Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment

Paterson, Kenneth G.; Watson, Gaven J.

doi:10.1007/978-3-540-85855-3_23

Kenneth G. Paterson¹ &
Gaven J. Watson¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5229))

Included in the following conference series:

International Conference on Security and Cryptography for Networks

998 Accesses
8 Citations
3 Altmetric

Abstract

Padding oracle attacks against CBC mode encryption were introduced by Vaudenay. They are a powerful class of side-channel, plaintext recovering attacks which have been shown to work in practice against CBC mode when it is implemented in specific ways in software. In particular, padding oracle attacks have been demonstrated for certain implementations of SSL/TLS and IPsec. In this paper, we extend the theory of provable security for symmetric encryption to incorporate padding oracle attacks. We develop new security models and proofs for CBC mode (with padding) in the chosen-plaintext setting. These models show how to select padding schemes which provably provide a strong security notion (indistinguishability of encryptions) in the face of padding oracle attacks. We also show that an existing padding method, OZ-PAD, that is recommended for use with CBC mode in ISO/IEC 10116:2006, provably resists Vaudenay’s original attack, even though it does not attain our indistinguishability notion.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Softcover Book: USD 119.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 1997), pp. 394–403. IEEE, Los Alamitos (1997)
Chapter Google Scholar
Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the ssh authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm. ACM Transactions on Information and Systems Security 7, 206–241 (2004)
Article Google Scholar
Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, 2002, pp. 327–338 (2002)
Google Scholar
Boldyreva, A., Kumar, V.: Provable-security analysis of authenticated encryption in kerberos. In: IEEE Symposium on Security and Privacy, pp. 92–100. IEEE Computer Society, Los Alamitos (2007)
Chapter Google Scholar
Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)
Google Scholar
Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: IEEE Symposium on Security and Privacy, pp. 335–349. IEEE Computer Society, Los Alamitos (2007)
Chapter Google Scholar
Kent, S.: IP encapsulating security payload (ESP). RFC 4303 (December 2005)
Google Scholar
Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)
Chapter Google Scholar
Mitchell, C.J.: Error oracle attacks on CBC mode: Is there a future for CBC mode encryption? In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244–258. Springer, Heidelberg (2005)
Google Scholar
Paterson, K.G., Yau, A.K.L.: Padding oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004)
Google Scholar
Vaudenay, S.: Security flaws induced by CBC padding – applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–546. Springer, Heidelberg (2002)
Chapter Google Scholar
Yau, A.K.L., Paterson, K.G., Mitchell, C.J.: Padding oracle attacks on CBC-mode encryption with secret and random IVs. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 299–319. Springer, Heidelberg (2005)
Google Scholar
Zhou, Y., Feng, D.: Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing. Cryptology ePrint Archive, Report 2005/388 (2005), http://eprint.iacr.org/

Download references

Author information

Authors and Affiliations

Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K.
Kenneth G. Paterson & Gaven J. Watson

Authors

Kenneth G. Paterson
View author publications
You can also search for this author in PubMed Google Scholar
Gaven J. Watson
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Rafail Ostrovsky Roberto De Prisco Ivan Visconti

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Paterson, K.G., Watson, G.J. (2008). Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds) Security and Cryptography for Networks. SCN 2008. Lecture Notes in Computer Science, vol 5229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85855-3_23

Download citation

DOI: https://doi.org/10.1007/978-3-540-85855-3_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85854-6
Online ISBN: 978-3-540-85855-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics