Abstract
This paper proposes three new padding methods designed to withstand padding oracle attacks, which aim at recovering a plaintext without knowing the secret key by exploiting oracle’s characteristic of checking the padding during decryption. Of the ten existing padding methods, only two (ABYT-PAD and ABIT-PAD) can withstand padding oracle attacks. However, these methods are not efficient since they either use a random number generator or require MAC verification in applications. The three new padding methods proposed in this paper are secure against padding oracle attacks and more efficient compared to the two aforementioned padding methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlFardan, N., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In Proceedings of IEEE Symposium on Security and Privacy, pp. 526–540 (2013)
AlFardan, N., Paterson, K.G.: Plaintext-recovery attacks against datagram TLS. In: Network and Distributed System Security Symposium(2012)
Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: the case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium, pp. 327–338 (2002)
Duong, T., Rizzo, J.: Cryptography in the web: the case of cryptographic design flaws in ASP.NET. In Proceedings of IEEE Symposium on Security and Privacy, pp. 481–489 (2011)
Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST 800–38A (2001)
Kaliski, B.: PKCS #7: Cryptographic Message Syntax Version 1.5. RFC 2315 (1998)
Klima, V., Rosa, T.: Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format. eprint (2003)
Mister, S., Zuccherato, R.J.: An attack on CFB mode encryption as used by OpenPGP. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 82–94. Springer, Heidelberg (2006)
Pironti, A., Strub, P.Y., Bhargavan, K.: Identifying Website Users by TLS Traffic Analysis: New Attacks and Effective Countermeasures. Research Report, Prosecco Project-Team, INRIA (2012)
Paterson, K.G., Yau, A.K.L.: Padding oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004)
Rizzo, J., Duong, T.: Practical Padding Oracle Attacks. USENIX WOOT (2010)
Seggelmann, R., Tuexen, M., Williams, M.: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. RFC 6520 (2012)
Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Acknowledgments
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (Grant No. 2013R1A1A2059864).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kang, H. et al. (2016). New Efficient Padding Methods Secure Against Padding Oracle Attacks. In: Kwon, S., Yun, A. (eds) Information Security and Cryptology - ICISC 2015. ICISC 2015. Lecture Notes in Computer Science(), vol 9558. Springer, Cham. https://doi.org/10.1007/978-3-319-30840-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-30840-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30839-5
Online ISBN: 978-3-319-30840-1
eBook Packages: Computer ScienceComputer Science (R0)