The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD

BOZ-PAD 방법을 사용하는 블록암호 기반 CBC|CBC 이중 모드에 대한 패딩 오라클 공격

  • Received : 2014.12.08
  • Accepted : 2015.01.23
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

In the various application environments on the internet, we use verified cipher algorithm to protect personal information of electronic commerce or application environments. Even so, if an application method isn't proper, the information you want to keep can be intercepted. This thesis studied about result of Padding Oracle Attack, an application environment which apply CBC|CBC operational mode based on block cipher and BOZ padding method.

최근 개인정보 관련 사고들이 빈번하게 발생함에 따라 전자거래나 응용 환경의 개인 정보 및 민감한 정보들의 안전성에 대한 관심이 높아졌다. 인터넷 환경에서 데이터나 정보를 안전하게 보호하기 위해서 안전한 암호 알고리즘을 사용한다. 하지만 암호 적용방식이 올바르지 않으면 악의를 가진 공격으로부터 안전하지 않을 수 있다는 것이 연구 결과와 방법들로 소개되고 있다. 본 논문에서는 다양한 공격 방법들 중 CBC|CBC 모드에서 BOZ-PAD 방법을 사용하는 환경에 대해 패딩 오라클 공격을 적용한 결과를 소개한다.

Keywords

References

  1. Biham, E., "Cryptanalysis of multiple modes of operation," Lecture Notes in Computer Science, Vol. 917, pp. 278-292, 1995.
  2. Black, J. H. and Urtubia, "Side-Channel Attacks on Symmetric Encryption Schemes : The Case for Authenticated Encryption," USENIX, 2002.
  3. Jin, C. Y., Kim, A. C., and Lim, J. I., "Correlation Analysis in Information Security Checklist Based on Knowledge Network," The Journal of Society for e-Business Studies, Vol. 19, No. 2, pp. 109-124, 2014. https://doi.org/10.7838/jsebs.2014.19.2.109
  4. Klima, V. and Rosa, T., "Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format," eprint, 2003.
  5. Lee, T. K., Kim, J. S., Lee, C. H., Sung, J. C., Lee, S. J., and Hong, D. W., "Padding Oracle Attacks on Multiple Modes of Operation," Lecture Notes in Computer Science, Vol. 3506, pp. 343-351, ICISC, 2004.
  6. Oh, N. S., Han, Y. S., Eom, C. W., Oh, K. S., Lee, B. G., "Developing the Assessment Method for Information Security Levels," The Journal of Society for e-Business Studies, Vol. 16, No. 2, pp. 159-169, 2011. https://doi.org/10.7838/JSEBS.2011.16.2.159
  7. Paterson, K. G. and Yau, A., "Padding Oracle Attacks on the ISO CBC Mode Encryption Standard", CT-RSA 2004, LNCS, Vol. 2964, pp. 305-323, Springer-Verlag, 2004.
  8. Rizzo, J. and Duong, T., "Practical Padding Oracle Attacks," USENIX WOOT 2010.
  9. Seo, Y. J. and Han, S. Y., "An Information Flow Security Based on Protected Area in eCommerce," The Journal of Society for e-Business Studies, Vol. 15, No. 1, pp. 1-16, 2010.
  10. Vaudenay, S., "Security Flaws Induced by CBC Padding, Applications to SSL, IPSEC, TLS...", Eurocrypt 2002, LNCS, Vol. 2332, pp. 534-545, Springer-Verlag, 2002.

Cited by

  1. Survey of design and security evaluation of authenticated encryption algorithms in the CAESAR competition vol.19, pp.12, 2015, https://doi.org/10.1631/fitee.1800576