You are on page 1of 6

Securing data transmission over Wireless LAN

(802.11) by redesigning RC4 Algorithm

Kamal

Shenam Chugh
M Tech Scholar

Assistant Professor

Department of Computer Science Engineering

BRCMCET Bahal, Bhiwani

BRCMCET Bahal, Bhiwani

Bhiwani, India

Bhiwani, India

dkamal@brcm.edu.in

shenam91@gmail.com

Abstract

intended to provide an additional layer of security over

RC4 to provide better security to RC4 Algorithm and to
overcome the known weaknesses of RC4. This paper begins
by

introducing

the

RC4

algorithm.

The

key, while the purpose of PRGA is to produce pseudo

random number that the cipher text.

introductory

section gives detailed description on the architecture and

design of RC4 algorithm. In this paper to determine the
security threats on RC4, this research deeply analyze the

RC4 algorithm turns the identity permutation

with the help of secret internal key state of possible n
bits words in entire N=2n. The secret state is generated

known

attacks

on

RC4.

This

paper

proposes

three

exchanging

novel approach to increase the size of the initial vector

without increasing the overall size of the 64 bit session key
generally used in RC4 Algorithm. Third one is providing a
provision to dynamically change the secret key before
getting any possibility to crack the secret key from the
encrypted data packets. We also analyzed the results of our
proposed algorithm to many other previous modifications
on RC4. Results shows that our algorithm provides much
better security as well as encryption time efficiency than the
previous works done on RC4.
Keywords- Encryption, Decryption, Stream Cipher, RC4,
WEP, Symmetric Cryptography.

1.

RC4

is

INTRODUCTION
most widely used stream

cipher

everywhere that developed by Ronald Rivest in 1987 to

encrypt data. The name of that algorithm to it's on the
author's name called Ron's Code 4. RC4 is a very simple
candidate pseudo random generator that encrypt byte by

two

states

off memory and security requirements and thus RC4 has

8
a large state of log2(2 !) ::::; 1684 bits. In Figure 1 the
complete algorithm is shown:

Initialisation Mode:
Input: n=8,
key length (in bytes) = k;
Key : K[O...(k-l)];
for i=O to 255
S[i]=i ;
j=O;
for i=O to (n-l)
j=j+S[i]+K[i mod k];
swap(S,i,j);
Output Mode:

i=j=O;
Repeat
i=i+l;
j=j+S[i];
swap(S,i,j);

1436

output=S[S[i]+S[j]];
Until done
This

research

is indicate

as

follows. Section I

provided the introduction to RC4 and also covers the

basic components and architecture of RC4. Section II
describes literature survey of the previous work done on
RC4. Section III describes various weaknesses of RC4.
This section covers both the key based and the algorithm
based weaknesses. Section IV describes the proposed
modifications to redesign the original RC4 algorithm.
This section covers both the algorithmic based and key
based modifications over the original RC4. Section V
describes the result analysis of proposed algorithm and
comparison of results with the previous modifications on
RC4.
II.

LITERATURE REVIEW

Various researchers tried to magnify the RC4

and generate variant algorithms. Paul and Preneel [5]
traversed a new statistical weakness of the RC4 key
stream generator in the first two output bytes. They
presented that the output required of random sequence
with the presence of 128 bias of renowned the output of
RC4, and to overcome this they suggested using 256
bias. The developers were also generating a new pseudo
random number generator, RC4A, which is more
repellent against most attacks like weakness of
distribution in the first two output bytes in RC4. But, the
RC4A did not completely eliminate the autocorrelations,
and it was failed with a renowned attack by Maximov
[6]. Zoltak [4] proposed Variably Modified Permutation
Composition (VMPC) which was discovered to be
effective in software implementations and solving a
weakness found in the RC4 Key Scheduling Algorithm
(KSA) that was described by Fluhrer et al. in [7]. In
comparision of RC4 the structure of Pseudo Random
Generation Algorithm (pRGA) in VMPC was more
complex that makes it more repellent against attacks. So,
it was again failed by distinguishing attack [6].
Yu and Zhang [8] described without affecting
efficiency and simplicity its combined the RC4 state
combined
with
the
hash
function.
Message
Authentication Code (MAC) was generated by the RC4
state based on hash function. The improvement having
the properties like offset, forward, and backward of RC4
states where the authors encrpt the data to determine the
position which increased the execution time by using the
offset to ignore the first few bytes of the key. Pardeep
and Pateriya [9] developed Pardeep Cipher (PC-RC4)
which include new enhancements and magnify to RC4
algorithm. In the PC-RC4 paper, randomness in KSA
and PRGA at index location pointer are enhanced to
make it powerful and effective but it again increased the

execution time[9]. Kadry and Smaili [10] described

Vigenere RC4 (VRC4) to improve the security of RC4
by using the idea of combination of the RC4 and the
poly alphabetic cipher Vigenere. In this,firstly plain text
encrypted by using the classic RC4 cipher then re
encrypting the resulting cipher by Vigenere which results
in increased execution time and security. Mousa and
Hamad analysis the effect of different variables of the
RC4 algorithm such as file size and execution time.So,
due to the reason of encryption key length and size of
data file, the speed of encryption and decryption time is
affected[II]. Yao, et al. described that the size of the
system and execution time was increased by
improvement in the security in RC4 of using asymmetric
key encryption with RC4 [12]. Hammod et al. proposed
an RRC4 random initial state algorithm in which
traditional RC4 and new enhanced RC4 is compared
with randomness compared against the traditional RC4.
However, the speed issue was not addressed[13].

III.

The weaknesses of original RC4 algorithm can be

divided into three parts. These are algorithm loopholes,
key
management
loopholes
and
authentication
mechanism loopholes.
A.

Algorithm Loopholes

In this ,to enhanced the security WEP uses RC4

algorithm, but the problem are not completely solved.
Firstly, RC4 is a stream encryption algorithm which
encrypt data byte by byte . In this process the whole data
packet must be dispose if one bit is lost. So that the
sender need to retransmit the lost data packet again and
again until the receiver accept the data packet, and WEP
must reset the initial vector (IV)after transmitting each
data packet.
Secondly, RC4 algorithm having the following
characteristics: assume the two cipher text like CTl,
CT2 and two plain text like PTI, PT2,and then we get
the connection between them is that CTl = PTl E9 RC4
(keY),CT2=PT2E9 RC4(key),and CTlE9CT2=PTlE9PT2.
So in this connection we see that RC4 uses the same key
with different plain text. If PTl is known, and then we
can easily find PT2. So we conclude that we decrypt the
whole data very easily by using dictionary if plaintext is
enough [4].
WEP(802.ll) used intial vector(lV) of 24-bit
to prove that every data packet using the different key,
but if in the single base station the 802.11 standard
travel on IIMbps nlw , then in less than an hour the
whole key space will be exhausted. But in multiple base
stations with the big network , time will be shorter to
exhaust the key space. The result of RC4 algo
performance will be degraded by using the concept of

1437

initial vector(lV) reemergence , and the WEP will be

attacked very easily. Now a days ,data link layer in TCP
and IP networks is used by 802.11 WLAN and hacker
store the transmission packets to get the information
about the data because each packet contain plaintext
information about the transmission. So that hackers can
collect the almost all information to find the complete

conclude the only user enters in the network point which

having the certify identity. But due to this the security
risks in which the hacker access the user sites and stop
the request from the other user and use the information.
IV.

PROPOSED ALGORITHM

In this algorithm to control the faults mentioned in the

previous chapters, we propose a modification in the

B.

In this loopholes, the key management is not

properly defined .In WEP mechanism
there is no
planning about the key generation ,key management and
key distribution.
The keys for encrypted the data are mainly two
types default key and key-mapping key. For default
setting the default key is configured. For key encryption
the Key-mapping key is used to send and receive data
packets for different senders and receivers. So that to
find out
this key, key mapping keys records
communicate with the key table which is maintained by
the each system. For every communication key which is
used for encryption and decryption, firstly receiver
search the key in the table to get that whether the
searched key is shared by users themselves or not. Else,
the user encrypt key mapping keys for superior to the
another keys by using the default key with the help of
selected key ID. The key-mapping keys are used very
rarely but it enhanced the security.
The previous analysis shows that for 0 default key
the key ID is used. So that, in this mechanism there is no
restriction to reuse the keys ,then the key reused by the
sites is increased which increase the chances to store the
key by the devices and when device is losted by the user
then hacker use that device to hack the key and get the
information.

current RC4 Algorithm. From Borisov et al [M6] there is

an problem that after 5000 frames the initial vector(lV)
is repeated by the reason of birthday paradox [M5]. For
solving this problem, at the every encryption time the
shared secret key in between the wireless node and
access point will be updated. We have proposed the
following three important enhancements into the original
RC4 Algorithm.

Modify the original RC4 algorithm to make it

more secure and even faster.

Reduces the iterations of RC4 up-to one-fourth

time of original RC4.

Dynamically change the secret key for each

execution of RC4.

detail:
A.

In the proposed algorithm, we have taken two S

boxes to increase the randomness in the state vector
of KSA. To provide the randomization in state
vector of KSA of original RC4, the algorithm

C.

In this loopholes, it is divided into following

three types. 1st, Hardware based authenticate mode is
used by WEP authentication mechanism, & hardware
stored the key in hardware, that's why to improve the
authentication mechanism ,no supporting software is
available. So, the hardware owner access the network by
using the hardware.If t.he owner of the hardware lost the
device then hacker use the device as an owner of the
hardware.So that it is called threat of hardware if the
hardware used by the hacker and hacker login in the
network as an owner of the hardware.
2nd,Denial of service attack is possible in the
process of authentication. In this attack hacker obtain the
challenge text of cipher and plain text by using the user
sent plain and cipher text which is sent through the
access point then hacker use the identity of key stream
sequence. So that, challenge text is used as an WEP key
for share authentication at the access point,
that

1438

iterates for total 256 times on a single S box. In the

proposed RC4, two S vectors are randomized with
only one loop (with iteration of size 128) is to be
performed in KSA. Thus the total number of
iteration remains reduced to one-fourth times. Then
these two fully randomized S vectors are passed to
the PRGA. PRGA further perform randomness on
the two S vectors by performing

inter vector

swapping of elements of two array and produces two

words of output for a single iteration of loop on the
data size.
The proposed algorithm pseudo code is as follows:

After 5.1 hour key is repeated because of repetition of

IV.
Attack Implementation continuously for this
time limit is totally feasible in the current computing
environment. This concludes that 24 bit IV is not at all
enough to protect data from brute force attack.
From the above motivation, we have increased
the size of the current IV from 24 bit to 32 bit without
changing the overall length of 64 bit key used in RC4.

j = 0 + SI[i] + keyl[I mod (Iength(key] mod N/2);

Swap(SI(i),SIG) ;

In the original RC4 (used in WEP), key is defined as :

KSA(keyl, key2)
SI[I ]= 0 to (N/2-1);
S2[I] = (N/2) to (N-I);
j=O;
for i= 0 to (N/2-1)

j = 0 + S2[i] + key2[I mod (length(key] mod N/2);

Swap(S2(i),S2G) ;

Session Key

+ IV

(24 bit)

+ IV

(32 bit)

}
}

Session Key

In the proposed algorithm, the input key size from user is

We have then permuted this 40 bit key by taking 32 bits
at a time. Hence we get a set of total 120 sub-keys (5!)
each of 32 bit size.

i=j 1=j2=x=0;
loop (i<size(PT

{
i=i+1) mod N/2);
jl=(01+S1(i+l mod N/2);
Swap(SI(i+1 ),S20 1+1;
tl= (SI(SI(i+I)+SI01+I mod N/2)+1);
j2= (G2+S2(i+1 mod N/2);
Swap(S2(i+1),S102+1;
t2= (S2(S2(i+1)+S202+1 mod N/2)+1);
kseq(x+1)=t1;
kseq(X+2)=t2;

Steps to implement prop osed RC4 are as

follows:
Step I : Write the code for modified RC4 algorithm.
Step 2 : Generate the 32 bit secret key from a 40 bit key
Step 3 : Select Key function sequentially select a sub key
from the given sub-keys set.

function.

In standard 64bit RC4 encryption, a 64 bit session key is

created by appending a 24 bit IV to a static secret key
thus making a unique session key for each data packet
encryption.
As 24 bit IV generate total 16777216 total combination
of IV but if we take a scenario that I1MBPS network
send 1500 byte per packet that means network send
approx 917 packet per second [9]. Thus:

11mbps / (1500bytelpacket
2

24

Sbit/byte)

917 packet/sec

IV = mod(randi(256,4),256)
Step 5 : Concatenate key and IV using the concatenation
function to generate a session key.
Step 6 : Pass this session key to our proposed RC4
algorithm.
Step 7 : The key sequence generated from proposed RC4
is XORed with the PT.
Step 8 : The IV is encrypted by XORing it with the
current 32 bit sub-key and then append this IV with the
cipher text.

=16777216

167777216/917=5.1h

1439

RESULT ANALYSIS

V.

We have compared the execution of proposed RC4 with

few previous modifications on RC4. i.e. The results have
been compared with the Efficient, Improved and
modified RC4 algorithms. The following table shows the
average encryption time of various algorithms (including
proposed algorithm) on the text files of different data
SIze.

TABLE 2

FILE
SIZE
10
20

TABLE I

30

FILE
SIZE

40

10
20
30
40
50
60
70
80
90
100

RC4

RC42
S

14.205
9
20.224

9.8943

26.404
3
28.269

10.861
4
17.077
6
12.278

34.021
3
38.740
3
43.909
6
50.718
6
56.612
5
58.631
4

15.148
7
17.824
9
51.529
4
59.669
5
63.724
5
64.789
5

Effect
ive
RC4
372.54
2
858.19
5
1506
2269.4
3
3260.3
5
4267.6
3
4317.1
6
7715.5
4
7932.4
3
8088.5
5

Impro
ved
RC4
369.24
5
848.37
8
1546.6
7
2289.0
I
3244.5
7
7088.2
5
5534.1
3
6898.7
4
7249.2
4
7734.1

Modif
ied
RC4
475.50
I
1211.5
7
2294.6
1
3604.1
6
3175.6
3
7174.8
9
5490.3
I
11829.
8
12876.
3
17345.
8

Propo
sed
7.0718
8
7.9767
8
8.1009
9
10.822
4
12.822
4
13.993
3
17.327
6
19.920
6
22.171
9
27.485
8

50
60
70
80
90
100

20000 -r----- 15000

I 10000
1=

+----+
+-----t-++

5000 +-----t--t-It-t-.
o

L&L&L&

1 2 3 4 5 6 7 8 910
Exp

Figl.Encryption Time

1440

No.

-RC4
-RC42S
-EffectiveRC4

20.767
26.015
8
32.512
3
38.235
2
44.594
8
52.822
5
55.723
4
58.673
4

12.471
14.617
16.499
7
49.970
2
57.921
8
59.243
64.865
4

Effccti
ve
RC4
336.57
8
853.70
2
1521.8
7
2250.4
2
3220.5
5
4255.5
3
4208.7
8
7489.5
7942.8
8105.4
2

Impro
ved
RC4
360.33
9
836.13
4
1497.7
5
2272.1
5
3186.9
7
7327.0
5
5509
7001.9
9
7301.2
4
7600.0
5

Modifi
cd
RC4
438.19
4
1204.5
2
2256.1
8
3599.4
2
3166.2
5
7190.2
5
5431.8
6
11903
12805.
05
17835.
2

Propo
sed
6.9055
7
6.7649
3
8.0753
4
10.785
9
12.751
1
13.751
I
17.239
8
19.871
9
23.749
I
28.743
6

Decryption Time
20000 ....-- 15000 +----t

I lOOOO
1=

Encryption Time

RC4
9.9934
2
14.744
3

RC42
S
7.4491
3
8.1553
9
9.6382
4

5000 +-----f.-t-lt-t-...
o

Exp

No.

-RC4
-RC42S
-EffectiveRC4
-ImprovedRC4
-ModifiedRC4
Proposed

Fig2.Decryption Time
CONCLUSION

-ImprovedRC4
-ModifiedRC4
-Proposed

Existing RC4 Algorithm proved that the different types

of cryptographic analytic attacks. This problem arised
not because the size of key but it is arise due to not
properly used of cryptography. Our proposed algorithm
completely provide security to RC4 Algorithm from
FMS attack and brute force attack. But the problem arise
with the proposed algorithm is one of that computational
overhead is increased when the secret sub keys are
changed
dynamically. But
this
problem
of
computational overhead is not repeted with every packet
of data in encryption time .So ,its not a big problem,we
can neglected this in the whole encryption process. In

this research paper work the security is increased in

proposed algorithm ant it is more robust than the
previous algorithm of message privacy. Thus in our
proposed algorithm security is enhanced by solving the
key repetition problem in RC4 algorithm. So our
proposed work is a very effective until the original
hardware is used. So its proved our proposed algorithm
is worked good with the existing hardware system and
giving a proper path and edge to the present RC4
algorithm.
REFERENCES
[1] Steve F. Russell "Wireless Network Security for
Users " ,
Information Technology: Coding and
Computing,
2001.
Proceedings,
International
Conference on , pp 172-177, 2001 IEEE
[2] Ankush Karnik , Katia Passerini"Wireless network
security - A discussion from a business perspective ",
Wireless Telecommunications Symposium, 2005 , pp
261-267, April 28-30, 2005 IEEE
[3] Hai Cheng, Qun Ding "Overview of the Block
Cipher "second conference
on Instrumentation ,
Measurement , Computer , Communication and control
second conference , pp 1628-1631 , IEEE 2012.
[4] C .S Lamba"Design and Analysis of Stream Cipher
for
Network
Security",
second
conference
on
Communication software and Network ,PP 562-567 ,
IEEE 2010.
[5] Shivaputrappa Vibhuti "IEEE 802.11 WEP (Wired
Equivalent Privacy) Concepts and Vulnerability " ,
CS265 Spring 2005
[6] ARASH HABIBI LASHKARI FCSIT, FARNAZ
TOWHIDI , RAHELEH SADAT HOSSEINI "Wired
Equivalent Privacy (WEP) " , Future Computer and
Communication, 2009. ICFCC 2009. International
Conference on , pp 492-495, 3-5 April 2009 IEEE
[7] Songhe Zhao and Charles A. Shoniregun "Critical
Review of Unsecured WEP ", pp 368-374, 9-13 July
2007 IEEE
[8] T.D.B Weerasinghe "An Effective RC4 Stream
Cipher" 8th International Conference on Industrial and
Information Systems, Aug. 18-20, IEEE 2013.
[9] Yao Yao,jiang Chang, Wang Xingwei "Enhancing
RC4 algorithm for WLAN WEP Protocol" Control and
Decision Conference ,pp 2623-2637, 26-28 may 2010.
Bourdoucen" IEEE 802.11 Wireless LAN Security
Overview" , IJCSNS , VOL. 6 NO. 5B , May 2006.
[11] Christophe De Canniere, Alex Biryukov, Bart
Prennel
An Introduction To
Block Cipher
Cryptanalysis" , Proceeding of IEEE , VOL. 94, NO. 2 ,
February 2006.
[12] Tang Songsheng, Ma Xianzhen "Research of
Typical Block Cipher Algorithm" , International

conference on Computer ,Mechatronic, Control and

Electronic Engineering(CMCE), 2010 IEEE
[13] Nidhi gupta , G.P biswas "WEP Implimentation
using Linear Feedback Shift Register(LFSR) and
Dynamic key",International Conference on Computer
and Communication(ICCCT), 2011 IEEE.
[14] ]S. Paul, and B. Preneel,"A New Weakness in the
RC4 Keystream Generator," Fast Software Encryption,
FSE 2004, LNCS 3017,pp 245-259, Springer-Verlag,
2004.
[15] Abdullah Al Noman, Dr. Roslina b. Mohd. Sidek,
Dr. Abdul Rahman b. Ramli, Dr. Liakot Ali "RC4A
Stream Cipher for WLAN Security: A Hardware
Approach "5th International Conference on Electrical
and Computer Engineering ICECE 2008, 20-22
[16] Jian Xie, Xiaozhong Pan," An Improved RC4
Stream Cipher" 2010 International Conforence on
Computer Application and System Modeling (ICCASM
2010),2010 IEEE
[17] O. 0 Olakanmi "RC4c : A Secured Way to View
Data
Transmission
in
Wireless
Communication
Networks" VolA, No.2, March 2012, International
Journal of Computer Networks & Communications
(IJCNC).
[18] Andreas Klein "Stream Cipher" , Springer 2013.
[19] Aaron E. Earle "Wireless Security Handbook,".
Auerbach Publications 2005.
[20]http: //msdn.microsoft.com/enus/library/ff650720.asp
x
[21]http://en.wikipedia.org/wiki/Linear_feedback_shift_r
egister
[22]http: //documentation.netgear.com/referencel sve/wire
lesslWirelessNetworkingBasics-3- 09.html
[23]http: //archive.oreilly.com/publa/wireless12003108128
Iwireless_bridging.html
[24] Pardeep, Pushpendra Kumar Pateriya," PC-RC4
Algorithm: An Enhancement Over Standard RC4
Algorithm", Volume 1, Issue 3, June 2012, International
Journal of Computer Science and Network (IJCSN)

1441