A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL

A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL (2006)

Cached

Download Links

[eprint.iacr.org]

Other Repositories/Bibliography

DBLP

by Gregory V. Bard

Venue:	SECRYPT 2006, PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SET'UBAL
Citations:	5 - 1 self

BibTeX

@INPROCEEDINGS{Bard06achallenging,
    author = {Gregory V. Bard},
    title = {A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL},
    booktitle = {SECRYPT 2006, PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SET'UBAL},
    year = {2006},
    pages = {7--10},
    publisher = {INSTICC Press}
}

Bookmark

OpenURL

Abstract

This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which enables recovery of low entropy strings such as can be guessed from a likely set of 2--1000 options. SSL and TLS are widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL and TLS standards mandate the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector (IV) in order to encrypt. Although the first IV used by SSL is a (pseudo)random string which is generated and shared during the initial handshake phase, subsequent IVs used by SSL are chosen in a deterministic, predictable pattern; in particular, the IV of a message is taken to be the final ciphertext block of the immediately-preceding message, and is therefore known to the adversary. The one-

Citations

327	C.: The TLS protocol version 1.0 - Dierks, Allen - 1999
296	A Concrete Security Treatment of Symmetric Encryption - Bellare, Desai, et al. - 1997
227	Network Security, Private Communication in a Public World - Kaufman, Perlman, et al. - 1995
172	Authenticated encryption: Relations among notions and analysis of the generic composition paradigm - Bellare, Namprempre
109	The SSL protocol version 3.0 - Freier, Karlton, et al. - 1996
21	Recommendation for Block Cipher Modes of Operation: Methods and Techniques - Dworkin - 2001
20	Security flaws induced by CBC padding - applications to SSL - Vaudenay - 2002
17	The Design and Implementation of Datagram TLS - Modadugu, Rescorla - 2004
12	Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models - Joux, Martinet, et al. - 2002
9	The Java TM Language Specification. Addison-Wesley, third edition - Gosling, Joy, et al. - 2005
7	Practical Symmetric On-line Encryption - Fouque, Martinet, et al. - 2003
7	Block chaining modes of operation - Knudsen - 2002
6	Provably fixing the ssh binary packet protocol - Bellare, Kohno, et al. - 2002
5	On-line Encryption Schemes: New Security Notions and Constructions - Boldyreva, Taesombut - 2003
5	The TLS protocol version 1.2 - Dierks, Rescorla - 2008
3	An Attack Against SSH2 Protocol. Email to the SECSH Working Group available from ftp://ftp.ietf.org - Dai - 2002
3	Recommendation for block cipher modes of operation: The rmac authentication mode, methods and techniques - Dworkin
1	Cryptology ePrint Archive, Report 2004/111 - Bellare, Boldyreva, et al. - 2004
1	Using flows for analysis and measurement of internet traffic. Master’s thesis, Institute of Communication Networks and Computer Engineering of the - Löffler - 1997
1	Symmetric Key Block Cipher Modes of Operation Workshop. National Institute of Science and - In
1	Aes counter mode cipher suites for tls and dtls - Modadugu, Rescorla - 2006
1	ietf-tls] re: Rfc 2246-bis open issues. Email to the ietf-tls@lists.certicom.com email list - Rescorla - 2002