Fluhrer, Mantin, and Shamir

Fluhrer, Mantin, and Shamir
Name	Fluhrer, Mantin, and Shamir
Notable work	Discovery of RC4 key-scheduling weakness
Field	Cryptanalysis
Known for	FMS attack on RC4

Contents

Fluhrer, Mantin, and Shamir

Fluhrer, Mantin, and Shamir were researchers who published a cryptanalytic attack against the RC4 stream cipher, influencing standards and implementations across computing and networking. Their work intersected with developments at institutions and products including RSA Security, Microsoft Corporation, Wired Equivalent Privacy, Transport Layer Security, and OpenSSL, prompting scrutiny from communities around IETF, NIST, CERT Coordination Center, Internet Engineering Task Force, and vendors like Cisco Systems and Intel Corporation.

Background and Context

The discovery arose amid widespread deployment of RC4 in protocols and products such as WEP, SSL, TLS, Microsoft Internet Explorer, Netscape Navigator, and embedded devices from Linksys and Netgear, while research groups at Technion – Israel Institute of Technology, Bell Labs, IBM, Bellcore, and HP advanced cipher analysis. The cipher's creator, Ronald Rivest, and organizations including RSA Laboratories and IETF Working Group had promoted RC4 in contexts spanning Kerberos, Microsoft Windows, Oracle Corporation, and Qualcomm, even as academic conferences like Crypto, Eurocrypt, Usenix, ACM SIGSAC, and IEEE Symposium on Security and Privacy provided venues for dissemination. Industry standards bodies such as IEEE and ISO/IEC shaped adoption decisions alongside implementers at Mozilla Foundation, Google, Apple Inc., and Amazon Web Services.

The FMS attack targeted RC4’s key scheduling algorithm as used in WEP and similar constructions, challenging assumptions held by implementers at Microsoft Corporation, Cisco Systems, 3Com, and researchers at Cambridge University, University of California, Berkeley, MIT, and Stanford University. The publication spurred responses from security teams at CERT/CC, US-CERT, SANS Institute, and standards groups such as IETF, influencing advisories from NIST, ENISA, and vendors including Linksys and Belkin International. Subsequent analyses by cryptographers at University of Waterloo, Technion, Weizmann Institute of Science, École Normale Supérieure, and École Polytechnique Fédérale de Lausanne extended the attack model toward practical key recovery in deployed systems like WEP-protected IEEE 802.11 networks.

The attack exploited correlations in RC4's key scheduling algorithm output state bytes when IVs were constructed and reused by devices from Netgear, D-Link, Belkin, and Linksys, producing biases similar to those studied in papers at Crypto 2001, Eurocrypt 2002, and ASIACRYPT. The vulnerability manifested in protocols and products including WEP, Microsoft PPTP, IPsec implementations by Juniper Networks and Cisco Systems, and libraries such as OpenSSL, GnuTLS, Schannel, and LibreSSL. Follow-up work by researchers at Royal Holloway, University of London, KU Leuven, Ruhr University Bochum, and George Mason University characterized statistical weaknesses using tools from Mathematica, SageMath, and testbeds maintained by CERN and MITRE.

Real-world exploitation affected consumer hardware from Linksys, Netgear, and D-Link, enterprise appliances by Cisco Systems and Juniper Networks, and software stacks including Windows, Linux kernel, OpenBSD, FreeBSD, Android, and iOS. The attack influenced browser vendors like Mozilla Foundation, Google, and Apple Inc. to reassess use of RC4 in TLS and SSL sessions, while cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform updated cryptographic offerings. Standards organizations including IETF, IEEE, NIST, and ENISA incorporated findings into recommendations that affected products from Intel Corporation, AMD, ARM Holdings, and security firms like McAfee and Symantec Corporation.

Mitigations included deprecating RC4 across TLS and recommending algorithms from NIST such as AES and modes like Galois/Counter Mode adopted by OpenSSL, LibreSSL, BoringSSL, and vendor stacks at Microsoft, Apple, and Google. Network products from Cisco Systems, Juniper Networks, Aruba Networks, and HP revised default configurations, while standards efforts at IETF produced RFCs and transition guidelines affecting IEEE 802.11 implementers including Atheros Communications and Broadcom. Academic and industry collaboration among groups at MIT, Stanford University, Princeton University, and ETH Zurich yielded countermeasures, test suites, and patches distributed via channels like GitHub, Debian, Red Hat, and Canonical.

The FMS work influenced subsequent attacks on stream ciphers and constructions used in SSL/TLS, WEP, and other protocols, inspiring research at conferences such as Crypto, Eurocrypt, CRYPTO, CHES, and NDSS and follow-up techniques by teams at Microsoft Research, Google Project Zero, Facebook security, and university labs at University of Cambridge and Imperial College London. Its legacy shaped cryptographic policy at NIST, cipher selection in IETF standards, and implementation practices at vendors including Apple Inc., Microsoft Corporation, Google, and Mozilla Foundation, contributing to a broader move toward authenticated encryption such as AES-GCM and ChaCha20-Poly1305 adopted across platforms from Android to iOS and cloud services from Amazon Web Services to Microsoft Azure.

Category:Cryptanalysis