Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
Proceedings of the 11th USENIX Security Symposium
Padding oracle attacks on CBC-Mode encryption with secret and random IVs
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Proceedings of the 18th ACM conference on Computer and communications security
Taint analysis of security code in the KLEE symbolic execution engine
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption with PKCS#5 padding (See [6]). If there is an oracle which on receipt of a ciphertext, decrypts it and then replies to the sender whether the padding is correct or not, Vaudenay shows how to use that oracle to efficiently decrypt data without knowing the encryption key. In this paper, we turn the padding oracle attack into a new set of practical web hacking techniques. We also introduce a new technique that allows attackers to use a padding oracle to encrypt messages of any length without knowing the secret key. Finally, we show how to use that technique to mount advanced padding oracle exploits against popular web development frameworks.