Pierluigi Paganini July 16, 2015

The newest RC4 attack is a nightmare for certain HTTPS implementations, almost a third of the world’s encrypted Web connections can be cracked.

We have written several times about RC4 encryption that has been accused of being a Cryptographic disaster, now two Belgian security researchers from the University of Leuven did another discovery that highlights additional holes in the already criticized RC4.

The researchers wrote a paper that shows new attacks against RC4, which let the experts to capture cookies from his victim and decrypt the cookie in a short time, comparing with previous attacks, where it was taken more time.

The two researchers Mathy Vanhoef and Frank Piessens explained in their paper that what contributes to the significant reduction of decryption time is the discovery of new biases (linear combination of the key bytes) allowing attackers to break encryption in sites running TLS with RC4, or Wi-Fi Protected Access with WPA-TKIP, all these leading the attackers to recover the cookies.

The researchers explained how their discovery can help the attacker to decrypt a user’s website cookie, “This means the attacker can perform actions under the victim’s name (e.g. post status updates and send messages), gain access to personal information (e.g. to emails and chat history), and so on,”

Talking about the time it takes to do the decryption of a cookie, they explained it takes around 75 hours, but in some cases they could reduce it to 52 hours.

To be able to use this attack, the attacker needs to capture a number of encrypted cookies from the TLS stream, and convert them into cookies values, that after will be brute-forced.

You can see the demo of the practical attack here:

“To break WPA-TKIP we introduce a method to generate a large number of identical packets. This packet is decrypted by generating its plaintext candidate list, and using redundant packet structure to prune bad candidates. From the decrypted packet we derive the TKIP MIC key, which can be used to inject and decrypt packets. In practice the attack can be executed within an hour. We also attack TLS as used by HTTPS, where we show how to decrypt a secure cookie with a success rate of 94 percent using 9×2^27 ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin’s ABSAB bias, and brute-forcing the cookie by traversing the plaintext candidates. Using our traffic generation technique, we are able to execute the attack in merely 75 hours.” reports the paper about the WPA-TKIP part.

“While previous attacks against RC4 in TLS and WPA-TKIP were on the verge of practicality, our work pushes them towards being practical and feasible,”, We consider it surprising this is possible using only known biases, and expect these types of attacks to further improve in the future.”

Since algorithms such as SHA-1 and RC4 are being broken, there is a need to implement, new, and stronger standards in a medium term, and companies are investing more into the field to be able to provide security to their clients.

About the Author Elsio Pinto

Edited by Pierluigi Paganini

(Security Affairs –  RC4, encryption)