The Twelfth International World Wide Web Conference
20-24 May 2003, Budapest, HUNGARY
||We review two side channel attacks on existing protocols
that take advantage of the format of messages submitted
Variable length messages are usually encrypted by applying
repeatedly a block cipher in some special mode of operation.
However, when the messages are not a multiple of the
encryption block, padding must be used to create messages
of valid format. Then in order to decrypt the message one
must first check if the padding is correct.
It is exactly at this point where a side channel is created
since the validity of the format is leaked from communication
protocols as the receiver usually replies with an error
In this talk we show how an attacker can query the protocol
with chosen ciphertexts in order to decrypt the original message.
We conclude that it is not only important to have a good
encryption algorithm but this algorithm must be encapsulated
into a secure environment. The algorithm must be examined as
a whole since individual bits leaked may be important to
the security of the scheme.
Dr. Tassos Dimitriou received a BSc degree from the Computer Science and
Engineering Department of the University of Patras, Greece back in 1990
and his MSc and PhD degrees from the University of California, San Diego
in 1993 and 1996, respectively. He is interested
in doing research in various aspects of Theoretical Computer Science like
combinatorial optimization and analysis of heuristics for difficult to
solve problems, study of randomness in algorithms and derandomization
techniques, algorithms for selfish agents and smart dust systems,
cryptography and computer security. He can be reached at
Athen's Information Technology
where he is currently an Assistant Professor.