Padding Oracle Attacks on CBC-Mode Encryption with Secret and Random IVs

  • Arnold K. L. Yau
  • Kenneth G. Paterson
  • Chris J. Mitchell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)

Abstract

In [8], Paterson and Yau presented padding oracle attacks against a committee draft version of a revision of the ISO CBC-mode encryption standard [3]. Some of the attacks in [8] require knowledge and manipulation of the initialisation vector (IV). The latest draft of the revision of the standard [4] recommends the use of IVs that are secret and random. This obviates most of the attacks of [8]. In this paper we consider the security of CBC-mode encryption against padding oracle attacks in this secret, random IV setting. We present new attacks showing that several ISO padding methods are still weak in this situation.

Keywords

padding oracle CBC-mode ISO standards side channel 

References

  1. 1.
    ISO/IEC 9797-1: Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)Google Scholar
  2. 2.
    ISO/IEC 10118-1 (2nd edition): Information technology — Security techniques — Hash-functions — Part 1: General (2000)Google Scholar
  3. 3.
    ISO/IEC 2nd CD 10116 (revision): Information technology — Security techniques — Modes of operation for an n-bit block cipher (2002) (Second committee draft of proposed 3rd edition of the standard)Google Scholar
  4. 4.
    ISO/IEC FCD 10116 (2nd edition): Information technology — Security techniques — Modes of operation for an n-bit block cipher (2004) (Final committee draft of proposed 3rd edition of the standard)Google Scholar
  5. 5.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Analysis of Symmetric Encryption: Analysis of the DES Modes of Operations. In: 38th IEEE Symposium on Foundations of Computer Science, pp. 394–409. IEEE, Los Alamitos (1997)Google Scholar
  6. 6.
    Black, J., Urtubia, H.: Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, pp. 327–338. USENIX (2002)Google Scholar
  7. 7.
    Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Paterson, K.G., Yau, A.K.L.: Padding oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Arnold K. L. Yau
    • 1
  • Kenneth G. Paterson
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security Group, Royal HollowayUniversity of LondonEghamUK

Personalised recommendations