Abstract
In this paper we construct several tools for manipulating pools of biases in the analysis of RC4. Then, we show that optimized strategies can break WEP based on 4 000 packets by assuming that the first bytes of plaintext are known for each packet. We describe similar attacks for WPA. Firstly, we describe a distinguisher for WPA of complexity 243 and advantage 0.5 which uses 240 packets. Then, based on several partial temporary key recovery attacks, we recover the full 128-bit temporary key by using 238 packets. It works within a complexity of 296. So far, this is the best attack against WPA. We believe that our analysis brings further insights on the security of RC4.
Chapter PDF
References
ANSI/IEEE standard 802.11i, Amendment 6 Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3. IEEE (2003)
IEEE Std 802.11, Standards for Local and Metropolitan Area Networks: Wireless Lan Medium Access Control (MAC) and Physical Layer (PHY) Specifications (1999)
IEEE 802.1 WG. 802.1x: Standards for Local and Metropolitan Area Networks: Port-Based Access Control. IEEE (2001)
Biham, E., Carmeli, Y.: Efficient Reconstruction of RC4 Keys from Internal States. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 270–288. Springer, Heidelberg (2008)
Bittau, A.: Additional Weak IV Classes for the FMS Attack (2003)
Chaabouni, R.: Breaking WEP Faster with Statistical Analysis. Semester project. In: EPFL/LASEC (2006)
Ferguson, N.: Michael: an Improved MIC for 802.11 WEP. IEEE doc. 802.11-2/020r0 (2002)
Fluhrer, S.R., McGrew, D.A.: Statistical Analysis of the Alleged RC4 Keystream Generator. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2001)
Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Golic, J.D.: Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator. In: Clark, A., Boyd, C., Dawson, E.P. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 220–223. Springer, Heidelberg (2000)
Golić, J.D.: Linear Statistical Weakness of Alleged RC4 Keystream Generator. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)
Housley, R., Whiting, D., Ferguson, N.: Alternate Temporal Key Hash. IEEE doc. 802.11-02/282r2 (2002)
Hulton, D.: Practical Exploitation of RC4 Weaknesses in WEP Environments (2001), http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt
Jenkins, R.: ISAAC and RC4 (1996), http://burtleburtle.net/bob/rand/isaac.html
Junod, P., Vaudenay, S.: Optimal Key Ranking Procedures in a Statistical Cryptanalysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 235–246. Springer, Heidelberg (2003)
Klein, A.: Attacks on the RC4 Stream Cipher. Design, Codes, and Cryptography 48, 269–286 (2008)
Knudsen, L.R., Meier, W., Preneel, B., Rijmen, V., Verdoolaege, S.: Analysis Methods for (Alleged) RC4. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 327–341. Springer, Heidelberg (1998)
Korek: Next Generation of WEP Attacks? (2004), http://www.netstumbler.org/showpost.php?p=93942&postcount=%35
Korek: Need Security Pointers (2004)
Maitra, S., Paul, G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008)
Mantin, I.: Analysis of the Stream Cipher RC4 (2001), http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html
Mantin, I.: Predicting and Distinguishing Attacks on RC4 Keystream Generator. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)
Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005)
Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)
Mironov, I.: Not So Random Shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)
Moen, V., Raddum, H., Hole, K.J.: Weaknesses in the Temporal Key Hash of WPA. Mobile Computing and Communications Review 8, 76–83 (2004)
Paul, G., Maitra, S.: Permutation After RC4 Key Scheduling Reveals the Secret. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007)
Paul, S., Preneel, B.: A New Weakness in the RC4 Keystream Generator and an Approach. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Paul, G., Rathi, S., Maitra, S.: On Non-Negligible Bias of the First Output Byte of RC4 towards the First Three Bytes of the Secret Key. Design, Codes, and Cryptography 49, 123–134 (2008)
Postel, J., Reynolds, J.: A Standard for the Transmission of IP Datagrams over IEEE 802 Networks. RFC 1042 (1988)
Roos, A.: A Class of Weak Keys in RC4 Stream Cipher (sci.crypt) (1995), http://groups.google.com/group/sci.crypt.research/msg/078a%a9249d76eacc?dmode=source
Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and Exploitation of New Biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011)
Tews, E., Beck, M.: Practical Attacks Against WEP and WPA. In: Proceedings of the Second ACM Conference on Wireless Network Security WISEC 2009, Zurich, Switzerland, pp. 79–86. ACM, New York (2009)
Tews, E., Weinmann, R.-P., Pyshkin, A.: Breaking 104 Bit WEP in Less Than 60 Seconds. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 188–202. Springer, Heidelberg (2008)
Tomasevic, V., Bojanic, S., Nieto-Taladriz, O.: Finding an Internal State of RC4 Stream Cipher. Information Sciences: an International Journal 177, 1715–1727 (2007)
Vaudenay, S., Vuagnoux, M.: Passive–only key recovery attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, Heidelberg (2007)
Wagner, D.: Weak Keys in RC4 (sci.crypt) (1995), http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 International Association for Cryptologic Research
About this paper
Cite this paper
Sepehrdad, P., Vaudenay, S., Vuagnoux, M. (2011). Statistical Attack on RC4. In: Paterson, K.G. (eds) Advances in Cryptology – EUROCRYPT 2011. EUROCRYPT 2011. Lecture Notes in Computer Science, vol 6632. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20465-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-20465-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20464-7
Online ISBN: 978-3-642-20465-4
eBook Packages: Computer ScienceComputer Science (R0)