Padding Oracle Attacks on the ISO CBC Mode Encryption Standard
In  Vaudenay presented an attack on block cipher CBC-mode encryption when a particular padding method is used. In this paper, we employ a similar approach to analyse the padding methods of the ISO CBC-mode encryption standard. We show that, for several of the padding methods referred to by this standard, we can exploit an oracle returning padding correctness information to efficiently extract plaintext bits. In particular, for one padding scheme, we can extract all plaintext bits with a near-optimal number of oracle queries. For a second scheme, we can efficiently extract plaintext bits from the last (or last-but-one) ciphertext block, and obtain plaintext bits from other blocks faster than exhaustive search.
Keywordspadding oracle attack CBC-mode encryption ISO standard
Unable to display preview. Download preview PDF.
- 1.Black, J., Urtubia, H.: Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, pp. 327–338 (2002)Google Scholar
- 3.ISO/IEC 9797-1: Information technology — Security tehniques — Message Auhentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)Google Scholar
- 4.ISO/IEC 10116 (2nd edn): Information technology — Security techniques — Modes of operation for an n-bit block cipher (1997)Google Scholar
- 5.ISO/IEC 3rd CD 10116 (3rd edn.): Information technology — Security techniques — Modes of operation for an n-bit block cipher (Commitee Draft). 2002. Google Scholar
- 6.ISO/IEC FDIS 10118-1: Information technology — Security techniques — Hashfunctions — Part 1: General, Final Draft (2000)Google Scholar
- 7.Klima, V., Rosa, T.: Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format. Cryptology ePrint Archive, Report 2003/098 (2003)Google Scholar