Abstract
This paper investigates key correlations of the keystream generated from RC4, and then presents significant improvements for a plaintext recovery attack on WPA-TKIP from the attack by Isobe et al. at FSE 2013. We first discuss newly discovered key correlations between 2 bytes of the RC4 key and a keystream byte in each round. Such correlations are referred as iterated RC4 key correlations. We further apply our iterated RC4 key correlations to the plaintext recovery attack on WPA-TKIP in the same way as the attack by Sen Gupta et al. at FSE 2014, and achieve significant improvements for recovering 8 bytes of a plaintext from the attack by Isobe et al. at FSE 2013. Our result implies that WPA-TKIP further lowers the security level of generic RC4.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
\(\Pr (S_0[1]=x)\) is an average probability because the range of x is from \(r+1\) to \(N-1\).
References
Ferugson, N., MacFergus: Michael: an improved MIC for 802.11 WEP. doc.: IEEE 802.11-02/020r0, April 2002
Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45537-X_1
Sen Gupta, S., Maitra, S., Meier, W., Paul, G., Sarkar, S.: Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 350–369. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_18
Housley, R., Whiting, D., Ferguson, N.: Alternate temporal key hash. doc.: IEEE 802.11-02/282r2, April 2002
Ito, R., Miyaji, A.: Refined construction of RC4 key setting in WPA. IEICE Trans. Fundam. E100–A(1), 138–148 (2017)
Isobe, T., Ohigashi, T., Watanabe, Y., Morii, M.: Full plaintext recovery attack on broadcast RC4. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 179–202. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_10
Knudsen, L.R., Meier, W., Preneel, B., Rijmen, V., Verdoolaege, S.: Analysis methods for (Alleged) RC4. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 327–341. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-49649-1_26
Mantin, I.: Analysis of the Stream Cipher RC4. Master’s thesis, The Weizmann Institute of Science, Israel (2001). http://edge.cs.drexel.edu/regli/Classes/CS680/Papers/802.11/Security/RC4/Mantin1.ps
Maximov, A., Khovratovich, D.: New state recovery attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_17
Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45473-X_13
Ohigashi, T., Isobe, T., Watanabe, Y., Morii, M.: Full plaintext recovery attacks on RC4 using multiple biases. IEICE Trans. Fundam. E98–A(1), 81–91 (2015)
Paul, G., Maitra, S.: Permutation after RC4 key scheduling reveals the secret key. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_23
Popov, A.: Prohibiting RC4 cipher suites. Internet Engineering Task Force - IETF, Request for Comments, 7465, February 2015
Paterson, K.G., Poettering, B., Schuldt, J.C.N.: Plaintext recovery attacks against WPA/TKIP. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 325–349. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_17
Roos, A.: A class of weak keys in the RC4 stream cipher. Posts in sci.crypt (1995). http://marcel.wanda.ch/Archive/WeakKeys
Sarkar, S.: Proving empirically key-correlations in RC4. Inf. Process. Lett. 114(5), 234–238 (2014)
Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and exploitation of new biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_5
Vanhoef, M., Piessens, F.: All your biases belong to Us: breaking RC4 in WPA-TKIP and TLS. In: USENIX Security Symposium 2015, pp. 97–112 (2015)
Vanhoef, M., Piessens, F.: Predicting, decrypting, and abusing WPA2/802.11 group keys. In: USENIX Security Symposium (2016)
Vaudenay, S., Vuagnoux, M.: Passive–Only key recovery attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_22
Acknowledgements
This work is partially supported by JSPS KAKENHI Grant (C) (JP15K00183) and (JP15K00189) and Japan Science and Technology Agency, CREST (JPMJCR1404) and Infrastructure Development for Promoting International S&T Cooperation and Project for Establishing a Nationwide Practical Education Network for IT Human Resources Development, Education Network for Practical Information Technologies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Ito, R., Miyaji, A. (2018). New Iterated RC4 Key Correlations. In: Susilo, W., Yang, G. (eds) Information Security and Privacy. ACISP 2018. Lecture Notes in Computer Science(), vol 10946. Springer, Cham. https://doi.org/10.1007/978-3-319-93638-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-93638-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93637-6
Online ISBN: 978-3-319-93638-3
eBook Packages: Computer ScienceComputer Science (R0)