Paper 2020/1159

ACE in Chains : How Risky is CBC Encryption of Binary Executable Files ?

Rintaro Fujita, Takanori Isobe, and Kazuhiko Minematsu

Abstract

We present malleability attacks against encrypted binary executable files when they are encrypted by CBC mode of operation. While the CBC malleability is classic and has been used to attack on various real-world applications, the risk of encrypting binary executable via CBC mode on common OSs has not been widely recognized. We showed that, with a certain non-negligible probability, it is possible to manipulate the CBC-encrypted binary files so that the decryption result allows an arbitrary code execution (ACE), which is one of the most powerful exploits, even without the knowledge of plaintext binary. More specifically, for both 32- and 64-bit Linux and Windows OS, we performed a thorough analysis on the binary executable format to evaluate the practical impact of ACE on CBC encryption, and showed that the attack is possible if the adversary is able to correctly guess 13 to 25 bits of the address to inject code. In principle, our attack affects a wide range of storage/file encryption systems that adopt CBC encryption. In addition, a manual file encryption using OpenSSL API (AES-256-CBC) is affected, which is presumed to be frequently used in practice for file encryption. We provide Proof-of-Concept implementations for Linux and Windows. We have communicated our findings to the appropriate institution and have informed to vendors as an act of responsible disclosure.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ACNS 2020
DOI
10.1007/978-3-030-57808-4_10
Keywords
CBC EncryptionMalleability AttacksExecutable FileArbitrary Code Execution
Contact author(s)
frintaro @ alumni cmu edu
takanori isobe @ ai u-hyogo ac jp
k-minematsu @ nec com
History
2020-09-25: received
Short URL
https://ia.cr/2020/1159
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1159,
      author = {Rintaro Fujita and Takanori Isobe and Kazuhiko Minematsu},
      title = {{ACE} in Chains : How Risky is {CBC} Encryption of Binary Executable Files ?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1159},
      year = {2020},
      doi = {10.1007/978-3-030-57808-4_10},
      url = {https://eprint.iacr.org/2020/1159}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.