A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols

Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to provide confidentiality and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serous security hole in these protocols: any encrypted e-mail can be decrypted using a one-message, adaptive chosen-ciphertext attack which exploits the structure of the block cipher chaining models used. Although such attacks seem to be of primarily theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used. We suggest several solutions to protect against this class of attack.

[1]  R. Housley Cryptographic Message Syntax , 1999, RFC.

[2]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[3]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[4]  Mihir Bellare,et al.  DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem , 1999, IACR Cryptol. ePrint Arch..

[5]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, CRYPTO.

[6]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[7]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, ASIACRYPT.

[8]  Moni Naor,et al.  On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract) , 1997, STOC '97.

[9]  Sandra L. Murphy,et al.  MIME Object Security Services , 1995, RFC.

[10]  Burton S. Kaliski,et al.  PKCS #7: Cryptographic Message Syntax Version 1.5 , 1998, RFC.

[11]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[12]  Silvio Micali,et al.  Why and how to establish a private code on a public network , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[13]  Bruce Schneier,et al.  Reaction Attacks against several Public-Key Cryptosystems , 1999, ICICS.

[14]  Bruce Schneier,et al.  E-mail security , 1995 .

[15]  Manuel Blum,et al.  Proving Security Against Chosen Cyphertext Attacks , 1988, CRYPTO.

[16]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[17]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[18]  Victor Shoup,et al.  Why Chosen Ciphertext Security Matters , 2000 .

[19]  Jonathan Katz,et al.  Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation , 2000, FSE.

[20]  John Linn,et al.  Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[21]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[22]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.