Advertisement

Error Oracle Attacks on CBC Mode: Is There a Future for CBC Mode Encryption?

  • Chris J. Mitchell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)

Abstract

This paper is primarily concerned with the CBC block cipher mode. The impact on the usability of this mode of recently proposed padding oracle attacks, together with other related attacks described in this paper, is considered. For applications where unauthenticated encryption is required, the use of CBC mode is compared with its major symmetric rival, namely the stream cipher. It is argued that, where possible, authenticated encryption should be used, and, where this is not possible, a stream cipher would appear to be a superior choice. This raises a major question mark over the future use of CBC mode, except as part of a more complex mode designed to provide authenticated encryption.

Keywords

Block Cipher Stream Cipher Message Authentication Code Symmetric Encryption Integrity Check 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    National Institute of Standards and Technology (NIST) Gaithersburg, MD: Federal Information Processing Standards Publication 81 (FIPS PUB 81): DES Modes of Operation (1980)Google Scholar
  2. 2.
    National Institute of Standards and Technology (NIST) Gaithersburg, MD: Federal Information Processing Standards Publication 46-3 (FIPS PUB 46-3): Data Encryption Standard (1999)Google Scholar
  3. 3.
    International Organization for Standardization Genève, Switzerland: ISO/IEC 10116: 1997, Information technology — Security techniques — Modes of operation for an n-bit block cipher. 2nd edn. (1997)Google Scholar
  4. 4.
    International Organization for Standardization Genève, Switzerland: ISO/IEC FCD 10116, Information technology — Security techniques — Modes of operation for an n-bit block cipher. 3rd edn. (2004)Google Scholar
  5. 5.
    Dent, A.W., Mitchell, C.J.: User’s Guide to Cryptography and Standards. Artech House, Norwood (2005)zbMATHGoogle Scholar
  6. 6.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  7. 7.
    Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security 6, 365–403 (2003)CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    National Institute of Standards and Technology (NIST): NIST Special Publication 800-38C, Draft Recommendation for Block Cipher Modes of Operation: The CCM Mode For Authentication and Confidentiality (2003)Google Scholar
  10. 10.
    Whiting, D., Housley, R., Ferguson, N.: RFC 3610, Counter with CBC-MAC (CCM). Internet Engineering Task Force (2003)Google Scholar
  11. 11.
    International Organization for Standardization Genève, Switzerland: ISO/IEC 2nd WD 19772: 2004, Information technology — Security techniques — Authenticated encryption mechanisms (2004)Google Scholar
  12. 12.
    Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9. USENIX, pp. 327–338 (2002)Google Scholar
  13. 13.
    Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Paterson, K.G., Yau, A.: Padding oracle attacks on the ISO CBC mode padding standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Vaudenay, S.: Security flaws induced by CBC padding — Applications to SSL, IPSEC,WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Yau, A.K.L., Paterson, K.G., Mitchell, C.J.: Padding oracle attacks on CBC-mode encryption with secret and random IVs. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 299–319. Springer, Heidelberg (2005) (to appear)CrossRefGoogle Scholar
  17. 17.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th IEEE symposium on Foundations of Computer Science, pp. 394–403. IEEE, Los Alamitos (1997)CrossRefGoogle Scholar
  18. 18.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encryptand- MAC paradigm. ACM Transactions on Information and System Security 7, 206–241 (2004)CrossRefGoogle Scholar
  20. 20.
    International Organization for Standardization Genève, Switzerland: ISO/IEC 9797–1, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)Google Scholar
  21. 21.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communications. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Watanabe, D., Furuya, S., Yoshida, H., Takaragi, K., Preneel, B.: A new keystream generator MUGI. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 179–194. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    International Organization for Standardization Genève, Switzerland: ISO/IEC WD 19772: 2004, Information technology — Security techniques — Authenticated encryption mechanisms (2004)Google Scholar
  25. 25.
    Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  26. 26.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEgham, SurreyUK

Personalised recommendations