Security flaws induced by cbc padding – Applications to SSL, IPSEC, WTLS

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2332, Issue , 2002, Pages 534-545

  Vaudenay, Serge ^a  

^a EPFL   (Switzerland)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER SCIENCE; COMPUTERS;

BLOCK CIPHERS; CHOSEN CIPHERTEXT ATTACK; ERROR MESSAGES; PADDING SCHEME; SECURITY FLAWS; SIDE-CHANNEL; SSL/TLS;

SIDE CHANNEL ATTACK;

EID: 84947212539     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-46035-7_35     Document Type: Conference Paper

References (19)

1. Wireless Transport Layer Security. Wireless Application Protocol WAP-261-WTLS-20010406-a. Wireless Application Protocol Forum, 2001. http://www.wapforum.org/
2. R. Baldwin, R. Rivest. The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms RFC 2040, 1996.
3. M. Bellare, A. Boldyreva, L. Knudsen, C Namprempre. Online Ciphers and the Hash-CBC Construction. In Advances in Cryptology CRYPTO’01, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 2139, pp. 292–309, Springer-Verlag, 2001.
4. S. Bellovin. Problem Areas for the IP Security Protocols. In Proceedings of the 6th Usenix UNIX Security Symposium, San Jose, California, USENIX, 1996.
5. D. Bleichenbacher. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS#1. In Advances in Cryptology CRYPTO’98, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1462, pp. 1–12, Springer-Verlag, 1998.
6. N. Borisov, I. Goldberg, D. Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking, ACM Press, 2001.
7. T. Dierks, C. Allen. The TLS Protocol Version 1.0. RFC 2246, standard tracks, the Internet Society, 1999.
8. M. Dworkin. Recommendation for Block Cipher Modes of Operation. US Department of Commerce, NIST Special Publication 800-38A, 2001.
9. S. Kent, R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401, standard tracks, the Internet Society, 1998.
10. S. Kent, R. Atkinson. IP Encapsulating Security Payload (ESP). RFC 2406, standard tracks, the Internet Society, 1998.
11. H. Krawczyk. The Order of Encryption and Authentication for Protecting Communications (or: How Secure is SSL?). In Advances in Cryptology CRYPTO’01, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 2139, pp. 310–331, Springer-Verlag, 2001.
12. L.R. Knudsen. Block Ciphers — Analysis, Design and Applications, Aarhus University, 1994.
13. J. Manger. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS#1 v2.0. In Advances in Cryptology CRYPTO’01, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 2139, pp. 230–238, Springer-Verlag, 2001.
14. A.J. Menezes, P.C. van Oorschot, S.A. Vanston. Handbook of Applied Cryptography, CRC, 1997.
15. E. Petrank, C. Rackoff. CBC MAC for Real-Time Data Sources. Journal of Cryptology, vol. 13, pp. 315–338, 2000.
16. B. Preneel, P. C. van Oorschot. Mdx-MAC and Building Fast MACs from Hash Functions. In Advances in Cryptology CRYPTO’95, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 963, pp. 1–14, Springer-Verlag, 1995.
17. B. Schneier. Applied Cryptography, 2nd Edition, John Wiley & Sons, 1996.
18. R. Shirey. Internet Security Glossary. RFC 2828, the Internet Society, 2000.
19. S. Vaudenay. Decorrelation over Infinite Domains: the Encrypted CBC-MAC Case. In Selected Areas in Cryptography’00, Waterloo, Ontario, Canada, Lectures Notes in Computer Science 2012, pp. 189–201, Springer-Verlag, 2001. Journal version: Communications in Information and Systems, vol. 1, pp. 75–85, 2001