Abstract
We present several weaknesses in the key scheduling algorithm of RC4 when the secret key contains an initialization vector – a cryptographic scheme typically used by the WEP and WPA protocols to protect IEEE 802.11 wireless communications. First, we show how the previously discovered key recovery attacks can be improved by reducing the dependency between the secret key bytes. Then, we describe two new weaknesses related to the modulo operation of the key scheduling algorithm. Finally, we describe a passive-only attack able to significantly improve the key recovery process on WEP with a data complexity of 215 eavesdropped packets.
Chapter PDF
Similar content being viewed by others
References
IEEE: ANSI/IEEE standard 802.11b: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (1999)
Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: MOBICOM, pp. 180–189 (2001)
Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Roos, A.: A class of weak keys in RC4 stream cipher (sci.crypt) (1995)
Wagner, D.: Weak keys in RC4 (sci.crypt) (1995), http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys
Hulton, D.: Practical exploitation of RC4 weaknesses in WEP environments (2001), http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt
Bittau, A.: Additional weak IV classes for the FMS attack (2003), http://www.cs.ucl.ac.uk/staff/a.bittau/sorwep.txt
Korek: Need security pointers (2004), http://www.netstumbler.org/showthread.php?postid=89036#post89036
Korek: Next generation of WEP attacks? (2004), http://www.netstumbler.org/showpost.php?p=93942&postcount=35
Martin, J.I.S.: Weplab, http://weplab.sourceforge.net/
Devine, C., Otreppe, T.: Aircrack, http://www.aircrack-ng.org/
Mantin, I.: A practical attack on the fixed RC4 in the WEP mode. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 395–411. Springer, Heidelberg (2005)
Jenkins, R.: Isaac and RC4, http://burtleburtle.net/bob/rand/isaac.html
Klein, A.: Attacks on the RC4 stream cipher. Personal Andreas Klein website (2006), http://cage.ugent.be/~klein/RC4/RC4-en.ps
Bittau, A., Handley, M., Lackey, J.: The final nail in WEP’s coffin. In: S&P, pp. 386–400. IEEE Computer Society Press, Los Alamitos (2006)
Paul, G., Rathi, S., Maitra, S.: On non-negligible bias of the first output bytes of RC4 towards the first three bytes of the secret key. In: WCC 2007. International Workshop on Coding and Cryptography, pp. 285–294 (2007)
IEEE: ANSI/IEEE standard 802.11i: Amendment 6 Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3 (2003)
IEEE: ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (2004)
Tews, E., Weinmann, R.P., Pyshkin, A.: Breaking 104 bit WEP in less than 60 seconds. Cryptology ePrint Archive, Report 2007/120 (2007), http://eprint.iacr.org/
Mironov, I.: (Not so) random shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)
Postel, R.: Rfc1042 (1988) http://rfc.net/rfc1042.html
Chaabouni, R.: Breaking WEP Faster with Statistical Analysis. Ecole Polytechnique Fédérale de Lausanne, LASEC, Semester Project (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S., Vuagnoux, M. (2007). Passive–Only Key Recovery Attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds) Selected Areas in Cryptography. SAC 2007. Lecture Notes in Computer Science, vol 4876. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77360-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-77360-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77359-7
Online ISBN: 978-3-540-77360-3
eBook Packages: Computer ScienceComputer Science (R0)