×

Big bias hunting in Amazonia: large-scale computation and exploitation of RC4 biases (invited paper). (English) Zbl 1306.94082

Sarkar, Palash (ed.) et al., Advances in cryptology – ASIACRYPT 2014. 20th international conference on the theory and application of cryptology and information security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Proceedings, Part I. Berlin: Springer (ISBN 978-3-662-45610-1/pbk). Lecture Notes in Computer Science 8873, 398-419 (2014).
Summary: RC4 is (still) a very widely-used stream cipher. Previous work by N. J. AlFardan et al. [“On the security of RC4 in TLS.” In: USENIX Security. USENIX Association (2013), https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls] and K. G. Paterson et al. [“Plaintext recovery attacks against WPA/TKIP.” In: FSE 2014, Lect. Notes Comput. Sci. (to appear, 2014)) exploited the presence of biases in the RC4 keystreams to mount plaintext recovery attacks against TLS-RC4 and WPA/TKIP. We improve on the latter work by performing large-scale computations to obtain accurate estimates of the single-byte and double-byte distributions in the early portions of RC4 keystreams for the WPA/TKIP context and by then using these distributions in a novel variant of the previous plaintext recovery attacks. The distribution computations were conducted using the Amazon EC2 cloud computing infrastructure and involved the coordination of \(2^{13}\) hyper-threaded cores running in parallel over a period of several days. We report on our experiences of computing at this scale using commercial cloud services. We also study Microsoft’s Point-to-Point Encryption protocol and its use of RC4, showing that it is also vulnerable to our attack techniques.
For the entire collection see [Zbl 1301.94003].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI