Some results on RC4 in WPA
نویسندگان
چکیده
Motivated by the work of AlFardan et al 2013, in this paper we present several results related to RC4 non-randomness in WPA. We first prove the interesting zig-zag distribution of the first byte and the similar nature for the biases in the initial keystream bytes to zero. As we note, this zig-zag nature surfaces due to the dependency of first and second key bytes in WPA/TKIP, both derived from the same byte of the IV. Further, we also note that the correlation of certain keystream bytes to the first three IV bytes provides much higher biases than what had been presented in the work by AlFardan et al 2013. We notice that the correlations of the keystream bytes with publicly known IV values of WPA potentially strengthens the practical plaintext recovery attack on the protocol; formulation of the exact details related to this attack is in progress.
منابع مشابه
Statistical Attack on RC4 - Distinguishing WPA
In this paper we construct several tools for manipulating pools of biases in the analysis of RC4. Then, we show that optimized strategies can break WEP based on 4000 packets by assuming that the first bytes of plaintext are known for each packet. We describe similar attacks for WPA. Firstly, we describe a distinguisher for WPA of complexity 243 and advantage 0.5 which uses 240 packets. Then, ba...
متن کاملDependence in IV-Related Bytes of RC4 Key Enhances Vulnerabilities in WPA
The first three bytes of the RC4 key in WPA are public as they are derived from the public parameter IV, and this derivation leads to a strong mutual dependence between the first two bytes of the RC4 key. In this paper, we provide a disciplined study of RC4 biases resulting specifically in such a scenario. Motivated by the work of AlFardan et al. (2013), we first prove the interesting sawtooth ...
متن کاملNew Linear Correlations Related to State Information of RC4 PRGA Using IV in WPA
RC4 is a stream cipher designed by Ron Rivest in 1987, and is widely used in various applications. WPA is one of these applications, where TKIP is used for a key generation procedure to avoid weak IV generated by WEP. In FSE 2014, two different attacks against WPA were proposed by Sen Gupta et al. and Paterson et al. Both focused correlations between the keystream bytes and the first 3 bytes of...
متن کاملDistinguishing WPA
We present an efficient algorithm that can distinguish the keystream of WPA from that of a generic instance of RC4 with a packet complexity of O(N), where N denotes the size of the internal permutation of RC4. In practice, our distinguisher requires approximately 2 packets; thus making it the best known distinguisher of WPA to date. This is a significantly improved distinguisher than the previo...
متن کاملHow TKIP Induces Biases of Internal States of Generic RC4
RC4, designed by Rivest, is widely used including WPA, which is one of the security protocols for IEEE 802.11 wireless standard. The first 3-byte RC4 keys in WPA generated by IV are known since IV can be obtained by observing a packet. In 2014, Sen Gupta et al. found linear correlations between the keystream byte and known RC4 key bytes. In 2015, Our previous work extended linear correlations t...
متن کامل