Paper 2013/476

Some results on RC4 in WPA

Sourav Sen Gupta and Subhamoy Maitra and Willi Meier and Goutam Paul and Santanu Sarkar

Abstract

Motivated by the work of AlFardan et al 2013, in this paper we present several results related to RC4 non-randomness in WPA. We first prove the interesting zig-zag distribution of the first byte and the similar nature for the biases in the initial keystream bytes to zero. As we note, this zig-zag nature surfaces due to the dependency of first and second key bytes in WPA/TKIP, both derived from the same byte of the IV. Further, we also note that the correlation of certain keystream bytes to the first three IV bytes provides much higher biases than what had been presented in the work by AlFardan et al 2013. We notice that the correlations of the keystream bytes with publicly known IV values of WPA potentially strengthens the practical plaintext recovery attack on the protocol; formulation of the exact details related to this attack is in progress.

Note: This is a major revision of the previous version; includes some significant new results and work in progress.