Smashing WEP in A Passive Attack

In this paper, we report extremely fast and optimised active and passive attacks against the old IEEE 802.11 wireless communication protocol WEP. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimisation of all the former known attacks and methodologies against RC4 stream cipher in WEP mode. We support all our claims by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attacks improve its success probability drastically. We adapt our theoretical analysis in Eurocrypt 2011 to real-world scenarios and we perform a slight adjustment to match the empirical observations. Our active attack, based on ARP injection, requires 22 500 packets to gain success probability of 50% against a 104-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than 5 seconds on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around 3% success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires 27 500 packets. This is much less than the number of packets Aircrack-ng requires in active mode (around 37 500), which is a huge improvement.We believe that our analysis brings on further insight to the security of RC4

RC4 Encryption-A Literature Survey

AbstractA chronological survey demonstrating the cryptanalysis of RC4 stream cipher is presented in this paper. We have summarized the various weaknesses of RC4 algorithm followed by the recently proposed enhancements available in the literature. It is established that innovative research efforts are required to develop secure RC4 algorithm, which can remove the weaknesses of RC4, such as biased bytes, key collisions, and key recovery attacks on WPA. These flaws in RC4 are still offering an open challenge for developers. Hence our chronological survey corroborates the fact that even though researchers are working on RC4 stream cipher since last two decades, it still offers a plethora of research issues. The attraction of community towards RC4 is still alive

Proving TLS-attack related open biases of RC4

After a series of works on RC4 cryptanalysis in last few years (published in flagship cryptology conferences and journals), the most significant (and also very recent) attack on the cipher has been the discovery of vulnerabilities in the SSL/TLS protocol, by AlFardan, Bernstein, Paterson, Poettering and Schuldt. They ran extensive computations to identify significant short-term single-byte keystream biases of RC4, and utilized that knowledge in the attack. The biases identified by AlFardan et al. consist of earlier known biases of RC4, as well as some newly discovered ones. In this paper, we attempt at proving the new, unproved or partially proved biases amongst the above-mentioned ones. The theoretical proofs of these biases not only assert a scientific justification, but also discover intricate patterns and operations of the cipher associated with these biases. For example, while attempting the proof of a bias of the first output byte towards 129, we observe that this bias occurs prominently only for certain lengths of the secret key of RC4. In addition, our findings reveal that this bias may be related to the old and unsolved problem of ``anomalies\u27\u27 in the distribution of the state array after the Key Scheduling Algorithm. In this connection, we prove the anomaly in $S_0[128] = 127$, a problem open for more than a decade. Other than proving the new biases, we also complete the proof for the extended keylength dependent biases in RC4, a problem attempted and partially solved by Isobe, Ohigashi, Watanabe and Morii in FSE 2013. Our new proofs and observations in this paper, along with the connection to the older results, provide a comprehensive view on the state-of-the-art literature in RC4 cryptanalysis

Algebraic Cryptanalysis of Deterministic Symmetric Encryption

Deterministic symmetric encryption is widely used in many cryptographic applications. The security of deterministic block and stream ciphers is evaluated using cryptanalysis. Cryptanalysis is divided into two main categories: statistical cryptanalysis and algebraic cryptanalysis. Statistical cryptanalysis is a powerful tool for evaluating the security but it often requires a large number of plaintext/ciphertext pairs which is not always available in real life scenario. Algebraic cryptanalysis requires a smaller number of plaintext/ciphertext pairs but the attacks are often underestimated compared to statistical methods. In algebraic cryptanalysis, we consider a polynomial system representing the cipher and a solution of this system reveals the secret key used in the encryption. The contribution of this thesis is twofold. Firstly, we evaluate the performance of existing algebraic techniques with respect to number of plaintext/ciphertext pairs and their selection. We introduce a new strategy for selection of samples. We build this strategy based on cube attacks, which is a well-known technique in algebraic cryptanalysis. We use cube attacks as a fast heuristic to determine sets of plaintexts for which standard algebraic methods, such as Groebner basis techniques or SAT solvers, are more efficient. Secondly, we develop a~new technique for algebraic cryptanalysis which allows us to speed-up existing Groebner basis techniques. This is achieved by efficient finding special polynomials called mutants. Using these mutants in Groebner basis computations and SAT solvers reduces the computational cost to solve the system. Hence, both our methods are designed as tools for building polynomial system representing a cipher. Both tools can be combined and they lead to a significant speedup, even for very simple algebraic solvers

Evil-twin framework: a Wi-Fi intrusion testing framework for pentesters

In today’s world there is no scarcity of Wi-Fi hotspots. Although users are always recommended to join protected networks to ensure they are secure, this is by far not their only concern. The convenience of easily connecting to a Wi-Fi hotspot has left security holes wide open for attackers to abuse. This stresses the concern about the lack of security on the client side of Wi-Fi capable technologies. The Wi-Fi communications security has been a concern since it was first deployed. On one hand protocols like WPA2 have greatly increased the security of the communications between clients and access points, but how can one know if the access point is legitimate in the first place? Nowadays, with the help of open-source software and the great amount of free information it is easily possible for a malicious actor to create a Wi-Fi network with the purpose of attracting Wi-Fi users and tricking them into connecting to a illegitimate Wi-Fi access point. The risk of this vulnerability becomes clear when studying client side behaviour in Wi-Fi communications where these actively seek out to access points in order to connect to them automatically. In many situations they do this even if there is no way of verifying the legitimacy of the access point they are connecting to. Attacks on the Wi-Fi client side have been known for over a decade but there still aren’t any effective ways to properly protect users from falling victims to these. Based on the presented issues there is a clear need in both, securing the Wi-Fi client side communications as well as raising awareness of the Wi-Fi technologies everyday users about the risks they are constantly facing when using them. The main contribution from this project will be a Wi-Fi vulnerability analysis and exploitation framework. The framework will focus on client-side vulnerabilities but also on extensibility for any type of Wi-Fi attack. The tool is intended to be used by auditors (penetration testers - pentesters) when performing intrusion tests on Wi-Fi networks. It also serves as a proof-of-concept tool meant to teach and raise awareness about the risks involved when using Wi-Fi technologies.Actualmente existem inúmeros pontos de acesso Wi-Fi. Apesar dos utilizadores serem sempre recomendados a utilizar redes protegidas, esta não é a única preocupação que devem ter. A conveniência de nos ligarmos facilmente a um ponto de acesso deixou grandes falhas de segurança em aberto para atacantes explorarem. Isto acentua a preocupação em relação à carência de segurança do lado cliente em tecnologias Wi-Fi. A segurança nas comunicações Wi-Fi foi uma preocupação desde os dias em que esta tecnologia foi primeiramente lançada. Por um lado, protocolos como o WPA2 aumentaram consideravelmente a segurança das comunicações Wi-Fi entre os pontos de acesso e os seus clientes, mas como saber, em primeiro lugar, se o ponto de acesso é legítimo? Hoje em dia, com a ajuda de software de código aberto e a imensa quantidade de informação gratuita, é fácil para um atacante criar uma rede Wi-Fi falsa com o objetivo de atrair clientes. O risco desta vulnerabilidade torna-se óbvio ao estudar o comportamento do lado do cliente Wi-Fi. O cliente procura activamente redes conhecidas de forma a ligar-se automaticamente a estas. Em muitos casos os clientes ligam-se sem interação do utilizador mesmo em situações em que a legitimidade do ponto de acesso não é verificável. Ataques ao lado cliente das tecnologias Wi-Fi já foram descobertos há mais de uma década, porém continuam a não existirem formas eficazes de proteger os clientes deste tipo de ataques. Com base nos problemas apresentados existe uma necessidade clara de proteger o lado cliente das comunicações Wi-Fi e ao mesmo tempo sensibilizar e educar os utilizadores de tecnologias Wi-Fi dos perigos que advêm da utilização destas tecnologias. A contribuição mais relevante deste projeto será a publicação de uma ferramenta para análise de vulnerabilidades e ataques em comunicações WiFi. A ferramenta irá focar-se em ataques ao cliente mas permitirá extensibilidade de funcionalidades de forma a possibilitar a implementação de qualquer tipo de ataques sobre Wi-Fi. A ferramenta deverá ser utilizada por auditores de segurança durante testes de intrusão Wi-Fi. Tem também como objetivo ser uma ferramenta educacional e de prova de conceitos de forma a sensibilizar os utilizadores das tecnologias Wi-Fi em relação aos riscos e falhas de segurança destas

Tornado Attack on RC4 with Applications to WEP & WPA

In this paper, we construct several tools for building and manipulating pools of biases in the analysis of RC4. We report extremely fast and optimized active and passive attacks against IEEE 802.11 wireless communication protocol WEP and a key recovery and a distinguishing attack against WPA. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimization of all the former known attacks and methodologies against RC4 stream cipher in WEP and WPA modes. We support all our claims on WEP by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attack improves its success probability drastically. Our active attack, based on ARP injection, requires 22500 packets to gain success probability of 50\% against a 104-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than 5 seconds on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around 3\% success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires 27500 packets. This is much less than the number of packets Aircrack-ng requires in active mode (around 37500), which is a huge improvement. Deploying a similar theory, we also describe several attacks on WPA. Firstly, we describe a distinguisher for WPA with complexity 2^{42} and advantage 0.5 which uses 2^{42} packets. Then, based on several partial temporary key recovery attacks, we recover the full 128-bit temporary key of WPA by using 2^{42} packets. It works with complexity 2^{96}. So far, this is the best key recovery attack against WPA. We believe that our analysis brings on further insight to the security of RC4