Is this the death knell for the RC4 encryption algorithm?
It has been known for quite some time that the RC4 cryptographic cypher – used in popular Internet protocols such as TLS and HTTPS – is vulnerable to attack, but two security researchers from University of Leuven have hopefully put the final nail in that particular coffin.
With their research, which they are set to present to the audience at the upcoming USENIX Security Symposium 2015, they have proven that an attacker can decrypt web cookies encrypted with RC4 in mere 52 hours, and wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol (which uses RC4 as its cipher) in less than an hour.
“By obtaining the cookie of a victim, an attacker can log into a website as if he were the victim. This means the attacker can perform actions under the victim’s name (e.g. post status updates and send messages), gain access to personal information (e.g. to emails and chat history), and so on,” they explained. A successful attack against WPA-TKIP can allow an attacker to inject and decrypt arbitrary packets.
Their attacks abused two types of statistical biases present in the keystream, which allows the decryption of any (plaintext) data or information that is repeatedly encrypted (and not just web cookies).
RC4’s popularity and success is based on its speed and simplicity. At the moment, an estimated 30 percent of all HTTPS sessions use RC4, and the researchers hope their result will spur the start of widespread sunsetting of the algorithm.
“Our work significantly reduces the execution time of performing an attack, and we consider this improvement very worrisome. Considering there are still biases which are unused, that more efficient algorithms can be implemented, and better traffic generation techniques can be explored, we expect further improvements in the future,” they noted.
“The only good countermeasure is to stop using RC4. Nevertheless, we did observe that generating the required amount of traffic can be a bottleneck when executing the attack. Hence attacks can be made more expensive, though not prevented, by making it more difficult to generate traffic.”