WEB SECURITY THROUGH WEP ALGORITHM USING RC4 ENCRYPTION

Authors

  • Lazar Stošić Visoka škola za vaspitače strukovnih studija, Aleksinac, Republika Srbija

DOI:

https://doi.org/10.59417/nir.2013.4.33

Keywords:

: RC4 algorithm, WEP, WEP attack, KAS, PRGA, security

Abstract

This paper presents a review of some of the weaknesses of RC4 algorithm, which are presented during the research of many authors. Some of the advantages and disadvantages are displayed, along with some similarities and differences of RC4 algorithm, which were obtained in a number of research studies as well as the working principles of KSA and PRGA algorithm. It will be shown that the RC4 algorithm is completely insecure in a common mode used in the WEP (Wired Equivalent Privacy) protocol. It will also be shown that 802.11 WEP is totally insecure and its shortcomings will be explained.

References

B. Schneier (1996). Applied Cryptography, John Wiley and Sons, New York, 2nd edition.

E. Biham and Y. Carmeli (2008). “Efficient Reconstruction of RC4 Keys from Internal States”, FSE 2008, (pp. 270-288), vol. 5086, Lecture Notes in Computer Science, Springer. DOI: https://doi.org/10.1007/978-3-540-71039-4_17

G. Paul, S. Rathi and S.Maitra (2008). “Non-negligible Bias of the First Output Byte of RC4 towards the First Three Bytes of the Secret Key”, Proceedings of the International Workshop on Coding and Cryptography (WCC) 2007, pp. 285-294 and Designs, Codes and Cryptography Journal, (pp. 123-134), vol. 49, no. 1-3, December 2008. DOI: https://doi.org/10.1007/s10623-008-9177-7

I. Mantin (2001).The Security of the Stream Cipher RC4. Master`s thesis. The Weizmann Institue of Science. Octobar 2001.http://www.wisdom.wizmann.ac.il/~itsik/RC4/thesis.html

I. Mironov (2002). “(Not So) Random Shuffles of RC4”, Advances in Cryptology – CRYPTO 2002, Lecture Notes in Computer Science, 2442, Springer-Verlag, (pp. 304–319),doi:10.1007/3-540- 45708-9_20, ISBN 3-540-44050-X, Cryptology ePrint Archive: Report 2002/067, retrieved 2011- 11-04.

K. Kaukonen and R. Thayer (1999). “A Stream Cipher Encryption Algorithm Arcfour”, http://tools.ietf.org/html/draft-kaukonen-cipher-arcfour-03,Internet Engineering Task Force (IETF), July 1999.

Klein A. (2008). “Attacks on the RC4 stream cipher”, volume 48 Issue 3, (pp. 269 – 286), Designs, Codes and Cryptography, September 2008.doi>10.1007/s10623-008-9206-6. DOI: https://doi.org/10.1007/s10623-008-9206-6

L. Stošić, M. Bogdanović (2012). RC4 stream cipher and possible attacks on WEP, (IJACSA) Interna- tional Journal of Advanced Computer Science and Applications, Vol. 3, No. 3, march 2012, (pp. 110-114), ISSN 2156-5570 (Online), ISSN 2158-107X (Print), DOI: https://doi.org/10.14569/IJACSA.2012.030319

https://www.thesai.org/Downloads/Volume3No3/Paper19-

RC4_Stream_Cipher_And_Possible_Attacks_On_WEP.pdf

LAN/MAN Standard Committee (1999). Wireless LAN medium access control (MAC) and physical layer (PHY) specifications, 1999 edition, IEEE standard 802.11, IEEE Computer Society.

M. Biriyukov, A. Shamir, and D. Wagner (2000). “Real time cryptanalysis of A5/1 on a PC”, FSE: Fast Software Encryption, (pp. 1-18). DOI: https://doi.org/10.1007/3-540-44706-7_1

Mantin (2001). The Security of the stream cipher RC4. Master`s thesis. The Weizmann Institue of Science. Octobar 2001.http://www.wisdom.wizmann.ac.il/~itsik/RC4/thesis.html

N. Borisov, I. Goldberg, and D. Wagner (2001). “Intercepting mobile communications: the insecurity of 802.11”, In ACM MobiCom 2001, (pp. 180-189).ACM Press, 2001. DOI: https://doi.org/10.1145/381677.381695

R. Basu, S. Maitra, G. Paul and T. Talukdar (2009). “Some Sequences of the Secret Pseudo-random Index j in RC4 Key Scheduling”, Proceedings of the 18th International Symposium on Applied Algebra, Algebraic Algorithms and Error Correcting Codes (AAECC), June 8-12, 2009, Tarrago- na, Spain, (pp. 137-148), vol. 5527, Lecture Notes in Computer Science, Springer. DOI: https://doi.org/10.1007/978-3-642-02181-7_15

S. R. Fluhrer, I. Mantin, and A. Shamir (2001). “Weaknesses in the key scheduling algorithm of RC4”, In Serge Vaudenay and Amr M. Youssef, editors, Selected Areas in Cryptography 2001, volume 2259 of Lecture Notes in Computer Science, (pp. 1-24). Springer, 2001. DOI: https://doi.org/10.1007/3-540-45537-X_1

Stubble, J. Ioannidis, and A. D. Rubin (2004). “A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)”, ACM Transactions on Information and System Security, Volume 7 Issue 2, May 2004, (pp. 319-332). DOI: https://doi.org/10.1145/996943.996948

T. Dierks and C. Allen (1999). The TLS Protocol, Version 1.0, Internet Engineering Task Force, January 1999. DOI: https://doi.org/10.17487/rfc2246

V. Tomašević, S. Bojanić, O. Nieto-Taladriz (2007). “Finding an internal state of RC4 stream cip- her”, Information Sciences, Volume 177, issue 7, 01. April, 2007, (pp.1715-1727). DOI: https://doi.org/10.1016/j.ins.2006.10.010

W. Mao (2004). Modern Cryptography Theory and Practice, Prentice Hall, New Jersey, 2004.

W. Stilings (2006). Cryptography and Network Security Principles and practices, Fourth Edition, PEARSON, USA, 2006.

Downloads

Published

01-12-2013

How to Cite

Stošić, Lazar. 2013. “WEB SECURITY THROUGH WEP ALGORITHM USING RC4 ENCRYPTION”. NIR 1 (4):33. https://doi.org/10.59417/nir.2013.4.33.

Issue

No. 4 (2013): NIR

Section

Articles

License

Copyright (c) 2013 NIR

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.