Plaintext Recovery Attacks Against WPA/TKIP [chapter]

Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt
2015 Lecture Notes in Computer Science  
We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification. These biases permit us to mount an effective statistical, plaintext-recovering attack in the
more » ... tuation where the same plaintext is encrypted in many different frames (the so-called "broadcast attack" setting). We assess the practical impact of these attacks on WPA/TKIP.
doi:10.1007/978-3-662-46706-0_17 fatcat:ilgc2xoekndrjdktfsmuojuedm