Title: Side Channel Attacks on CBC Encrypted Messages in the PKCS
1Side Channel Attacks on CBC Encrypted Messages in
the PKCS7 Format
- Vlastimil Klíma 1 and Tomá Rosa 1,2
- vlastimil.klima, tomas.rosa_at_i.cz
- 1 ICZ a.s., 2 Czech Technical University in Prague
Security and Protection of Information 2003, 2nd
International Scientific Conference, NATO PfP/PWP
CATE, Brno, Czech Republic, 28.4.-30.4.2003
2Preliminaries
- Side channel attacks use side information from
the system to unveil some secret information - The CBC mode of a block cipher with the
combination of well-known PKCS5 padding method
is de facto standard CBC usage - In the presentation we will assume n-byte block
cipher (for the simplicity let n 8) - PKCS5 padding
- data.... bb...b
- b bytes of the value b are padded, where b is the
number of padded bytes - C1 B2 01 A5 FE A1 02 02 is a valid block
- C1 B2 01 A5 FE A1 01 02 is an invalid block
3Valid-Padding Oracle
4Vaudenay's attack
- The first side channel attack based on a
valid-padding oracle in the CBC mode was
described by Serge Vaudenay at Eurocrypt 2002. - He showed that it is possible to use it to
decipher any captured ciphertext. - It is very efficient, its complexity is about
128(bytes of the ciphertext). - The valid-padding oracle is based on the fact
that there exist valid and invalid padding
strings.
5ABYT-PAD - arbitrary byte tail padding -
- Black and Urtubia at 11th USENIX Security
Symposium (2002) proposed the ABYT-PAD padding
scheme, where all padding strings are valid. - It thwarts the original Vaudenays attack.
- data....d bb...b, b?d
- ABYT-PAD The bytes of the same value b are
padded to a multiple of n bytes, but the value b
can be arbitrary. It only has to be different
from the last data byte d. - The rule for removing the padding string is
discard all the same bytes from the end, no
matter of their value. - C1 B2 01 A5 FE A1 02 02 is a valid block
- C1 B2 01 A5 FE A1 01 02 is also a valid
block - Note that theoretically, it is possible to pad
more then n bytes (one block) and that our attack
works in this case too.
6Using ABYT-PAD padding
- Motivation When the new padding scheme is that
good, what about using it in PKCS7 instead of
PKCS5 padding? - PKCS7 describes the general syntax for
cryptographically protected data, e.g. data which
is encrypted, digitally signed, etc.
7PKCS7 ver. 1.6 with ABYT-PAD instead of PKCS5
- PKCS7 has its own syntax. We will work with an
encrypted message, stored in the structure
"enveloped data" - IV and a symmetric encryption key are generated
randomly, the key is then encrypted by a PKC and
also encapsulated in the structure "enveloped
data" - A data being encrypted is at first encoded
(formatted) according to ASN.1. It creates the
message M (type-octets, length-octets,
data-octets) - M is (ABYT-PAD) padded and the plaintext P (M,
padding) is then encrypted in the CBC mode - The ciphertext C and IV are then placed into the
structure "enveloped data" - Note assume there is usual type octet 0x04
(OCTET STRING), one octet length L and maximally
n bytes of padding.
8The decryption process defines a "PKCS7
Confirmation Oracle"
- Extract the ciphertext C (IV, CT) from the
PKCS7 structure "enveloped data". - Decipher C to a plaintext P.
- Remove the padding from the plaintext P. The
result is a message M. - Parse M according to PKCS7 syntax
- Check the type-octet of M (0x04). If it is not
correct, an error has occurred. - Check the length-octet of M (L). L must be equal
to the length of the remaining part of M. If it
is not, an error has occurred. - If the two previous checks are successful, it is
OK, otherwise something is BAD. Most of
applications will tell OK/BAD to the attacker due
to their error messages or a behaviour. - We define the oracle O(C) ANSWER OK/BAD
according to the procedure described above
9The main result of our paper
- Using a PKCS7 confirmation oracle, we are able
to decrypt the original plaintext - The complexity of the attack is roughly
128(bytes of the original plaintext) - Attack scenario
- The attacker intercepts a valid ciphertext C
(IV, CT1, CT2, ... CTs), s ? 1 - Then she creates her own ciphertexts C and on
the base of oracle answers she deciphers the
corresponding plaintext (P1, P2, ... Ps) - We will show that she is able to compute X
DK(Y) for an arbitrary chosen ciphertext block Y,
implying that she is able to decrypt C.
10Description of the attack- Computing X DK(Y) -
- Preparation phase finding out the length (L)
- Computing X DK(Y) leaving one byte of
uncertainty we obtain the set of equations X1 ?
T1 X2 ? T2 ... Xn ? Tn A, with known Ti
and unknown A - Determining the remaining byte (A) of uncertainty
11The first phase determining of the length L
? 1
? 1
12Computing X DK(Y) leaving one byte of
uncertainty
13Determining the remaining byte of uncertainty (A)
14Conclusions
- The complexity of the attack is given mainly by
second step the average of oracle calls is 128
per one ciphertext byte. - ABYT-PAD padding scheme thwarts the Vaudenays
attack. - We showed that even using this "perfect" padding
scheme, we cannot fully remove side channel
attacks in the CBC mode. - Our recommendation is to use strong cryptographic
check of the ciphertext.
15Further work ideas
- Recall the basic properties of CBC
- Changes in the block Ci propagates linearly and
deterministically to changes of the plaintext
block Pi1, no matter how strong the cipher is - It has good self synchronization properties an
effect of a corruption of i-th block vanishes
starting by block (i2)
16Further work ideas
- Basing on the basic properties of CBC
- Processing of formatted data creates vital side
channels with respect to the CBC mode - Practically speaking
- Highly structured data format without strong
authentication of ciphertexts may turn to be
vulnerable - Example S/MIME, various proprietary
Type-Length-Value formats, etc.
17Finally wed like to stress
- Elaborated problems with the CBC mode are quite
obviously not only stories of proper padding
methods - In other words Padding was just a beginning...