Security flaws induced by CBC padding - Applications to SSL, IPSEC, WTLS...

In many standards, e.g. SSL/TLS, IPSEC, WTLS, messages are first pre-formatted, then encrypted in CBC mode with a block cipher. Decryption needs to check if the format is valid. Validity of the format is easily leaked from communication protocols in a chosen ciphertext attack since the receiver usually sends an acknowledgment or an error message. This is a side channel. In this paper we show various ways to perform an efficient side channel attack. We discuss potential applications, extensions to other padding schemes and various ways to fix the problem


Published in:
Advances in Cryptology - EUROCRYPT 2002. International Conference on the Theory and Applications of Cryptographic Techniques, 2332, 534-545
Presented at:
Advances in Cryptology - EUROCRYPT 2002. International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, Netherlands, April 28 - May 2, 2002
Year:
2002
Keywords:
Other identifiers:
Laboratories:




 Record created 2007-01-18, last modified 2018-03-17

n/a:
Download fulltextPS
External link:
Download fulltextURL
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)