Rivest Cipher 4 is a type of encryption that has been around since the 1980s. It’s one of the most common and earliest stream ciphers. It has been widely used in the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols, Wireless Equivalent Protocol (WEP), and IEEE 802.11 wireless LAN standard.
While its use has been quite widespread over the years because of its speed and ease of use, today, RC4 is considered to pose many security risks.
Below you can find a detailed review of what RC4 is and its vulnerabilities.
SSL RC4 Security Assessment
CVSS Vector: AV:N/AC:M/AU:N/C:P/I:N/A:N
As a whole, RC4 has served its role in a wide variety of uses but is now mostly being avoided because of the different vulnerabilities it’s prone to.
What Is RC4 and How Does Its Encryption Work?
The server supports RC4 (Rivest Cipher 4), a cipher stream that is considered.
RC4 is an abbreviation of Rivest Cipher 4. It’s sometimes referred to as ARC4 or ARCFOUR as well. When combined with a plaintext file, it can be used for encryption with the Exclusive Or (X-OR) operation.
RC4 is a stream cipher that was created by Ron Rivest for the network security company RSA Security back in 1987. That’s why it has also become known as ‘Ron’s Code.’
Stream ciphers work byte by byte on a data stream. RC4, in particular, is a variable key-size stream cipher using 64-bit and 128-bit sizes. The cipher uses a permutation and two 8-bit index pointers to generate the keystream. The permutation itself is done with the Key Scheduling Algorithm (KSA) and then is entered into a Pseudo-Random Generation Algorithm (PRG), which generates a bitstream.
The pseudorandom stream that the RC4 generates is as long as the plaintext stream. Then through the Exclusive Or (X-OR) operation, the stream and the plaintext generate the ciphertext. Unlike stream ciphers, block ciphers separate plaintext into different blocks. Then it attaches to the blocks the plaintext and performs encryption on the blocks.
What does the encryption procedure look like for RC4? First, the user enters a plaintext file and an encryption key. Then, the RC4 encryption engine generates keystream bytes with the help of the Key Scheduling Algorithm and the Pseudo-Random Generation Algorithm. The X-OR operation is executed byte-by-byte, and the byte output is the encrypted text, which the receiver gets. Once they decrypt it through a byte-by-byte X-OR operation, they can access the plaintext stream.
Different Types of RC4
A couple of RC4 variants have been developed to address security issues.
- Spritz — can build cryptographic hash functions, an encryption algorithm supporting Authenticated Encryption with Associated Data (AEAD), and Deterministic Random Bit Generator (DRBG)
- RC4A — suggested as a more secure variant of RC4, but there were issues with randomization of numbers in the cipher
- Variably Modified Permutation Composition (VMPC) — another variant seeking better security, but also struggling with number randomization
- RC4A+ — a more detailed, longer and advanced version of RC4, and RC4A with a three-phase key schedule, and has proven to be more secure
Despite the benefits of these variants, RC4’s use is not deemed secure anymore.
Applications of RC4 Encryption
RC4 gained massive popularity and had standard implementations in commercial applications over the years. It has been known for being a quick, uncomplicated, and affordable encryption method.
The main advantages of RC4 include simplicity of implementation and use and the speed of operation and deployment. It allows working with massive data streams in an efficient and fast way. RC4 stream ciphers are also light in terms of memory use.
Over time and in light of cyber attacks over the last years, however, there are recommendations to stop the use of RC4 encryption techniques due to evidence of weaknesses. Other disadvantages were spotted, too, such as not working with small data streams and requiring extra analysis before incorporating new systems.
In 2015, the Internet Engineering Task Force (IETF) prohibited the RC4 use in TLS protocols. Microsoft and Mozilla have also published recommendations on limiting the application of RC4 because of threat vulnerabilities.
RC4 Vulnerability and Attacks
Despite RC4’s wide range of advantages, numerous vulnerabilities have been identified. As a result, it is now considered insecure as a form of encryption and is more and more rarely used.
For example, since RC4 doesn’t require authentication, a Manipulator-in-the-Middle attack (MITM) can be executed. Also, since RC4 is a stream cipher and not a block cipher, it’s more vulnerable to a bit-flipping attack. Finally, RC4 has also been found to be susceptible to plaintext recovery attacks and several other security risks.
Here are the most prominent RC4 issues and attacks identified over the years:
- Roos’ biases: there are a keystream-key correlation and permutations-key correlations, as well as other types of biases
- Biased outputs: RC4 produces keystreams that can be biased to different extents, which makes them vulnerable to distinguishing attacks
- Fluhrer Mantin Shamir attack: the first bytes of RC4 keystreams are not random and thus expose information about the key, which opens the doors for WEP attacks
- Andreas Klein attack: like in previous attacks, even more correlations between the key and the RC4 keystream were discovered
- Combinatorial problems: problems with the number of inputs and outputs were discovered
- Royal Holloway attack: security researchers at the Information Security Group at Royal Holloway, University of London identified breaches and attack scenarios that can affect TLS and SSL protocols and WPA/TKIP implementations
- Bar-mitzvah attack: RC4 ciphers can be used to attack SSL protocols
- Numerous Occurrence MOnitoring & Recovery Exploit (NOMORE) attack: vulnerabilities for both TLS protocols and WPA/TKIP were discovered, including the Fluhrer−McGrew biases
Whether you’re still using RC4 or not, you can use Crashtest Security’s SSL/TLS Scanner to identify and stop potential cyber threats to your systems.