On the anaysis of stream cipher and its implementation

2013 Fiscal Year Final Research Report

• Project/Area Number: 23560455
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Research Field: Communication/Network engineering
• Research Institution: Kobe University
• Principal Investigator: MORII Masakatu 神戸大学, 工学(系)研究科(研究院), 教授 (00220038)
• Project Period (FY): 2011 – 2013
• Keywords: ストリーム暗号 / 解読 / 無線LAN / RC4 / WEP / WPA-TKIP / SSL-TLS / 脆弱性

Research Abstract

Stream cipher is a widely-used in secured protocols. Especially, RC4 is adopted in a lot of standard protocols such as WEP, WPA and SSL/TLS as a standard encryption algorithm. We present the evaluation of these protocols based on the stream cipher. Firstly, we proposed practical plaintext recovery attacks on RC4 in SSL/TLS in the broadcast setting, independently. We give an active attack, which is a method to slide the position of a target plaintext byte into later byte of the plaintext. Our attack injects any bytes into the head of the plaintext by using malicious JavaScript. It causes improvement in probability for recovering a lot of plaintext bytes. Secondly, we propose a secure WEP operation against key recovery attacks. The proposed method requires for attackers at least 100,000 packets to recover the WEP key. At last, we propose an executable attack in a real environment without requiring the man-in-the-middle attack on WPA-TKIP.

Research Products

• [Journal Article] Comprehensive Analysis of Initial Keystream Biases of RC4 (2014)
  • Author(s): Takanori Isobe,Toshihiro Ohigashi,Yuhei Watanabe,Masakatu Morii
  • Journal Title: IEICE Trans.Fundamentals Volume: vol.EA97 A Pages: 139-151
  • Peer Reviewed
• [Journal Article] Full Plaintext Recovery Attack on Broadcast RC4 (2013)
  • Author(s): Takanori Isobe,Toshihiro Ohigashi,Yuhei Watanabe,and Masakatu Morii
  • Journal Title: 20th Int.Workshop on Fast Software Encryption (FSE2013) Volume: LNCS,Springer Verlag Pages: 1-18
  • Peer Reviewed
• [Journal Article] Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack (2013)
  • Author(s): Takanori Isobe,Toshihiro Ohigashi,Masakatu Morii
  • Journal Title: Journal of information processing Volume: vol.21 Pages: 599-606
  • Peer Reviewed
• [Journal Article] Proposal of a Secure WEP Operation against Existing Key Recovery Attacks and its Evaluation (2012)
  • Author(s): Tsubasa Tsukaune,Yosuke Todo,and Masakatu Morii
  • Journal Title: Proc.AsiaJCIS2012 Volume: vol.1 Pages: 1-6
  • Peer Reviewed
• [Journal Article] Slide Cryptanalysis of Lightweight Stream Cipher RAKAPOSHI (2012)
  • Author(s): Takanori Isobe,Toshihiro Ohigashi,and Masakatu Morii
  • Journal Title: The 7th Int.Workshop on Security (IWSEC2012) Volume: LNCS 7631,Springer Verlag Pages: 138-155
  • Peer Reviewed
• [Journal Article] Authentication Scheme with User Anonymity Based on Three Party Structure for Wireless Environments (2011)
  • Author(s): Ryoichi Isawa and Masakatu Morii
  • Journal Title: Proceedings of The 6th Joint Workshop on Information Security (JWIS2011) Volume: vol.1 Pages: 1-8
  • Peer Reviewed
• [Journal Article] AES Flow Interception : Key Snooping Method on Virtual Machine Exception Handling Attack for AES NI (2011)
  • Author(s): Tatsuya Takehisa,Hiroki Nogawa,and Masakatu Morii
  • Journal Title: The 6th Joint Workshop on Information Security (JWIS2011) Volume: vol.1 Pages: 9-16
  • Peer Reviewed
• [Journal Article] Cryptanalysis for RC4 and breaking WEP/WPA TKIP (2011)
  • Author(s): Masakatu Morii and Yosuke Todo
  • Journal Title: IEICE Trans.Information and Systems Volume: vol.E94 D Pages: 2087-2094
  • Peer Reviewed
• [Journal Article] Falsification attacks against WPA TKIP in a realistic environment (2011)
  • Author(s): Yosuke Todo,Yuki Ozawa,Toshihiro Ohigashi,and Masakatu Morii
  • Journal Title: IEICE Trans.on Information and Systems Volume: vol.E95 D Pages: 588-595
  • Peer Reviewed
• [Presentation] SSL/TLSのRC4へのActive Attack (2014)
  • Author(s): 大東俊博,五十部孝典,渡辺優平,野島良,森井昌克
  • Organizer: 信学技法
  • Place of Presentation: 名護(ICSS)
  • Year and Date: 20140300
• [Presentation] WEPにおけるStrong IVの評価とその実装 (2014)
  • Author(s): 入山敬大,渡辺優平,森井昌克
  • Organizer: SCIS2014
  • Place of Presentation: 鹿児島
  • Year and Date: 20140100
• [Presentation] SSL/TLSでのRC4に対する平文回復攻撃の改良 (2014)
  • Author(s): 渡辺優平,森井昌克
  • Organizer: SCIS2014
  • Place of Presentation: 鹿児島
  • Year and Date: 20140100
• [Presentation] 高速WEP解読法 (2013)
  • Author(s): 飯塚大貴,渡辺優平,長尾篤,森井昌克
  • Organizer: コンピュータセキュリティシンポジウム(CSS2013)
  • Place of Presentation: 高松
  • Year and Date: 20131000
• [Presentation] Expanding Weak Key Space of RC4 (2013)
  • Author(s): Atsushi Nagao, Toshihiro Ohigashi, Takanori Isobe, and Masakatu Morii
  • Organizer: SCIS2013
  • Place of Presentation: Kyoto
  • Year and Date: 20130100
• [Presentation] New Biases of RC4 and its Application to Disitingushing, Key Recovery, Plaintext Recovery Attacks (2013)
  • Author(s): Yuhei Watanabe, Takanori Isobe, Toshihiro Ohigashi, and Masakatu Morii
  • Organizer: SCIS2013
  • Place of Presentation: Kyoto
  • Year and Date: 20130100
• [Presentation] How to break WEP/WPA-TKIP; Attack on RC4 and other stream ciphers (2012)
  • Author(s): Masakatu Morii
  • Organizer: AsiaJCIS2013
  • Place of Presentation: Tokai Univ., Japan
  • Year and Date: 20120800
• [Presentation] 既存鍵回復攻撃を困難にするWEPの運用とその評価 (2011)
  • Author(s): 塚畝翼,藤堂洋介,森井昌克
  • Organizer: 信学技報
  • Place of Presentation: 大阪(ISEC)
  • Year and Date: 20111100
• [Presentation] 既存鍵回復攻撃を無効にするWEP運用の提案 (2011)
  • Author(s): 塚畝翼,藤堂洋介,森井昌克
  • Organizer: 信学技報
  • Place of Presentation: 松山(LOIS)
  • Year and Date: 20110900