Padding Oracle Attacks on the ISO CBC Mode Encryption Standard
نویسندگان
چکیده
In [8] Vaudenay presented an attack on block cipher CBCmode encryption when a particular padding method is used. In this paper, we employ a similar approach to analyse the padding methods of the ISO CBC-mode encryption standard. We show that, for several of the padding methods referred to by this standard, we can exploit an oracle returning padding correctness information to efficiently extract plaintext bits. In particular, for one padding scheme, we can extract all plaintext bits with a near-optimal number of oracle queries. For a second scheme, we can efficiently extract plaintext bits from the last (or last-but-one) ciphertext block, and obtain plaintext bits from other blocks faster than exhaustive search.
منابع مشابه
Padding Oracle Attacks on CBC-Mode Encryption with Secret and Random IVs
In [8], Paterson and Yau presented padding oracle attacks against a committee draft version of a revision of the ISO CBC-mode encryption standard [3]. Some of the attacks in [8] require knowledge and manipulation of the initialisation vector (IV). The latest draft of the revision of the standard [4] recommends the use of IVs that are secret and random. This obviates most of the attacks of [8]. ...
متن کاملError Oracle Attacks on CBC Mode: Is There a Future for CBC Mode Encryption?
This paper is primarily concerned with the CBC block cipher mode. The impact on the usability of this mode of recently proposed padding oracle attacks, together with other related attacks described in this paper, is considered. For applications where unauthenticated encryption is required, the use of CBC mode is compared with its major symmetric rival, namely the stream cipher. It is argued tha...
متن کاملSide Channel Analyses of CBC Mode Encryption
A block cipher encrypts data one block at a time. For bulk data encryption, a block cipher is usually used in a mode of operation. Cipher Block Chaining (CBC) mode encryption is one of the most commonly used modes of operation. The security properties of CBC mode encryption have been studied extensively. One well-known attack against CBC mode encryption allows an attacker, with some restriction...
متن کاملProvable Security in Practice: Analysis of SSH and CBC mode with Padding
This thesis illustrates and examines the gap that exists between theoretical and practical cryptography. Provable security is a useful tool which allows cryptographers to perform formal security analyses within a strict mathematical framework. Unfortunately, the formal modelling of provable security sometimes fails to match how particular schemes or protocols are implemented in real life. We ex...
متن کاملSide Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
Vaudenay has shown in [5] that a CBC encryption mode ([2], [9]) combined with the PKCS#5 padding [3] scheme allows an attacker to invert the underlying block cipher, provided she has access to a valid-padding oracle which for each input ciphertext tells her whether the corresponding plaintext has a valid padding or not. Having on mind the countermeasures against this attack, different padding s...
متن کامل