Weaknesses in the Key Scheduling Algorithm of RC4
Scott R. Fluhrer,Itsik Mantin,Adi Shamir +2 more
- pp 1-24
TLDR
It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages.Abstract:
In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Finally, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Our new passive ciphertext-only attack on this mode can recover an arbitrarily long key in a negligible amount of time which grows only linearly with its size, both for 24 and 128 bit IV modifiers.read more
Citations
More filters
Proceedings ArticleDOI
TinySec: a link layer security architecture for wireless sensor networks
TL;DR: TinySec is introduced, the first fully-implemented link layer security architecture for wireless sensor networks, and results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10% energy, latency, and bandwidth overhead.
Book
Computer Networking: A Top-Down Approach
James F. Kurose,Keith W. Ross +1 more
TL;DR: Computer Networking: A Top-Down Approach Featuring the Internet explains the engineering problems that are inherent in communicating digital information from point to point, and presents the mathematics that determine the best path, show some code that implements those algorithms, and illustrate the logic by using excellent conceptual diagrams.
Journal ArticleDOI
Security in mobile ad hoc networks: challenges and solutions
TL;DR: The security issues related to this problem are identified, the challenges to security design are discussed, and the state-of-the-art security proposals that protect the MANET link- and network-layer operations of delivering packets over the multihop wireless channel are reviewed.
The TESLA Broadcast Authentication Protocol
TL;DR: The TESLA (Timed Efficient Stream Loss-tolerant Authentication) broadcast authentication protocol is presented, an efficient protocol with low communication and computation overhead, which scales to large numbers of receivers, and tolerates packet loss.
Proceedings Article
Talking to Strangers: Authentication in Ad-Hoc Wireless Networks.
TL;DR: This paper presents a user-friendly solution, which provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives, over the wireless link.
References
More filters
Book ChapterDOI
Real Time Cryptanalysis of A5/1 on a PC
TL;DR: New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers.
Proceedings Article
Using the Fluhrer, Mantin, and Shamir Attack to Break {WEP}
TL;DR: It is concluded that 802.11 WEP is totally insecure, and some recommendations are provided to make the attack more efficient.
Journal Article
A practical attack on broadcast RC4
Itsik Mantin,Adi Shamir +1 more
TL;DR: In this article, the authors describe a major statistical weakness in RC4, which makes it trivial to distinguish between short outputs of RC4 and random strings by analyzing their second bytes, which can be used to mount a ciphertext-only attack on RC4 in some broadcast applications, in which the same plaintext is sent to multiple recipients under different keys.
Book ChapterDOI
Statistical Analysis of the Alleged RC4 Keystream Generator
Scott R. Fluhrer,David McGrew +1 more
TL;DR: A method for distinguishing 8-bit RC4 from randomness is demonstrated and it is observed that an attacker can, on occasion, determine portions of the internal state with nontrivial probability.