Score:1

Does Wikipedia's WEP - RC4 example really demonstrate a related key attack or just an IV reuse attack?

in flag

On Wikipedia's Related Key attacks page, there is a section about WEP as an example to related key attacks.

Encryption uses the RC4 algorithm, a stream cipher. It is essential that the same key never be used twice with a stream cipher. To prevent this from happening, WEP includes a 24-bit initialization vector (IV) in each message packet. The RC4 key for that packet is the IV concatenated with the WEP key. WEP keys have to be changed manually and this typically happens infrequently. An attacker therefore can assume that all the keys used to encrypt packets share a single WEP key. This fact opened up WEP to a series of attacks which proved devastating. The simplest to understand uses the fact that the 24-bit IV only allows a little under 17 million possibilities. Because of the birthday paradox, it is likely that for every 4096 packets, two will share the same IV and hence the same RC4 key, allowing the packets to be attacked. [Bolds are mine]

RC4 accepts 40–2048 bits key sizes. The WEP designer selected some parts of the key as an IV to the input for RC4.

Actually, this attack purely uses the (IV,key) pair reuse. The attacker just waits for the collision to attack. This is common in any stream cipher.

What does make this a related key attack? In a related-key attack, don't we combine some distinct but related keys to attack the cipher?

Score:3
my flag

Actually, this attack purely uses the (IV,key) pair reuse.

Actually, the page references two attacks. The first one (which is more expressly spelled out) isn't, as you pointed out, not really a "related key attack" - instead, it is more of an "identical key attack".

However, that isn't the attack that caused WEP to be deprecated. The page also references that attack, starting with the sentence "More devastating attacks take advantage of certain weak keys in RC4...". What that is refering to is an attack that used a number of different IVs to recover the key - it turns out that some IVs set up the permutation in such a way that the first byte generated is correlated to one of the later key bytes; from the ciphertext packet, it is easy to recompute the first byte generated by RC4 (as the first plaintext byte is always the same), and so by observing enough packets, you can recover the key.

And, because this is a weakness by observing a number of different RC4 keys with a known relation, this specific attack is a related key attack.

kelalaka avatar
in flag
Poncho, thanks for the answer. I'm really concerned about the first part. If we consider all of the input as key by the design of the RC4, it is more about "identical key attack". I've looked in the view of the designer. This part is confusing people. The more devastating attack is the related key attack. I guess the editor tried to make an introduction that failed.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.