Format Oracles on OpenPGP View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2015-03-11

AUTHORS

Florian Maury , Jean-René Reinhard , Olivier Levillain , Henri Gilbert

ABSTRACT

The principle of padding oracle attacks has been known in the cryptography research community since 1998. It has been generalized to exploit any property of decrypted ciphertexts, either stemming from the encryption scheme, or the application data format. However, this attack principle is being leveraged time and again against proposed standards and real-world applications. This may be attributed to several factors, e.g., the backward compatibility with standards selecting oracle-prone mechanisms, the difficulty of safely implementing decryption operations, and the misuse of libraries by non cryptography-savvy developers. In this article, we present several format oracles discovered in applications and libraries implementing the OpenPGP message format, among which the popular GnuPG application. We show that, if the oracles they implement are made available to an adversary, e.g., by a front-end application, he can, by querying repeatedly these oracles, decrypt all OpenPGP symmetrically encrypted packets. The corresponding asymptotic query complexities range from 2 to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^8$$\end{document} oracle requests per plaintext byte to recover. More... »

PAGES

220-236

Book

TITLE

Topics in Cryptology –- CT-RSA 2015

ISBN

978-3-319-16714-5
978-3-319-16715-2

Author Affiliations

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-16715-2_12

DOI

http://dx.doi.org/10.1007/978-3-319-16715-2_12

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1032547470


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Maury", 
        "givenName": "Florian", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Reinhard", 
        "givenName": "Jean-Ren\u00e9", 
        "id": "sg:person.011071447265.99", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011071447265.99"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Levillain", 
        "givenName": "Olivier", 
        "id": "sg:person.011450504021.90", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011450504021.90"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Gilbert", 
        "givenName": "Henri", 
        "id": "sg:person.012771236207.08", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012771236207.08"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2015-03-11", 
    "datePublishedReg": "2015-03-11", 
    "description": "The principle of padding oracle attacks has been known in the cryptography research community since 1998. It has been generalized to exploit any property of decrypted ciphertexts, either stemming from the encryption scheme, or the application data format. However, this attack principle is being leveraged time and again against proposed standards and real-world applications. This may be attributed to several factors, e.g., the backward compatibility with standards selecting oracle-prone mechanisms, the difficulty of safely implementing decryption operations, and the misuse of libraries by non cryptography-savvy developers. In this article, we present several format oracles discovered in applications and libraries implementing the OpenPGP message format, among which the popular GnuPG application. We show that, if the oracles they implement are made available to an adversary, e.g., by a front-end application, he can, by querying repeatedly these oracles, decrypt all OpenPGP symmetrically encrypted packets. The corresponding asymptotic query complexities range from 2 to \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^8$$\\end{document} oracle requests per plaintext byte to recover.", 
    "editor": [
      {
        "familyName": "Nyberg", 
        "givenName": "Kaisa", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-16715-2_12", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-319-16714-5", 
        "978-3-319-16715-2"
      ], 
      "name": "Topics in Cryptology \u2013- CT-RSA 2015", 
      "type": "Book"
    }, 
    "keywords": [
      "real-world applications", 
      "decryption operations", 
      "front-end applications", 
      "oracle attacks", 
      "encryption scheme", 
      "data format", 
      "message format", 
      "plaintext bytes", 
      "attack principle", 
      "backward compatibility", 
      "query complexity", 
      "oracle requests", 
      "oracle", 
      "research community", 
      "OpenPGP", 
      "format", 
      "ciphertext", 
      "applications", 
      "adversary", 
      "developers", 
      "bytes", 
      "library", 
      "packets", 
      "requests", 
      "attacks", 
      "complexity", 
      "scheme", 
      "standards", 
      "operation", 
      "principles", 
      "difficulties", 
      "misuse", 
      "compatibility", 
      "time", 
      "community", 
      "article", 
      "mechanism", 
      "properties", 
      "factors"
    ], 
    "name": "Format Oracles on OpenPGP", 
    "pagination": "220-236", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1032547470"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-16715-2_12"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-16715-2_12", 
      "https://app.dimensions.ai/details/publication/pub.1032547470"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-11-24T21:19", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221124/entities/gbq_results/chapter/chapter_63.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-16715-2_12"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-16715-2_12'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-16715-2_12'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-16715-2_12'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-16715-2_12'


 

This table displays all metadata directly associated to this object as RDF triples.

118 TRIPLES      22 PREDICATES      63 URIs      56 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-16715-2_12 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N4ecdf945fe0c4d129e1c12505ff3cebd
4 schema:datePublished 2015-03-11
5 schema:datePublishedReg 2015-03-11
6 schema:description The principle of padding oracle attacks has been known in the cryptography research community since 1998. It has been generalized to exploit any property of decrypted ciphertexts, either stemming from the encryption scheme, or the application data format. However, this attack principle is being leveraged time and again against proposed standards and real-world applications. This may be attributed to several factors, e.g., the backward compatibility with standards selecting oracle-prone mechanisms, the difficulty of safely implementing decryption operations, and the misuse of libraries by non cryptography-savvy developers. In this article, we present several format oracles discovered in applications and libraries implementing the OpenPGP message format, among which the popular GnuPG application. We show that, if the oracles they implement are made available to an adversary, e.g., by a front-end application, he can, by querying repeatedly these oracles, decrypt all OpenPGP symmetrically encrypted packets. The corresponding asymptotic query complexities range from 2 to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^8$$\end{document} oracle requests per plaintext byte to recover.
7 schema:editor N3c8d60ad520f4e67b837122e8cc14c3d
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N7e4bb48766db464196a4158034f1c32b
11 schema:keywords OpenPGP
12 adversary
13 applications
14 article
15 attack principle
16 attacks
17 backward compatibility
18 bytes
19 ciphertext
20 community
21 compatibility
22 complexity
23 data format
24 decryption operations
25 developers
26 difficulties
27 encryption scheme
28 factors
29 format
30 front-end applications
31 library
32 mechanism
33 message format
34 misuse
35 operation
36 oracle
37 oracle attacks
38 oracle requests
39 packets
40 plaintext bytes
41 principles
42 properties
43 query complexity
44 real-world applications
45 requests
46 research community
47 scheme
48 standards
49 time
50 schema:name Format Oracles on OpenPGP
51 schema:pagination 220-236
52 schema:productId N199aca55508a498fa45eb6fcf57fce63
53 N8b6b5814053f40d68bf8aa7a7b3248b4
54 schema:publisher Nba1ee3cb7ff4433b9e170582c7bd3ff3
55 schema:sameAs https://app.dimensions.ai/details/publication/pub.1032547470
56 https://doi.org/10.1007/978-3-319-16715-2_12
57 schema:sdDatePublished 2022-11-24T21:19
58 schema:sdLicense https://scigraph.springernature.com/explorer/license/
59 schema:sdPublisher N59692b3131714c4aa9c0cdf5574b6cea
60 schema:url https://doi.org/10.1007/978-3-319-16715-2_12
61 sgo:license sg:explorer/license/
62 sgo:sdDataset chapters
63 rdf:type schema:Chapter
64 N199aca55508a498fa45eb6fcf57fce63 schema:name doi
65 schema:value 10.1007/978-3-319-16715-2_12
66 rdf:type schema:PropertyValue
67 N3c8d60ad520f4e67b837122e8cc14c3d rdf:first Na2ff81095eb84a269859fc2be68090d7
68 rdf:rest rdf:nil
69 N4de49678114c4864840f1fe9fba18326 rdf:first sg:person.012771236207.08
70 rdf:rest rdf:nil
71 N4ecdf945fe0c4d129e1c12505ff3cebd rdf:first Nd10d3d7c134c4d9fb9eb06143321986a
72 rdf:rest N739f207f6f104a71a59595998e7c11fc
73 N59692b3131714c4aa9c0cdf5574b6cea schema:name Springer Nature - SN SciGraph project
74 rdf:type schema:Organization
75 N739f207f6f104a71a59595998e7c11fc rdf:first sg:person.011071447265.99
76 rdf:rest N903800e555e5420f960ff95a6cfe031b
77 N7e4bb48766db464196a4158034f1c32b schema:isbn 978-3-319-16714-5
78 978-3-319-16715-2
79 schema:name Topics in Cryptology –- CT-RSA 2015
80 rdf:type schema:Book
81 N8b6b5814053f40d68bf8aa7a7b3248b4 schema:name dimensions_id
82 schema:value pub.1032547470
83 rdf:type schema:PropertyValue
84 N903800e555e5420f960ff95a6cfe031b rdf:first sg:person.011450504021.90
85 rdf:rest N4de49678114c4864840f1fe9fba18326
86 Na2ff81095eb84a269859fc2be68090d7 schema:familyName Nyberg
87 schema:givenName Kaisa
88 rdf:type schema:Person
89 Nba1ee3cb7ff4433b9e170582c7bd3ff3 schema:name Springer Nature
90 rdf:type schema:Organisation
91 Nd10d3d7c134c4d9fb9eb06143321986a schema:affiliation grid-institutes:None
92 schema:familyName Maury
93 schema:givenName Florian
94 rdf:type schema:Person
95 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
96 schema:name Information and Computing Sciences
97 rdf:type schema:DefinedTerm
98 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
99 schema:name Data Format
100 rdf:type schema:DefinedTerm
101 sg:person.011071447265.99 schema:affiliation grid-institutes:None
102 schema:familyName Reinhard
103 schema:givenName Jean-René
104 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011071447265.99
105 rdf:type schema:Person
106 sg:person.011450504021.90 schema:affiliation grid-institutes:None
107 schema:familyName Levillain
108 schema:givenName Olivier
109 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011450504021.90
110 rdf:type schema:Person
111 sg:person.012771236207.08 schema:affiliation grid-institutes:None
112 schema:familyName Gilbert
113 schema:givenName Henri
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012771236207.08
115 rdf:type schema:Person
116 grid-institutes:None schema:alternateName ANSSI, Paris, France
117 schema:name ANSSI, Paris, France
118 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...