RC4 NOMORE Attack Overview

Overview

This lecture discusses the RC4 NOMORE attack, which exposes practical vulnerabilities in the RC4 encryption algorithm used in HTTPS and WPA-TKIP, enabling attackers to decrypt sensitive information such as web cookies and network packets.

RC4 in HTTPS and Its Weaknesses

• RC4 was widely used to encrypt HTTPS traffic but contains exploitable statistical weaknesses.
• Attackers can use these weaknesses to decrypt web cookies, enabling account takeover and unauthorized data access.
• The RC4 NOMORE attack demonstrates cookie decryption within 52–75 hours, making practical exploitation feasible.
• The attack process involves injecting malicious JavaScript, capturing many encrypted requests, and testing likely cookie values.

Demonstration and Impact

• The attack was proven in a lab setting using real devices, marking the first practical exploitation of RC4 in TLS/HTTPS.
• Successfully decrypting a 16-character cookie can be done with a 94% chance if enough encrypted traffic is collected.
• The method applies to any repeatedly encrypted data, not just cookies.
• Following the disclosure, major browsers disabled RC4, reducing its use in HTTPS/TLS to below 1%.

RC4 NOMORE Attack vs Previous Attacks

• Earlier attacks needed over 2000 hours and more requests; RC4 NOMORE reduces this to 75 hours with higher request rates.
• Previous methods targeted password decryption or depended on weaker, less frequently occurring keystream biases.
• RC4 NOMORE uses both Fluhrer-McGrew and Mantin's ABSAB biases, providing greater efficiency and practicality.

Vulnerabilities in Other Protocols

• RC4 weaknesses also affect WPA-TKIP; the attack allows decryption/injection of Wi-Fi traffic in about an hour.
• Any protocol using RC4 is considered vulnerable due to these statistical biases.

Countermeasures

• The only effective defense is to stop using RC4 in all protocols.
• Slowing down traffic generation limits attack speed but does not prevent exploitation.

Key Terms & Definitions

• RC4 — A stream cipher previously used to encrypt internet and Wi-Fi communications.
• HTTPS — Protocol securing web traffic, often with RC4 in the past.
• TLS — Protocol for secure internet communication, sometimes using RC4.
• WPA-TKIP — A Wi-Fi security protocol using RC4, now vulnerable.
• Statistical Bias — Predictable patterns in RC4's output exploitable for decryption.
• Fluhrer-McGrew Bias — Statistical bias affecting two consecutive keystream bytes in RC4.
• Mantin's ABSAB Bias — Bias causing pairs of consecutive RC4 bytes to repeat values.

Action Items / Next Steps

• Review the linked research paper "All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS".
• Ensure RC4 is disabled in all protocols and systems under your control.
• Study the provided graphs and statistical datasets for a deeper understanding of RC4 biases.