Vulnerabilities of Stream Ciphers
- The controls of the key reuse vulnerability are:
- Avoid using an initialization vector: simply generate the whole seed using a pseudo-random number generator (so that no part of the seed repeats.)
- Never use a key more than once. For instance, whenever a new network connection is created, use a different key that hasn't been used before.
- Mallability. The algorithms of a stream cipher don't guarantee integrity and, therefore, won't be able to detect malicious changes to the ciphertext. An attacker might unnoticeably and still meaningfully change the ciphertext! Example:
- Eve, an eavesdropper, may suspect that a message from Bob to Alice begins with the words: "FROM: Bob".
- Eve proceeds to XOR the 9 bytes "FROM: Bob" with the ciphertext, which returns the first 9 bytes of the key.
- She then uses these 9 key bytes to encrypt: "FROM: Eve" and append it to the ciphertext instead of "FROM: Bob".
This was possible because each byte of ciphertext corresponds to one byte of plaintext, so an attacker can target a specific part of a message, without fully knowing the key. This is a breach of integrity!
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.