[Resource Topic] 2013/748: Plaintext Recovery Attacks Against WPA/TKIP

Welcome to the resource topic for 2013/748

Plaintext Recovery Attacks Against WPA/TKIP

Authors: Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt


We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification. These biases permit us to mount an effective statistical, plaintext-recovering attack in the situation where the same plaintext is encrypted in many different frames (the so-called ``broadcast attack’’ setting). We assess the practical impact of these attacks on WPA/TKIP.

ePrint: https://eprint.iacr.org/2013/748

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .