Paper 2013/748

Plaintext Recovery Attacks Against WPA/TKIP

Kenneth G. Paterson, Bertram Poettering, and Jacob C. N. Schuldt

Abstract

We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification. These biases permit us to mount an effective statistical, plaintext-recovering attack in the situation where the same plaintext is encrypted in many different frames (the so-called ``broadcast attack'' setting). We assess the practical impact of these attacks on WPA/TKIP.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
kenny paterson @ rhul ac uk
History
2014-03-01: revised
2013-11-17: received
See all versions
Short URL
https://ia.cr/2013/748
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/748,
      author = {Kenneth G.  Paterson and Bertram Poettering and Jacob C. N.  Schuldt},
      title = {Plaintext Recovery Attacks Against {WPA}/{TKIP}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/748},
      year = {2013},
      url = {https://eprint.iacr.org/2013/748}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.