107 research outputs found

    A practical attack on the fixed RC4 in the wep mode

    Get PDF
    Abstract. In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’ correlation or the RC4 glimpse, can be used to attack RC4 in several modes. Our main result is a practical key recovery attack on RC4 when an IV modifier is concatenated to the beginning of a secret root key to generate a session key. As opposed to the WEP attack from [FMS01] the new attack is applicable even in the case where the first 256 bytes of the keystream are thrown and its complexity grows only linearly with the length of the key. In an exemplifying parameter setting the attack recoversa16-bytekeyin2 48 steps using 2 17 short keystreams generated from different chosen IVs. A second attacked mode is when the IV succeeds the secret root key. We mount a key recovery attack that recovers the secret root key by analyzing a single word from 2 22 keystreams generated from different IVs, improving the attack from [FMS01] on this mode. A third result is an attack on RC4 that is applicable when the attacker can inject faults to the execution of RC4. The attacker derives the internal state and the secret key by analyzing 2 14 faulted keystreams generated from this key

    Image Encryption using Gingerbreadman Map And RC4A Stream Cipher

    Get PDF
    Day to day increasing flow of sensitive or confidential information, such as images, audio, video, etc., over unsecured medium (like Internet) has motivated more concentration for concrete crypto algorithms. In this paper, an image encryption algorithm based on a permutation and substitution cipher has been proposed. In permutation stage, image pixels are shuffled using gingerbreadman map while in substitution stage, pixels are bit-wise XOR-ed with the keystream generated using RC4A (Rivest Cipher 4A) stream cipher algorithm. For the proposed scheme, statistical analyses, like histogram, adjacent pixels correlation coefficient, and information entropy are given. Security analyses, like key sensitivity, occlusion analysis are also given in this paper. The occlusion analysis shows that the proposed method is resistant to the occlusion attack. These statistical and security analyses support the concreteness of the proposed method

    Randomized stopping times and provably secure pseudorandom permutation generators

    Get PDF
    Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks. We also revisit the well known paper of Mironov~\cite{Mironov2002} which analyses a card shuffle which models KSA of RC4. Mironov states that expected time till reaching uniform distribution is 2nHnn2n H_n - n while we prove that nHn+nn H_n+ n steps are enough (by finding a new strong stationary time for the shuffle). Nevertheless, both cases require O(nlog2n)O(n \log^2 n) bits of randomness while one can replace the shuffle used in RC4 (and in Spritz) with a better shuffle which is optimal and needs only O(nlogn)O(n \log n) bits

    Fast and Accurate Machine Learning-based Malware Detection via RC4 Ciphertext Analysis

    Get PDF
    Malware is dramatically increasing its viability while hiding its malicious intent and/or behavior by employing ciphers. So far, many efforts have been made to detect malware and prevent it from damaging users by monitoring network packets. However, conventional detection schemes analyzing network packets directly are hardly applicable to detect the advanced malware that encrypts the communication. Cryptoanalysis of each packet flowing over a network might be one feasible solution for the problem. However, the approach is computationally expensive and lacks accuracy, which is consequently not a practical solution. To tackle these problems, in this paper, we propose novel schemes that can accurately detect malware packets encrypted by RC4 without decryption in a timely manner. First, we discovered that a fixed encryption key generates unique statistical patterns on RC4 ciphertexts. Then, we detect malware packets of RC4 ciphertexts efficiently and accurately by utilizing the discovered statistical patterns of RC4 ciphertext given encryption key. Our proposed schemes directly analyze network packets without decrypting ciphertexts. Moreover, our analysis can be effectively executed with only a very small subset of the network packet. To the best of our knowledge, the unique signature has never been discussed in any previous research. Our intensive experimental results with both simulation data and actual malware show that our proposed schemes are extremely fast (23.06±1.52 milliseconds) and highly accurate (100%) on detecting a DarkComet malware with only a network packet of 36 bytes

    MRC4: A Modified RC4 Algorithm using Symmetric Random Function Generator for Improved Cryptographic Features

    Get PDF
    The Rivest Cipher 4 (RC4) has been one of the most popular stream ciphers for providing symmetric key encryption, and is now proposed as an efficient cipher within light-weight cryptography. As an algorithm it has been considered to be one of the fastest stream ciphers and one of the easiest to implement. Unfortunately, despite its simplicity of usage, a number of attacks on it have been found. Therefore, various improvements of this algorithm exist in cryptography, but none of them use proper randomness. This paper outlines modified version of RC4 and which has the desirable features of an efficient stream cipher algorithm, and which integrates the Symmetric Random Function Generator (SRFG) method. Though RC4 uses pseudorandom features with an initialisation vector and a seed value, the use of true randomness in RC4 is novel in this domain. Therefore, this paper proposes a modified RC4 as MRC4, and which then evaluates the statistical features of MRC4 based upon parameters such as non-linearity, resiliency, balancedness, propagation and immunity. Further, we have compared the security features and confusion-diffusion attributes with some recent variants of RC4 and have found that MRC4 is efficient in withstanding against attacks. The experimental results show that MRC4 supports a 60% better confusion property and 50% better diffusion as compared to the original RC4 method

    Deep Learning based Cryptanalysis of Stream Ciphers

    Get PDF
    Conventional cryptanalysis techniques necessitate an extensive analysis of non-linear functions defining the relationship of plain data, key, and corresponding cipher data. These functions have very high degree terms and make cryptanalysis work extremely difficult. The advent of deep learning algorithms along with the better and efficient computing resources has brought new opportunities to analyze cipher data in its raw form. The basic principle of designing a cipher is to introduce randomness into it, which means the absence of any patterns in cipher data. Due to this fact, the analysis of cipher data in its raw form becomes essential. Deep learning algorithms are different from conventional machine learning algorithms as the former directly work on raw data without any formal requirement of feature selection or feature extraction steps. With these facts and the assumption of the suitability of employing deep learning algorithms for cipher data, authors introduced a deep learning based method for finding biases in stream ciphers in the black-box analysis model. The proposed method has the objective to predict the occurrence of an output bit/byte at a specific location in the stream cipher generated keystream. The authors validate their method on stream cipher RC4 and its improved variant RC4A and discuss the results in detail. Further, the authors apply the method on two more stream ciphers namely Trivium and TRIAD. The proposed method can find bias in RC4 and shows the absence of this bias in its improved variant and other two ciphers. Focusing on RC4, the authors present a comparative analysis with some existing methods in terms of approach and observations and showed that their process is more straightforward and less complicated than the existing ones

    Tabu search against permutation based stream ciphers

    Get PDF
    Encryption is one of the most effective methods of securing data confidentiality, whether stored on hard drives or transferred (e.g. by e-mail or phone call). In this paper a new state recovery attack with tabu search is introduced. Based on research and theoretical approximation it is shown that the internal state can be recovered after checking 252 internal states for RC4 and 2180 for VMPC

    Tabu search against permutation based stream ciphers

    Get PDF
    Encryption is one of the most effective methods of securing data confidentiality, whether stored on hard drives or transferred (e.g. by e-mail or phone call). In this paper a new state recovery attack with tabu search is introduced. Based on research and theoretical approximation it is shown that the internal state can be recovered after checking 2^52 internal states for RC4 and 2^180 for VMPC
    corecore