• Title/Summary/Keyword: Padding Oracle Attack

Search Result 4, Processing Time 0.017 seconds

Safety Analysis of Various Padding Techniques on Padding Oracle Attack (패딩 오라클 공격에 따른 다양한 패딩방법의 안전성 분석)

  • Kim, Kimoon;Park, Myungseo;Kim, Jongsung;Lee, Changhoon;Moon, Dukjae;Hong, Seokhee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.271-278
    • /
    • 2015
  • We use various types of cryptographic algorithms for the protection of personal and sensitive informations in the application environments, such as an internet banking and an electronic commerce. However, recent researches were introduced that if we implement modes of operation, padding method and other cryptographic implementations in a wrong way, then the critical information can be leaked even though the underlying cryptographic algorithms are secure. Among these attacking techniques, the padding oracle attack is representative. In this paper, we analyze the possibility of padding oracle attacks of 12 kinds of padding techniques that can be applied to the CBC operation mode of a block cipher. As a result, we discovered that 3 kinds were safe padding techniques and 9 kinds were unsafe padding techniques. We propose 5 considerations when designing a safe padding techniques to have a resistance to the padding oracle attack through the analysis of three kinds of safe padding techniques.

Analysis of Padding Oracle Attack Possibility about Application Environment; SRTP, MIKEY, CMS, IPSec, TLS, IPTV (SRTP, MIKEY, CMS, IPSec, TLS, IPTV에 대한 패딩 오라클 공격 가능성 분석)

  • Hwang, Seongjin;Park, Myungseo;Moon, Dukjae;Kang, HyungChul;Kim, Jongsung;Lee, Changhoon
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.2
    • /
    • pp.73-80
    • /
    • 2015
  • In the various application environments on the internet, we use verified cipher algorithm to protect personal information. Even so, if an application method isn't proper, the information you want to keep can be intercepted. One of the representative examples of it is a PADDING ORACLE ATTACK. This thesis studied about STRP, MIKEY, CMS, IPSec, TLS, IPTV, an application environment which apply CBC operational mode based on block cipher and CBC padding method, and about whether we can attack against the Padding Oracle Attack as well as the vulnerable points.

Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD (BOZ-PAD 방법을 사용하는 블록암호 기반 CBC|CBC 이중 모드에 대한 패딩 오라클 공격)

  • Hwang, Seongjin;Lee, Changhoon
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.1
    • /
    • pp.89-97
    • /
    • 2015
  • In the various application environments on the internet, we use verified cipher algorithm to protect personal information of electronic commerce or application environments. Even so, if an application method isn't proper, the information you want to keep can be intercepted. This thesis studied about result of Padding Oracle Attack, an application environment which apply CBC|CBC operational mode based on block cipher and BOZ padding method.

Padding Oracle Attacks on Multiple Modes of Operation (다중 운영 모드에 대한 패딩 오라클 공격)

  • Lee, Tae-Keon;Kim, Jong-Sung;Lee, Chang-Hoon;Lee, Sangjin;Sung, Jae-Chul
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.1
    • /
    • pp.79-85
    • /
    • 2006
  • This attack requires an oracle which on receipt of a ciphertext, decrypts it and replies to the sender whether the padding is VALID or INVALID. In this paper we extend these attacks to other kinds of modes of operation for block ciphers. Specifically, we apply the padding oracle attacks to multiple modes of operation with various padding schemes. As a results of this paper, 12 out of total 36 double modes and 22 out of total 216 triple modes are vulnerable to the padding oracle attacks. It means that the 12 double modes and the 22 triple modes exposed to these types of attacks do not offer the better security than single modes.