ITEM METADATA RECORD
Title: All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS
Authors: Vanhoef, Mathy
Piessens, Frank
Issue Date: 12-Aug-2015
Publisher: USENIX Association
Host Document: Proceedings of the 24th USENIX Security Symposium pages:97-112
Series Title: SEC'15
Conference: USENIX Security Symposium edition:24 location:Washington, D.C. date:12-14 August 2015
Abstract: We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases in the RC4 keystream we use statistical hypothesis tests. This reveals many new biases in the initial keystream bytes, as well as several new longterm biases. Our fixed-plaintext recovery algorithms are capable of using multiple types of biases, and return a list of plaintext candidates in decreasing likelihood.

To break WPA-TKIP we introduce a method to generate a large number of identical packets. This packet is decrypted by generating its plaintext candidate list, and using redundant packet structure to prune bad candidates. From the decrypted packet we derive the TKIP MIC key, which can be used to inject and decrypt packets. In practice the attack can be executed within an hour. We also attack TLS as used by HTTPS, where we show how to decrypt a secure cookie with a success rate of 94% using 9*2^27 ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin’s ABSAB bias, and brute-forcing the cookie by traversing the plaintext candidates. Using our traffic generation technique, we are able to execute the attack in merely 75 hours.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
rc4paper.pdf Published 345KbAdobe PDFView/Open

 


All items in Lirias are protected by copyright, with all rights reserved.