2012
DOI: 10.1007/978-3-642-29011-4_40
|View full text |Cite
|
Sign up to set email alerts
|

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation

Abstract: In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable pr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
27
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
9

Relationship

2
7

Authors

Journals

citations
Cited by 31 publications
(27 citation statements)
references
References 17 publications
0
27
0
Order By: Relevance
“…Albrecht et al [APW09] showed how to carry out a plaintext recovery attack against the Secure Shell (SSH) protocol as a result of byte-by-byte processing. This motivated the need for non-atomic authenticated encryption definitions [BDPS12,FGMP15]. The work of Fischlin et al [FGMP15] in particular is motivated by protocols such as TLS, SSH, and QUIC, and describes checks that can again be correlated with our level-4 AEAD notion.…”
Section: Additional Related Workmentioning
confidence: 99%
“…Albrecht et al [APW09] showed how to carry out a plaintext recovery attack against the Secure Shell (SSH) protocol as a result of byte-by-byte processing. This motivated the need for non-atomic authenticated encryption definitions [BDPS12,FGMP15]. The work of Fischlin et al [FGMP15] in particular is motivated by protocols such as TLS, SSH, and QUIC, and describes checks that can again be correlated with our level-4 AEAD notion.…”
Section: Additional Related Workmentioning
confidence: 99%
“…Bellare and Keelveedhi [7] considered a stronger security model where data may be key-dependent. Boldyreva et al reformulated AE requirements and properties to handle ciphertext fragmentation in [18], and enhanced the syntax and security definitions so that the verification oracle is allowed to handle multiple failure events in [19].…”
Section: Background and Related Workmentioning
confidence: 99%
“…In response, a number of works have tried to capture more closely how protocols behave when implemented [14,21,25]. We are particularly interested in subtle authenticated encryption [4] which augments the authenticated encryption security game with an implementation-dependent leakage oracle that provides an adversary deterministic decryption leakage on invalid ciphertexts only.…”
Section: Introductionmentioning
confidence: 99%