Browse > Article
http://dx.doi.org/10.3745/KTCCS.2015.4.2.73

Analysis of Padding Oracle Attack Possibility about Application Environment; SRTP, MIKEY, CMS, IPSec, TLS, IPTV  

Hwang, Seongjin (서울과학기술대학교 컴퓨터공학과)
Park, Myungseo (국민대학교 수학과)
Moon, Dukjae (고려대학교 정보보호학과)
Kang, HyungChul (고려대학교 정보보호대학원)
Kim, Jongsung (국민대학교 금융정보보안학과)
Lee, Changhoon (서울과학기술대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.4, no.2, 2015 , pp. 73-80 More about this Journal
Abstract
In the various application environments on the internet, we use verified cipher algorithm to protect personal information. Even so, if an application method isn't proper, the information you want to keep can be intercepted. One of the representative examples of it is a PADDING ORACLE ATTACK. This thesis studied about STRP, MIKEY, CMS, IPSec, TLS, IPTV, an application environment which apply CBC operational mode based on block cipher and CBC padding method, and about whether we can attack against the Padding Oracle Attack as well as the vulnerable points.
Keywords
Block Cipher; Padding; Padding Oracle Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Vaudenay, "Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS...," Eurocrypt 2002, LNCS, Vol.2332, pp.534-545, Springer-Verlag, 2002.
2 Juliano Rizzo, Thai Duong(2010). "Practical Padding Oracle Attacks," USENIX WOOT, 2010.
3 M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)," RFC 3711, Mar., 2004.
4 M. Dworkin, "Recommendation for Block Cipher Modes of Operation," NIST 800-38A, 2001.
5 J-S. Kang, S-U. Shin, D. Hong, and O. Yi, "Provable Security of KASUMI and 3GPP Encryption Mode f8," ASIACRYPT 2001, LNCS 2248, pp.255-271, Springer-Verlag, 2001.
6 S. Yoon, J. Kim, H. Park, H. Jeong, and Y. Won, "The SEED Cipher Algorithm and Its Use with the Secure Real-Time Transport Protocol (SRTP)," RFC 5669, Aug., 2010.
7 J. Arkko, E. Carrar, F. Lindholm, M. Naslund, and K. Norrman, "MIKEY: Multimedia Internet KEYing," RFC 3830, Aug., 2004.
8 J. Schaad, R. Housley, "Advanced Encryption Standard(AES) Key Wrap Algorithm," RFC 3394, Sep., 2002.
9 J. Jeong, H. Kim, H. Jeong, and Y. Won, "IANA Registry Update for Support of the SEED Cipher Algorithm in Multimedia Internet KEYing (MIKEY)," RFC 5748, Aug., 2010.
10 J. Park, S. Lee, J. Kim, and J. Lee, "Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS)," RFC 4010. Feb., 2005.
11 S. Kent, K. Seo, "Security Architecture for the Internet Protocol," RFC 4301, Dec., 2005.
12 T. Dierks, C. Allen, "The TLS Protocol Version 1.0," RFC 2246, Jan., 1999.
13 T. Dierks, E. Rescorla, "The Transpord Layer Security (TLS) Protocol Version 1.2," RFC 5246, Aug., 2008.
14 Korea Association of Information and Communication Technology, "SEED / ARIA scrambling algorithm for IPTV-service Security," TTAK.KO-12.0123, Dec., 2009.
15 T. Dierks, E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1," RFC 4346, Apr., 2006.