Cryptology ePrint Archive: Report 2020/1159

ACE in Chains : How Risky is CBC Encryption of Binary Executable Files ?

Rintaro Fujita and Takanori Isobe and Kazuhiko Minematsu

Abstract: We present malleability attacks against encrypted binary executable files when they are encrypted by CBC mode of operation. While the CBC malleability is classic and has been used to attack on various real-world applications, the risk of encrypting binary executable via CBC mode on common OSs has not been widely recognized. We showed that, with a certain non-negligible probability, it is possible to manipulate the CBC-encrypted binary files so that the decryption result allows an arbitrary code execution (ACE), which is one of the most powerful exploits, even without the knowledge of plaintext binary. More specifically, for both 32- and 64-bit Linux and Windows OS, we performed a thorough analysis on the binary executable format to evaluate the practical impact of ACE on CBC encryption, and showed that the attack is possible if the adversary is able to correctly guess 13 to 25 bits of the address to inject code. In principle, our attack affects a wide range of storage/file encryption systems that adopt CBC encryption. In addition, a manual file encryption using OpenSSL API (AES-256-CBC) is affected, which is presumed to be frequently used in practice for file encryption. We provide Proof-of-Concept implementations for Linux and Windows. We have communicated our findings to the appropriate institution and have informed to vendors as an act of responsible disclosure.

Category / Keywords: secret-key cryptography / CBC Encryption, Malleability Attacks, Executable File, Arbitrary Code Execution

Original Publication (with minor differences): ACNS 2020
DOI:
10.1007/978-3-030-57808-4_10

Date: received 23 Sep 2020

Contact author: frintaro at alumni cmu edu,takanori isobe@ai u-hyogo ac jp,k-minematsu@nec com

Available format(s): PDF | BibTeX Citation

Version: 20200925:184417 (All versions of this report)

Short URL: ia.cr/2020/1159


[ Cryptology ePrint archive ]