Padding oracle attacks on CBC-Mode encryption with secret and random IVs

Authors:
Arnold K. L. Yau;Kenneth G. Paterson;Chris J. Mitchell
Affiliations:
Information Security Group, Royal Holloway, University of London, Egham, Surrey, UK;Information Security Group, Royal Holloway, University of London, Egham, Surrey, UK;Information Security Group, Royal Holloway, University of London, Egham, Surrey, UK
Venue:
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Year:
2005

Citing 3
Cited 9

Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption

Proceedings of the 11th USENIX Security Symposium
A Concrete Security Treatment of Symmetric Encryption

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science

Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Cryptographically verified implementations for TLS

Proceedings of the 15th ACM conference on Computer and communications security
Cryptanalysis of the EPBC authenticated encryption mode

Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Practical padding oracle attacks

WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
How to break XML encryption

Proceedings of the 18th ACM conference on Computer and communications security
Verified Cryptographic Implementations for TLS

ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Error oracle attacks on CBC mode: is there a future for CBC mode encryption?

ISC'05 Proceedings of the 8th international conference on Information Security
An attack on CFB mode encryption as used by OpenPGP

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Authenticated-Encryption with padding: a formal security treatment

Cryptography and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In [8], Paterson and Yau presented padding oracle attacks against a committee draft version of a revision of the ISO CBC-mode encryption standard [3]. Some of the attacks in [8] require knowledge and manipulation of the initialisation vector (IV). The latest draft of the revision of the standard [4] recommends the use of IVs that are secret and random. This obviates most of the attacks of [8]. In this paper we consider the security of CBC-mode encryption against padding oracle attacks in this secret, random IV setting. We present new attacks showing that several ISO padding methods are still weak in this situation.