Guest Lecture: Plaintext Recovery Attacks Against WPA/TKIP

Speaker: Prof. Kenny Paterson, Royal Holloway, University of London
UCL Contact: Steve Marchant (Visitors from outside UCL please email in advance).
Date/Time: 22 Jan 14, 14:00 - 15:00
Venue: Cruciform B404


We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification. These biases permit us to mount a statistical, plaintext-recovering attack in the situation where the same plaintext is encrypted in many different frames (the so-called ``broadcast attack'' setting). We assess the practical impact of these attacks on WPA/TKIP.
Joint work with Bertram Poettering and Jacob Schuldt.

Prof. Kenny Paterson

Kenny Paterson obtained a BSc. in 1990 from the University of Glasgow and a Ph.D. from the University of London in 1993, both in Mathematics. Kenny was then a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, from 1993 to 1994. After that, he was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London from 1994 to 1996. In 1996, he joined Hewlett-Packard Laboratories Bristol, becoming a project manager in 1999. Kenny then joined the Information Security Group at Royal Holloway in 2001, becoming a Reader in 2002 and Professor in 2004. In March 2010, I commenced an EPSRC Leadership Fellowship entitled "Cryptography: Bridging Theory and Practice".