Refined RC4 Key Correlations of Internal States in WPA

Ryoma ITO

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E99-A    No.6    pp.1132-1144
Publication Date: 2016/06/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E99.A.1132
Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
RC4,  WPA,  TKIP,  linear correlations,  

Full Text: PDF(875.8KB)>>
WPA is the security protocol for IEEE 802.11 wireless networks standardized as a substitute for WEP in 2003, and uses RC4 stream cipher for encryption. It improved a 16-byte RC4 key generation procedure, which is known as TKIP, from that in WEP. One of the remarkable features in TKIP is that the first 3-byte RC4 key is derived from the public parameter IV, and an analysis using this feature has been reported by Sen Gupta et al. at FSE 2014. They focused on correlations between the keystream bytes and the known RC4 key bytes in WPA, which are called key correlations or linear correlations, and improved the existing plaintext recovery attack using their discovered correlations. No study, however, has focused on such correlations including the internal states in WPA. In this paper, we investigated new linear correlations including unknown internal state variables in both generic RC4 and WPA. From the result, we can successfully discover various new linear correlations, and prove some correlations theoretically.

