Vulnerabilities of Stream Ciphers

  1. The controls of the key reuse vulnerability are:
    1. Avoid using an initialization vector: simply generate the whole seed using a pseudo-random number generator (so that no part of the seed repeats.)
    2. Never use a key more than once. For instance, whenever a new network connection is created, use a different key that hasn't been used before.
  2. Mallability. The algorithms of a stream cipher don't guarantee integrity and, therefore, won't be able to detect malicious changes to the ciphertext. An attacker might unnoticeably and still meaningfully change the ciphertext! Example:
    • Eve, an eavesdropper, may suspect that a message from Bob to Alice begins with the words: "FROM: Bob".
    • Eve proceeds to XOR the 9 bytes "FROM: Bob" with the ciphertext, which returns the first 9 bytes of the key.
    • She then uses these 9 key bytes to encrypt: "FROM: Eve" and append it to the ciphertext instead of "FROM: Bob".
    This was possible because each byte of ciphertext corresponds to one byte of plaintext, so an attacker can target a specific part of a message, without fully knowing the key. This is a breach of integrity!