On the security of RC4 in TLS

Authors:
Nadhem J. AlFardan;Daniel J. Bernstein;Kenneth G. Paterson;Bertram Poettering;Jacob C. N. Schuldt
Affiliations:
Information Security Group, Royal Holloway, University of London;University of Illinois at Chicago and Technische Universiteit Eindhoven;Information Security Group, Royal Holloway, University of London;Information Security Group, Royal Holloway, University of London;Information Security Group, Royal Holloway, University of London
Venue:
SEC'13 Proceedings of the 22nd USENIX conference on Security
Year:
2013

Citing 11
Cited 1

Weaknesses in the Key Scheduling Algorithm of RC4

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
(Not So) Random Shuffles of RC4

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Statistical Analysis of the Alleged RC4 Keystream Generator

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4

FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Passive-only key recovery attacks on RC4

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Discovery and exploitation of new biases in RC4

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Statistical attack on RC4 distinguishing WPA

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Attack on broadcast RC4 revisited

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Predicting and distinguishing attacks on RC4 keystream generator

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Proof of empirical RC4 biases and new key correlations

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy

Proving empirical key-correlations in RC4

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto protocol standard for secured Internet and mobile applications. TLS supports several symmetric encryption options, including a scheme based on the RC4 stream cipher. In this paper, we present ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption. Our attacks build on recent advances in the statistical analysis of RC4, and on new findings announced in this paper. Our results are supported by an experimental evaluation of the feasibility of the attacks. We also discuss countermeasures.