A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols
نویسندگان
چکیده
Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to provide confidentiality and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serious security hole in these protocols: any encrypted message can be decrypted using a one-message, adaptive chosen-ciphertext attack. Although such attacks have been formalized mainly for theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used.
منابع مشابه
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
We recently noted [6] that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting “decryption oracle”. We argued further that such attacks are quite feasible and therefore represent a serious concern. Here, we investigate these claims in more detail by attempting to implement the suggeste...
متن کاملChosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our ...
متن کاملChosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes
A proxy re-encryption scheme enables a proxy to re-encrypt a ciphertext and designate it to a delegatee. Proxy re-encryption schemes have been found useful in many applications, including e-mail forwarding, law-enforcement monitoring, and content distribution. Libert and Vergnaud presented the first construction of unidirectional proxy re-encryption scheme with chosen ciphertext security in the...
متن کاملChosen-Ciphertext Secure Fuzzy Identity-Based Key Encapsulation without ROM
(1, 2, 3, 4, 5. College of Information Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, P.R.China) * corresponding author 1. E-mail: [email protected] 2. E-mail: [email protected] 3. E-mail: [email protected] 4. E-mail: [email protected] 5. E-mail: [email protected] Abstract. We use hybrid encryption with Fuzzy Identity-Based Encryption (F...
متن کاملHow to Enhance the Security of Public-Key Encryption at Minimum Cost
This paper presents a simple and generic conversion from a publickey encryption scheme which is indistinguishable against chosen-plaintext attacks into a public-key encryption scheme which is indistinguishable against adaptive chosen-ciphertext attacks in the random oracle model. The scheme obtained by the conversion is as e cient as the original encryption scheme and the security reduction is ...
متن کامل