Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Slides:



Advertisements
Similar presentations
Symmetric Encryption Prof. Ravi Sandhu.
Advertisements

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Workshop 1: Padding Oracle Attack Daoyuan Feb 28,
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Chapter 5 Cryptography Protecting principals communication in systems.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 23 Symmetric Encryption
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Hybrid Cipher encryption Plain Text Key Cipher Text Key Plain Text IV Hybrid Cipher decryption Hybrid Cipher Note: IV used in encryption is not used in.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Cryptography, Authentication and Digital Signatures
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski.
Lecture 4: Using Block Ciphers
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Enterprise Security API (ESAPI) 2.0 Crypto Changes
Lecture 23 Symmetric Encryption
Privacy and Integrity: “ Two Essences of Network Security” Presenter Prosanta Gope Advisor Tzonelih Hwang Quantum Information and Network Security Lab,
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Various Attacks on Cryptosystems slides (c) 2012 by Richard Newman.
Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers.
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Dan Boneh Authenticated Encryption CBC paddings attacks Online Cryptography Course Dan Boneh.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.
Block Cipher Encrypting a large message Electronic Code Book (ECB) message m1 m2 m3 m4 m5 m6 c1 c2 c3 c4 c5 c6 E E E Secret.
CS480 Cryptography and Information Security
Cryptography and Network Security
Outline Desirable characteristics of ciphers Stream and block ciphers
Cryptography Lecture 10.
Block cipher and modes of encryptions
Block vs Stream Ciphers
Block Ciphers (Crypto 2)
Padding Oracle Attacks
Encryption Basics Types of ciphers Algorithms Modes Key Length
Cryptography Lecture 9.
Counter Mode, Output Feedback Mode
Elect. Codebook, Cipher Block Chaining
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Secret-Key Encryption
Presentation transcript:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP Padding Oracle Attacks Satish B 20/08/2011

OWASP 2 Cryptography Attack

OWASP 3 Agenda  Cryptography Basics  Padding oracle attack  Exploitation  Padding oracle in.NET  Tools  Remedy

OWASP 4 Cryptography Basics Stream Ciphers : Key supplied to encryption algorithm to get key stream Plain text is XOR with key stream to generate cipher text Ex: Rc4 1 0 = 1P K = C 0 1 = 1 C P = K Block Ciphers: Operates on fixed length group of bits or bytes (64 or 128 bit blocks) 128 bits of plain text is converted into 128 bits of cipher text Ex: AES

OWASP 5 Cryptography Basics Block Cipher : Modes ECB mode – Electronic code book mode Encryption of the same plain text with the same key results in the same cipher text, which is a considerable threat to security.

OWASP 6 Cryptography Basics CBC – cipher block chaining Encryption of the same plain text with the same key results in different cipher text because of IV. Each block of plaintext is XORed with the previous ciphertext block before being encrypted. Ci = Ek (Pi xor Ci-1)

OWASP 7 Cryptography Basics Each block of ciphertext is decrypted and XORed with the previous ciphertext block to obtain the plain text. First block of ciphertext is decrypted and XORed with IV to obtain the plain text.

OWASP 8 Cryptography Basics Block Ciphers – - Works on fixed size data - Messages are in variety of length - padding has introduced - Final block padded before encryption PKCS#5 standard - final block of plaintext is padded with N bytes of value N.

OWASP 9 Padding oracle attack Initially discovered in Credits: Got famous in What is it ? Possible to decrypt and encrypt data without key in CBC mode. Typical Scenario:  Brian logged into myapp.com  Server created an encryption string specific to Brian and sent to him  Accessing any page in the application sends the encrypted value to server  Server decrypts and serves the content based on decrypted value Ex: A28ED4AAC6

OWASP 10 Padding oracle attack Client data value = BRIAN;12;1; IV=7B216A F F851D6CC68FC A28ED4AAC6

OWASP 11 Padding oracle attack Client data A28ED4AAC6

OWASP 12 Padding oracle attack A28ED4AAC6 The application verifies whether the encrypted value is properly padded or not. When the application passed an encrypted value it responds with one of three ways: Valid ciphertext (with proper padding) – Normal response Invalid ciphertext (improper padding) – Exception Valid ciphertext and decrypts to an invalid value – Custom error Wrong padding can result in:  Error messages  Stack Traces  Time difference  Different responses

OWASP 13 Padding oracle attack oracle refers to a mechanism in cryptography that can be used to determine whether a test has passed or failed. Pass and Fail conditions can be used to decrypt without key. Decrypting without a key Valid cipher UID=7B216A F F851D6CC68FC9537 Invalid cipher UID= F851D6CC68FC9537

OWASP 14 Padding oracle attack Invalid cipher

OWASP 15 Padding oracle attack Invalid cipher UID= F851D6CC68FC9537 Intermediary Byte ^ 0×3C == 0×01, Intermediary Byte == 0×3C ^ 0×01, Intermediary Byte == 0×3D

OWASP 16 Padding oracle attack Valid cipher Plain text == Intermediary byte 0×3D ^ corresponding IV byte 0F = = 02 Now crack the 7 th byte and so on … In the end it gives Intermediate value

OWASP 17 Padding oracle attack Encrypting arbitrary values without key XOR the plaintext value with intermediary value to get IV Summary Padding oracle attack allows to encrypt and decrypt data without the key.

OWASP 18 Padding oracle attack in.NET Where is it applicable ?  View state  Session cookies  Any encrypted data in hidden parameters  WebResource.axd - serves embedded resources  ScriptResource.axd - serves embedded resources and files

OWASP 19 Padding oracle attack in.NET valid cipher text decrypted to valid value - proper response (200 ok) valid cipher text decrypted to invalid value - page not found or similar response (404) Invalid cipher text - padding error If the application gives different errors in the above 3 cases, it is vulnerable and easy to exploit.

OWASP 20 Tools  Padbuster  Poet  Padbusterdotnet

OWASP 21 Padding oracle attack Why Is this working?  CBC mode only provides confidentiality.  Confidentiality doe not ensure that the value is tampered or not.  Integrity check has to be performed. Solution  Implemented integrity check by adding hash to the encrypted value Before fix : After fix: adfadfdfdfe_aereradf349jkMjlrfgRr6moijfdn_Aretkjf093rpA2

OWASP 22 For more information on exploitation and usage of tools visit my site References oracle.html update-now-available.aspx relates-to.html attacks-with-padbuster/

OWASP 23 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.