Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption

Jager, Tibor; Schinzel, Sebastian; Somorovsky, Juraj

doi:10.1007/978-3-642-33167-1_43

Cited by 25 publications

(22 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The same is (even more) true of time(). As such, the only input to the victim PRNG that may be unknown to the adversary is the result of getpid(), which may assume any of 2 16 values. An adversary can initiate a password reset for its own account with the victim web application.…”

Section: Background On Prng In Phpmentioning

confidence: 99%

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Zhang

Juels

Reiter

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

258

159

View full text Add to dashboard Cite

We present a new attack framework for conducting cachebased side-channel attacks and demonstrate this framework in attacks between tenants on commercial Platform-as-aService (PaaS) clouds. Our framework uses the FlushReload attack of Gullasch et al. as a primitive, and extends this work by leveraging it within an automaton-driven strategy for tracing a victim's execution. We leverage our framework first to confirm co-location of tenants and then to extract secrets across tenant boundaries. We specifically demonstrate attacks to collect potentially sensitive application data (e.g., the number of items in a shopping cart), to hijack user accounts, and to break SAML single sign-on. To the best of our knowledge, our attacks are the first granular, cross-tenant, side-channel attacks successfully demonstrated on state-of-the-art commercial clouds, PaaS or otherwise.

show abstract

Section: Background On Prng In Phpmentioning

confidence: 99%

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Zhang

Juels

Reiter

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

258

159

View full text Add to dashboard Cite

show abstract

“…The attack has recently been improved to require a median of less than 15 000 chosen ciphertexts on the standard oracle [5]. Instances of the attack in widely-deployed real-world systems continue to be found [23]. Finally, note also that as of version 1.3, RSAES-PKCS1-v1 5 will be dropped from the TLS standard.…”

Section: Scenario Api Symmetric Encryptionmentioning

confidence: 99%

“…This may require some kind of tie between hardware tokens for keys and their operations. Recently, the W3C has been exploring adding hardware token access to the Web Cryptography API in their "Web Cryptography v.Next" workshop, and so the next version of the API may support both secure multisession key storage and cryptographic operations on those keys via some form of a trusted execution environment 22 as well as access via next-generation authentication APIs such as FIDO 23 to origin-bound platform-held keys via call-response requests that do not reveal the secret key material.…”

Section: Fixing the Web Cryptography Apimentioning

confidence: 99%

Security Analysis of the W3C Web Cryptography API

Cairns

Halpin

Steel

2016

Security Standardisation Research

View full text Add to dashboard Cite

Abstract. Due to the success of formal modeling of protocols such as TLS, there is a revival of interest in applying formal modeling to standardized APIs. We argue that formal modeling should happen as the standard is being developed (not afterwards) as it can detect complex or even simple attacks that the standardization group may not otherwise detect. As a case example of this, we discuss in detail the W3C Web Cryptography API. We demonstrate how a formal analysis of the API using the modeling language AVISPA with a SAT solver demonstrates that while the API has no errors in basic API operations and maintains its security properties for the most part, there are nonetheless attacks on secret key material due to how key wrapping and usages are implemented. Furthermore, there were a number of basic problems in terms of algorithm selection and a weakness that led to a padding attack. The results of this study led to the removal of algorithms before its completed standardization and the removal of the padding attack via normalization of error codes, although the key wrapping attack is still open. We expect this sort of formal methodology to be applied to new standardization efforts at the W3C such as the W3C Web Authentication API.

show abstract

“…With sufficiently high probability the derived "message" sm mod N is PKCS#1 v1.5 padding compliant. The adversary could thus potentially deduce information about m in case of an error message 12 indicating correct or incorrect padding, and given sufficiently many error messages, recover m. The attack has been significantly improved in a series of papers, e.g., [JSS12,MSWS14].…”

Section: On the Applicability Of Bleichenbacher's Attackmentioning

confidence: 99%

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Degabriele

Fehr

Fischlin

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Abstract. The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast-track standardization process for ISO/IEC 25185-1. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We discuss potential countermeasures to our attacks and comment on our experiences with the standardization process of PLAID.

show abstract

Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption

Cited by 25 publications

References 15 publications

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Security Analysis of the W3C Web Cryptography API

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Contact Info

Product

Resources

About