Cryptology ePrint Archive: Report 2003/098
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
Vlastimil Klima and Tomas Rosa
Abstract: Vaudenay has shown in  that a CBC encryption mode (, ) combined with the PKCS#5 padding  scheme allows an attacker to invert the underlying block cipher, provided she has access to a valid-padding oracle which for each input ciphertext tells her whether the corresponding plaintext has a valid padding or not. Having on mind the countermeasures against this attack, different padding schemes have been studied in . The best one is referred to as the ABYT-PAD. It is designed for byte-oriented messages. It removes the valid-padding oracle, thereby defeating Vaudenay's attack, since all deciphered plaintexts are valid in this padding scheme. In this paper, we try to combine the well-known cryptographic message syntax standard PKCS#7  with the use of ABYT-PAD instead of PKCS#5. Let us assume that we have access to a PKCS#7CONF oracle that tells us for a given ciphertext (encapsulated in the PKCS#7 structure) whether the deciphered plaintext is correct or not according to the PKCS#7 (v1.6) syntax. This is probably a very natural assumption, because applications usually have to reflect this situation in its behavior. It could be a message for the user, an API error message, an entry in the log file, different timing behavior, etc. We show that access to such an oracle again enables an attacker to invert the underlying block cipher. The attack requires single captured ciphertext and approximately 128 oracle calls per one ciphertext byte. It shows that we cannot hope to fully solve problems with side channel attacks on the CBC encryption mode by using a “magic” padding method or an obscure message-encoding format. Strong cryptographic integrity checks of ciphertexts should be incorporated instead.
Category / Keywords: secret-key cryptography / CBC, symmetrical encryption, padding, ABYT-PAD, ABIT-PAD, PKCS#7, cryptanalysis, side channel attack, confirmation oracle
Publication Info: Presented at the 2nd International Conference (NATO PfP/PWP) Security and Protection of Information, Brno, Czech Republic, April 28 - 30, 2003.
Date: received 12 May 2003
Contact author: vlastimil klima at i cz
Available formats: PDF | BibTeX Citation
Version: 20030521:101737 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]