Analysing and exploiting the Mantin biases in RC4. / Bricout, Remi; Murphy, Sean; Paterson, Kenneth; Van Der Merwe, Thyla.

In: Designs, Codes and Cryptography, Vol. 86, No. 4, 04.2018, p. 743–770.

Research output: Contribution to journalArticlepeer-review

Published

Standard

Analysing and exploiting the Mantin biases in RC4. / Bricout, Remi; Murphy, Sean; Paterson, Kenneth; Van Der Merwe, Thyla.

In: Designs, Codes and Cryptography, Vol. 86, No. 4, 04.2018, p. 743–770.

Research output: Contribution to journalArticlepeer-review

Harvard

APA

Vancouver

Author

Bricout, Remi ; Murphy, Sean ; Paterson, Kenneth ; Van Der Merwe, Thyla. / Analysing and exploiting the Mantin biases in RC4. In: Designs, Codes and Cryptography. 2018 ; Vol. 86, No. 4. pp. 743–770.

BibTeX

@article{bb8aad9ba52447d8b3a8bd1e76f1db96,
title = "Analysing and exploiting the Mantin biases in RC4",
abstract = "We explore the use of the Mantin biases (Mantin, Eurocrypt 2005) to recover plaintexts from RC4-encrypted traffic. We provide a more fine-grained analysis of these biases than in Mantin{\textquoteright}s original work. We show that, in fact, the original analysis was incorrect in certain cases: the Mantin biases are sometimes non-existent, and sometimes stronger than originally predicted. We then show how to use these biases in a plaintext recovery attack. Our attack targets two unknown bytes of plaintext that are located close to sequences of known plaintext bytes, a situation that arises in practice when RC4 is used in, for example, TLS. We provide a statistical framework that enables us to make predictions about the performance of this attack and its variants. We then extend the attack using standard dynamic programming techniques to tackle the problem of recovering longer plaintexts, a setting of practical interest in recovering HTTP session cookies and user passwords that are protected by RC4 in TLS. We perform experiments showing that we can successfully recover 16-byte plaintexts with 80% success rate using 231231 ciphertexts, an improvement over previous attacks.",
author = "Remi Bricout and Sean Murphy and Kenneth Paterson and {Van Der Merwe}, Thyla",
year = "2018",
month = apr,
doi = "10.1007/s10623-017-0355-3",
language = "English",
volume = "86",
pages = "743–770",
journal = "Designs, Codes and Cryptography",
issn = "0925-1022",
publisher = "Springer Netherlands",
number = "4",

}

RIS

TY - JOUR

T1 - Analysing and exploiting the Mantin biases in RC4

AU - Bricout, Remi

AU - Murphy, Sean

AU - Paterson, Kenneth

AU - Van Der Merwe, Thyla

PY - 2018/4

Y1 - 2018/4

N2 - We explore the use of the Mantin biases (Mantin, Eurocrypt 2005) to recover plaintexts from RC4-encrypted traffic. We provide a more fine-grained analysis of these biases than in Mantin’s original work. We show that, in fact, the original analysis was incorrect in certain cases: the Mantin biases are sometimes non-existent, and sometimes stronger than originally predicted. We then show how to use these biases in a plaintext recovery attack. Our attack targets two unknown bytes of plaintext that are located close to sequences of known plaintext bytes, a situation that arises in practice when RC4 is used in, for example, TLS. We provide a statistical framework that enables us to make predictions about the performance of this attack and its variants. We then extend the attack using standard dynamic programming techniques to tackle the problem of recovering longer plaintexts, a setting of practical interest in recovering HTTP session cookies and user passwords that are protected by RC4 in TLS. We perform experiments showing that we can successfully recover 16-byte plaintexts with 80% success rate using 231231 ciphertexts, an improvement over previous attacks.

AB - We explore the use of the Mantin biases (Mantin, Eurocrypt 2005) to recover plaintexts from RC4-encrypted traffic. We provide a more fine-grained analysis of these biases than in Mantin’s original work. We show that, in fact, the original analysis was incorrect in certain cases: the Mantin biases are sometimes non-existent, and sometimes stronger than originally predicted. We then show how to use these biases in a plaintext recovery attack. Our attack targets two unknown bytes of plaintext that are located close to sequences of known plaintext bytes, a situation that arises in practice when RC4 is used in, for example, TLS. We provide a statistical framework that enables us to make predictions about the performance of this attack and its variants. We then extend the attack using standard dynamic programming techniques to tackle the problem of recovering longer plaintexts, a setting of practical interest in recovering HTTP session cookies and user passwords that are protected by RC4 in TLS. We perform experiments showing that we can successfully recover 16-byte plaintexts with 80% success rate using 231231 ciphertexts, an improvement over previous attacks.

U2 - 10.1007/s10623-017-0355-3

DO - 10.1007/s10623-017-0355-3

M3 - Article

VL - 86

SP - 743

EP - 770

JO - Designs, Codes and Cryptography

JF - Designs, Codes and Cryptography

SN - 0925-1022

IS - 4

ER -