Volume 13 , Issue 2 , PP: 75-83, 2024 | Cite this article as | XML | Html | PDF | Full Length Article
Sura Mahroos 1 * , Rihab Hazim 2 , AbdulRahman Kareem Oliwe 3 , Nadia Mohammed 4 , Yaqeen Saad 5 , Ali Makki 6 , Ibrahiem El Emary 7
Doi: https://doi.org/10.54216/JCIM.130206
RC4 is one of the most widely used stream cipher algorithms. It is fast, easy and suitable for hardware and software. It is used in various applications, but it has a weakness in the distribution of generated key bytes. The first few bytes of Pseudo-Random Generation Algorithm (PRGA) key stream are biased or attached to some private key bytes and thus the analysis of key stream bytes makes it potential to attack RC4, and there is connection between the key stream bytes that make it weak and breakable by single- and double-byte biases attack. This work shows the analysis of RC4 key stream based on its non-consecutive double byte biases by using newly designed algorithm that calculates the bias in a standard time (seconds). The results are shown that the bias of RC4 keystream is proved and got the same results that were shown in the literature with less time and discover a set of new non-consecutive double byte biases in the positions (i) and (i+n). The analysis of 256 positions is required additional requirements such as supercomputer and the message passing interface environment that are not available in Iraq, therefore; the analysis is done for 32 positions.
RC4 , Key Scheduling Algorithm (KSA) , PRGA , Double Byte Bias , Non-Consecutive Double Byte Bias
[1] Robshaw, Matthew, and Olivier Billet, eds. New stream cipher designs: the eSTREAM finalists. Vol. 4986. Springer, 2008..
[2] Darch Abed Dawar, A. (2024). Enhancing Wireless Security and Privacy: A 2-Way Identity Authentication Method for 5G Networks. International Journal of Mathematics, Statistics, and Computer Science, 2, 183–198. https://doi.org/10.59543/ijmscs.v2i.9073
[3] Prasithsangaree, Phongsak, and Prashant Krishnamurthy. "Analysis of energy consumption of RC4 and AES algorithms in wireless LANs." GLOBECOM'03. IEEE Global Telecommunications Conference (IEEE Cat. No. 03CH37489). Vol. 3. IEEE, 2003..
[4] Karahan, Mehmet. New attacks RC4A and VMPC. MS thesis. Bilkent Universitesi (Turkey), 2015.
[5] Paul, Goutam. "Structural weakness of the key scheduling of RC4." Jadavpur university: IFW 2000 (2007): 4000..
[6] Hammood, Maytham M., Kenji Yoshigoe, and Ali M. Sagheer. "RC4-2S: RC4 stream cipher with two state tables." Information Technology Convergence: Security, Robotics, Automations and Communication. Dordrecht: Springer Netherlands, 2013. 13-20..
[7] Khine, Lae Lae. "A new variant of RC4 stream cipher." International Journal of Physical and Mathematical Sciences 3.2 (2009): 152-155..
[8] Mantin, Itsik, and Adi Shamir. "A practical attack on broadcast RC4." International workshop on fast software encryption. Berlin, Heidelberg: Springer Berlin Heidelberg, 2001.
[9] Fluhrer, Scott R., and David A. McGrew. "Statistical analysis of the alleged RC4 keystream generator." Fast Software Encryption: 7th International Workshop, FSE 2000 New York, NY, USA, April 10–12, 2000 Proceedings 7. Springer Berlin Heidelberg, 2001.
[10] AlFardan, Nadhem J., et al. "On the security of RC4 in TLS and WPA." USENIX Security Symposium. Vol. 173. 2013.
[11] Hammood, Maytham M., and Kenji Yoshigoe. "Previously overlooked bias signatures for RC4." 2016 4th International Symposium on Digital Forensic and Security (ISDFS). IEEE, 2016.
[12] Searan, S. M., A. M. Sagheer, and M. M. Hammood. "Analyzing of RC4 Algorithm Based on Its Single and Double Byte Bias by Using New Algorithms." International Conference on Change, Innovation, Informatics and Disruptive Technology, London–UK. 2016.
[13] Hammood, Maytham M., Kenji Yoshigoe, and Ali M. Sagheer. "RC4 stream cipher with a random initial state." Information Technology Convergence: Security, Robotics, Automations and Communication. Springer Netherlands, 2013.
[14] Garman, Christina, Kenneth G. Paterson, and Thyla Van der Merwe. "Attacks Only Get Better: Password Recovery Attacks Against {RC4} in {TLS}." 24th USENIX Security Symposium (USENIX Security 15). 2015.
[15] Maitra, Subhamoy, and Goutam Paul. "Analysis of RC4 and proposal of additional layers for better security margin." Progress in Cryptology-INDOCRYPT 2008: 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings 9. Springer Berlin Heidelberg, 2008.
[16] Orumiehchiha, Mohammad Ali, et al. "Cryptanalysis of RC4 (n, m) Stream Cipher." Proceedings of the 6th International Conference on Security of Information and Networks. 2013.
[17] Maitra, Subhamoy, and Goutam Paul. "New form of permutation bias and secret key leakage in keystream bytes of RC4." Fast Software Encryption: 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers 15. Springer Berlin Heidelberg, 2008.
[18] Hammood, Maytham M., Kenji Yoshigoe, and Ali M. Sagheer. "Enhancing security and speed of RC4." International Journal of Computing and Network Technology 3.02 (2015).
[19] Roos, Andrew. "A class of weak keys in the RC4 stream cipher." (1995).
[20] Pardeep, P., and P. K. Pateriya. "PC 1-RC4 and PC 2-RC4 algorithms: Pragmatic enrichment algorithms to enhance RC4 stream cipher algorithm." International Journal of Computer Science and Network 1.3 (2012): 2277-5420.
[21] Ohigashi, Toshihiro, et al. "How to recover any byte of plaintext on RC4." International Conference on Selected Areas in Cryptography. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013.
[22] Searan, Sura M., and Ali M. Sagheer. "Modification of RC4 algorithm by using two state tables and initial state factorial." International Journal of
