All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS

Proceedings of the 24th USENIX Security Symposium

Volumn , Issue , 2015, Pages 97-112

  Vanhoef, Mathy ^a   Piessens, Frank ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

TESTING; WI-FI;

PACKET STRUCTURE; PLAINTEXT RECOVERY ATTACKS; RECOVERY ALGORITHMS; STATISTICAL HYPOTHESIS TEST; TEMPORAL KEY INTEGRITY PROTOCOLS; TRAFFIC GENERATION; TRANSPORT LAYER SECURITY PROTOCOLS; WI-FI PROTECTED ACCESS;

SEEBECK EFFECT;

EID: 84999935989     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (50)

1. N. J. Al Fardan and K. G. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In IEEE Symposium on Security and Privacy, 2013.
2. N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. N. Schuldt. On the security of RC4 in TLS and WPA. In USENIX Security Symposium, 2013.
3. A. Barth. HTTP state management mechanism. RFC 6265, 2011.
4. R. Basu, S. Ganguly, S. Maitra, and G. Paul. A complete characterization of the evolution of RC4 pseudo random generation algorithm. J. Mathematical Cryptology, 2(3):257–289, 2008.
5. D. Berbecaru and A. Lioy. On the robustness of applications based on the SSL and TLS security protocols. In Public Key Infrastructure, pages 248–264. Springer, 2007.
6. K. Bhargavan, A. D. Lavaud, C. Fournet, A. Pironti, and P. Y. Strub. Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 98–113. IEEE, 2014.
7. B. Canvel, A. P. Hiltgen, S. Vaudenay, and M. Vuagnoux. Password interception in a SSL/TLS channel. In Advances in Cryptology (CRYPTO), 2003.
8. T. Dierks and E. Rescorla. The transport layer security (TLS) protocol version 1.2. RFC 5246, 2008.
9. T. Duong and J. Rizzo. Here come the xor ninjas. In Ekoparty Security Conference, 2011.
10. D. Eppstein. k-best enumeration. arXiv preprint arXiv:1412.5075, 2014.
11. R. Fielding and J. Reschke. Hypertext transfer protocol (HTTP/1.1): Message syntax and routing. RFC 7230, 2014.
12. S. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the key scheduling algorithm of RC4. In Selected areas in cryptography. Springer, 2001.
13. S. R. Fluhrer and D. A. McGrew. Statistical analysis of the alleged RC4 keystream generator. In FSE, 2000.
14. C. Fuchs and R. Kenett. A test for detecting outlying cells in the multinomial distribution and two-way contingency tables. J. Am. Stat. Assoc., 75:395–398, 1980.
15. S. S. Gupta, S. Maitra, W. Meier, G. Paul, and S. Sarkar. Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA. Cryptology ePrint Archive, Report 2013/476, 2013. http://eprint.iacr.org/.
16. F. M. Halvorsen, O. Haugen, M. Eian, and S. F. Mjølsnes. An improved attack on TKIP. In 14th Nordic Conference on Secure IT Systems, NordSec ’09, 2009.
17. B. Harris and R. Hunt. Review: TCP/IP security threats and attack methods. Computer Communications, 22(10):885–897, 1999.
18. ICSI. The ICSI certificate notary. Retrieved 22 Feb. 2015, from http://notary.icsi.berkeley. edu.
19. IEEE Std 802.11-2012. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 2012.
20. T. Isobe, T. Ohigashi, Y. Watanabe, and M. Morii. Full plaintext recovery attack on broadcast RC4. In FSE, 2013.
21. A. Klein. Attacks on the RC4 stream cipher. Designs, Codes and Cryptography, 48(3):269–286, 2008.
22. S. Maitra and G. Paul. New form of permutation bias and secret key leakage in keystream bytes of RC4. In Fast Software Encryption, pages 253–269. Springer, 2008.
23. S. Maitra, G. Paul, and S. S. Gupta. Attack on broadcast RC4 revisited. In Fast Software Encryption, 2011.
24. I. Mantin. Predicting and distinguishing attacks on RC4 keystream generator. In EUROCRYPT, 2005.
25. I. Mantin and A. Shamir. A practical attack on broadcast RC4. In FSE, 2001.
26. I. Mironov. (Not so) random shuffles of RC4. In CRYPTO, 2002.
27. N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. You are what you include: Large-scale evaluation of remote JavaScript inclusions. In Proceedings of the 2012 ACM conference on Computer and communications security, 2012.
28. D. Nilsson and J. Goldberger. Sequentially finding the n-best list in hidden Markov models. In International Joint Conferences on Artificial Intelligence, 2001.
29. T. Ohigashi, T. Isobe, Y. Watanabe, and M. Morii. Full plaintext recovery attacks on RC4 using multiple biases. IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, 98(1):81–91, 2015.
30. K. G. Paterson, B. Poettering, and J. C. Schuldt. Big bias hunting in amazonia: Large-scale computation and exploitation of RC4 biases. In Advances in Cryptology — ASIACRYPT, 2014.
31. K. G. Paterson, J. C. N. Schuldt, and B. Poettering. Plaintext recovery attacks against WPA/TKIP. In FSE, 2014.
32. G. Paul, S. Rathi, and S. Maitra. On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key. Designs, Codes and Cryptography, 49(1-3):123–134, 2008.
33. S. Paul and B. Preneel. A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In FSE, 2004.
34. R Core Team. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, 2014.
35. L. Rabiner. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 1989.
36. M. Roder and R. Hamzaoui. Fast tree-trellis list Viterbi decoding. Communications, IEEE Transactions on, 54(3):453–461, 2006.
37. D. Roesler. STUN IP address requests for WebRTC. Retrieved 17 June 2015, from https://github.com/diafygi/webrtc-ips.
38. S. Sen Gupta, S. Maitra, G. Paul, and S. Sarkar. (Non-)random sequences from (non-)random permutations - analysis of RC4 stream cipher. Journal of Cryptology, 27(1):67–108, 2014.
39. P. Sepehrdad, S. Vaudenay, and M. Vuagnoux. Discovery and exploitation of new biases in RC4. In Selected Areas in Cryptography, pages 74–91. Springer, 2011.
40. N. Seshadri and C.-E. W. Sundberg. List Viterbi decoding algorithms with applications. IEEE Transactions on Communications, 42(234):313–323, 1994.
41. B. Smyth and A. Pironti. Truncating TLS connections to violate beliefs in web applications. In WOOT’13: 7th USENIX Workshop on Offensive Technologies, 2013.
42. F. K. Soong and E.-F. Huang. A tree-trellis based fast search for finding the n-best sentence hypotheses in continuous speech recognition. In Acoustics, Speech, and Signal Processing, 1991. ICASSP-91., 1991 International Conference on, pages 705–708. IEEE, 1991.
43. A. Stubblefield, J. Ioannidis, and A. D. Rubin. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Trans. Inf. Syst. Secur., 7(2), 2004.
44. E. Tews and M. Beck. Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security, WiSec ’09, 2009.
45. E. Tews, R.-P. Weinmann, and A. Pyshkin. Breaking 104 bit WEP in less than 60 seconds. In Information Security Applications, pages 188–202. Springer, 2007.
46. Y. Todo, Y. Ozawa, T. Ohigashi, and M. Morii. Falsification attacks against WPA-TKIP in a realistic environment. IEICE Transactions, 95-D(2), 2012.
47. T. Van Goethem, P. Chen, N. Nikiforakis, L. Desmet, and W. Joosen. Large-scale security analysis of the web: Challenges and findings. In TRUST, 2014.
48. M. Vanhoef and F. Piessens. Practical verification of WPA-TKIP vulnerabilities. In ASIACCS, 2013.
49. M. Vanhoef and F. Piessens. Advanced Wi-Fi attacks using commodity hardware. In ACSAC, 2014.
50. S. Vaudenay and M. Vuagnoux. Passive–only key recovery attacks on RC4. In Selected Areas in Cryptography, pages 344–359. Springer, 2007.