (2004)
Paul, G., Maitra, S.: Permutation After RC4 Key Scheduling Reveals the Secret Key. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007)
Paul, G., Rathi, S., Maitra, S.: On Non-negligible Bias of the First Output Bytes of RC4 towards the First Three Bytes of the Secret Key. In: WCC 2007 - International Workshop on Coding and Cryptography, pp. 285–294 (2007)
Paul, S., Preneel, B.: A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Roos, A.: A Class of Weak Keys in RC4 Stream Cipher (sci.crypt) (1995), http://groups.google.com/group/sci.crypt.research/msg/078aa9249d76eacc?dmode=source
Tews, E., Beck, M.: Practical attacks against WEP and WPA. In: Basin, D.A., Capkun, S., Lee, W. (eds.) WISEC, pp. 79–86. ACM, New York (2009)
Tews, E., Weinmann, R.-P., Pyshkin, A.: Breaking 104 Bit WEP in Less Than 60 Seconds. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 188–202. Springer, Heidelberg (2008)
Tomasevic, V., Bojanic, S., Nieto-Taladriz, O.: Finding an internal state of RC4 stream cipher. Finding an internal state of RC4 stream cipher 177(7), 1715–1727 (2007)
Vaudenay, S., Vuagnoux, M.: Passive–Only Key Recovery Attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, Heidelberg (2007)
Vuagnoux, M.: Computer Aided Cryptanalysis from Ciphers to Side channels. PhD thesis, Ecole Polytechnique Fédérale de Lausanne — EPFL (2010)
Wagner, D.: Weak Keys in RC4 (sci.crypt) (1995), http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sepehrdad, P., Vaudenay, S., Vuagnoux, M. (2011). Discovery and Exploitation of New Biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds) Selected Areas in Cryptography. SAC 2010. Lecture Notes in Computer Science, vol 6544. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19574-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-19574-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19573-0
Online ISBN: 978-3-642-19574-7
eBook Packages: Computer ScienceComputer Science (R0)