Cryptology ePrint Archive: Report 2013/476
Some results on RC4 in WPA
Sourav Sen Gupta and Subhamoy Maitra and Willi Meier and Goutam Paul and Santanu Sarkar
Abstract: Motivated by the work of AlFardan et al 2013, in this paper we present several results related to RC4 non-randomness in WPA. We first prove the interesting zig-zag distribution of the first byte and the similar nature for the biases in the initial keystream bytes to zero. As we note, this zig-zag nature surfaces due to the dependency of first and second key bytes in WPA/TKIP, both derived from the same byte of the IV. Further, we also note that the correlation of certain keystream bytes to the first three IV bytes provides much higher biases than what had been presented in the work by AlFardan et al 2013. We notice that the correlations of the keystream bytes with publicly known IV values of WPA potentially strengthens the practical plaintext recovery attack on the protocol; formulation of the exact details related to this attack is in progress.
Category / Keywords: RC4, Bias, Plaintext Recovery, TKIP, WPA.
Date: received 3 Aug 2013, last revised 23 Oct 2013
Contact author: sg sourav at gmail com
Available format(s): PDF | BibTeX Citation
Note: This is a major revision of the previous version; includes some significant new results and work in progress.
Version: 20131024:043023 (All versions of this report)
Short URL: ia.cr/2013/476
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]