Security of symmetric encryption in the presence of ciphertext fragmentation

Authors:
Alexandra Boldyreva;Jean Paul Degabriele;Kenneth G. Paterson;Martijn Stam
Affiliations:
Georgia Institute of Technology;Royal Holloway, University of London, UK;Royal Holloway, University of London, UK;University of Bristol, UK
Venue:
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Year:
2012

Citing 12
Cited 1

The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Blockwise-Adaptive Attackers: Revisiting the (In)Security of Some Provably Secure Encryption Models: CBC, GEM, IACBC

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm

ACM Transactions on Information and System Security (TISSEC)
Attacking the IPsec Standards in Encryption-only Configurations

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Plaintext Recovery Attacks against SSH

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Blockwise-adaptive chosen-plaintext attack and online modes of encryption

Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
On hiding a plaintext length by preencryption

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Blockwise adversarial model for on-line ciphers and symmetric encryption schemes

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Plaintext-Dependent decryption: a formal security treatment of SSH-CTR

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Tag size does matter: attacks and proofs for the TLS record protocol

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security

An analysis of the EMV channel establishment protocol

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable properties of ciphertext boundary hiding and robustness against Denial-of-Service (DoS) attacks for schemes in this setting. We illustrate the utility of each of our models via efficient constructions for schemes using only standard cryptographic components, including constructions that simultaneously achieve confidentiality, ciphertext boundary hiding and DoS robustness.