Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.1.79

Padding Oracle Attacks on Multiple Modes of Operation  

Lee, Tae-Keon (Center for Information Security Technologies(CIST), Korea University)
Kim, Jong-Sung (Center for Information Security Technologies(CIST), Korea University)
Lee, Chang-Hoon (Center for Information Security Technologies(CIST), Korea University)
Lee, Sangjin (Center for Information Security Technologies(CIST), Korea University)
Sung, Jae-Chul (Department of Mathematics, University of Seoul)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.1, 2006 , pp. 79-85 More about this Journal
Abstract
This attack requires an oracle which on receipt of a ciphertext, decrypts it and replies to the sender whether the padding is VALID or INVALID. In this paper we extend these attacks to other kinds of modes of operation for block ciphers. Specifically, we apply the padding oracle attacks to multiple modes of operation with various padding schemes. As a results of this paper, 12 out of total 36 double modes and 22 out of total 216 triple modes are vulnerable to the padding oracle attacks. It means that the 12 double modes and the 22 triple modes exposed to these types of attacks do not offer the better security than single modes.
Keywords
Block Ciphers; Modes of Operation; Padding Oracle Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. Hong, J. Sung, S. Hong, W. Lee, S. Lee, J. Lim, and O. Yi, Known-IV Attacks on Triple Modes of Operation of Block Ciphers. Advances in Cryptology - ASIACRYPT 2001, LNCS 2248, pp. 208-221, Springer-Verlag, 2001
2 ISO/IEC 9797-1: Information technology. Security techniques - Message Authentication Codes (MACs). Part 1: Mechanisms using a block cipher. 1999
3 D. Wagner, Cryptanalysis of some recently-proposed multiple modes of operation, Advances in Cryptology - FSE 1998, LNCS 1372, pp 254-269, Springer-Verlag, 1998
4 V. Klima and T. Rosa, Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format, Available at IACR Cryptology ePrint Archive, Report 2003/098. 2003
5 E. Biham, Cryptanalysis of triple modes of operation. Journal of Cryptology. Vol. 12, No.3, pp. 161-184. 1999   DOI
6 J. Black and H. Urtubia, Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption, InProc. of 11th USE NIX Security Symposium, San Francisco 2002, pp.327-338. 2002
7 ISO/IEC FDIS 10118-1: Information technology, Security techniques. Hash functions. Part 1: General (Final Draft). 2000
8 G. Paterson and Arnold Yau, Padding Oracle Attacks on the ISO CBC Mode Encryption Standard, CT-RSA 2004, LNCS 2964, pp. 305-323, Springer-Verlag. 2004
9 S. Vaudenay, Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ..., Advances in Cryptology - EUROCRYPT 2002, LNCS 2332, pp. 534-545, Springer-Verlag, 2002
10 E. Biham, Cryptanalysis of multiple modes of operation. Journal of Cryptology. Vol. 11, No. 1, pp. 45-58, 1998   DOI
11 R. Baldwin and R. Rivest. The RC5, RC5-CEC, RC5-CEC-Pad, and RC5-CTS algorithms, RFC 2040, 1996