Sciweavers

ASIACRYPT
2005
Springer

A Practical Attack on the Fixed RC4 in the WEP Mode

14 years 6 months ago
A Practical Attack on the Fixed RC4 in the WEP Mode
In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’ correlation or the RC4 glimpse, can be used to attack RC4 in several modes. Our main result is a practical key recovery attack on RC4 when an IV modifier is concatenated to the beginning of a secret root key to generate a session key. As opposed to the WEP attack from [FMS01] the new attack is applicable even in the case where the first 256 bytes of the keystream are thrown and its complexity grows only linearly with the length of the key. In an exemplifying parameter setting the attack recovers a 16-byte key in 248 steps using 217 short keystreams generated from different chosen IVs. A second attacked mode is when the IV succeeds the secret root key. We mount a key recovery attack that recovers the secret root key by analyzing a single word from 222 keystreams generated from different IV...
Itsik Mantin
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where ASIACRYPT
Authors Itsik Mantin
Comments (0)