Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD

Seongjin Hwang; Changhoon Lee

Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD

Seongjin Hwang, Changhoon Lee

Abstract

In the various application environments on the internet, we use verified cipher algorithm to protect personal information of electronic commerce or application environments. Even so, if an application method isn’t proper, the information you want to keep can be intercepted. This thesis studied about result of Padding Oracle Attack, an application environment which apply CBC|CBC operational mode based on block cipher and BOZ padding method.

Full Text:

PDF

References

Biham, E., “Cryptanalysis of multiple modes of operation,” Lecture Notes in Computer Science, Vol. 917, pp. 278-292, 1995.

Black, J. H. and Urtubia, “Side-Channel Attacks on Symmetric Encryption Schemes : The Case for Authenticated Encryption,” USENIX, 2002.

Jin, C. Y., Kim, A. C., and Lim, J. I., “Correlation Analysis in Information Security Checklist Based on Knowledge Network,” The Journal of Society for e-Business Studies, Vol. 19, No. 2, pp. 109-124, 2014.

Klíma, V. and Rosa, T., “Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format,” eprint, 2003.

Lee, T. K., Kim, J. S., Lee, C. H., Sung, J. C., Lee, S. J., and Hong, D. W., “Padding Oracle Attacks on Multiple Modes of Operation,” Lecture Notes in Computer Science, Vol. 3506, pp. 343-351, ICISC, 2004.

Oh, N. S., Han, Y. S., Eom, C. W., Oh, K. S., Lee, B. G., “Developing the Assessment Method for Information Security Levels,” The Journal of Society for e-Business Studies, Vol. 16, No. 2, pp. 159-169, 2011.

Paterson, K. G. and Yau, A., “Padding Oracle Attacks on the ISO CBC Mode Encryption Standard”, CT-RSA 2004, LNCS, Vol. 2964, pp. 305-323, Springer-Verlag, 2004.

Rizzo, J. and Duong, T., “Practical Padding Oracle Attacks,” USENIX WOOT 2010.

Seo, Y. J. and Han, S. Y., “An Information Flow Security Based on Protected Area in eCommerce,” The Journal of Society for e-Business Studies, Vol. 15, No. 1, pp. 1-16, 2010.

Vaudenay, S., “Security Flaws Induced by CBC Padding, Applications to SSL, IPSEC, TLS…”, Eurocrypt 2002, LNCS, Vol. 2332, pp. 534-545, Springer-Verlag, 2002.

Refbacks

There are currently no refbacks.

Username
Password
Remember me