Breaking CBC, or Randomness Never Was Happiness

DEF CON 23

Presented by: Dr. Albert H. Carlson (ECCSmith), Patrick Doherty
Date: Friday August 07, 2015
Time: 00:00 - 00:00
Location:

Hiding patterns in encrypted messages to make the transmission look like random symbols is the goal of cryptography. However, all ciphers do not completely disguise those patterns, making decryption possible. In response to this problem, modes were introduced to break up patterns and to increase the “randomness” of an encrypted message. In the case of Cipher Block Chaining mode (CBC) the randomizing material is the cipher text from the preceding block. CBC uses a “feed forward” algorithm and a regular structure that provides attackable data. In fact, there is so much information in the structure and associated data that CBC wrapped around ANY cipher can be efficiently broken.

We show that by using the blocks of the CBC algorithm both linear and non-linear encryptions using CBC can be broken. Further, we show that no linear cipher (such as a permutation or XOR cipher) is safe when used in conjunction with the mode and that non-linear ciphers (such as AES) are also vulnerable. Using the Birthday Paradox to predict how much data is needed to allow for decryption. This talk will demonstrate the break and show the mathematical background of the attack.

Dr. Albert H. Carlson

Dr. Albert Carlson began his hacking career soon after he began taking programming courses in High School in Chicago in 1975. Upon completion of his BSCompEng degree from the University of Illinois at Urbana in 1981, he joined the US Army as a Military Intelligence Officer specializing in Electronic Warfare and Cryptography. Retiring due to injury, he then began a 25 year career in engineering that included work in consumer, military, and designing utility substation security systems. Dr. Carlson returned to school at the University of Idaho in 2002. There he completed his Master’s degree and PhD, both in Computer Science and specializing in Advance Set Theory and Cryptography. His dissertation, accepted in June of 2012, had as its’ subject: applying Set Theoretic Estimation to decryption. In 2013 Dr. Carlson joined the faculty of Fontbonne University on the staff of the Math and Computer Science department. His research team studies the use of patterns in natural language and how they relate to set and information based attacks on ciphers. Dr. Carlson’s research interests include: cryptography, set theoretic estimation, natural language, patterns in language, physical security, critical infrastructure protection, and hardware security.

Patrick Doherty

Patrick Doherty is a senior at Fontbonne University and will graduate in December of 2015. He is majoring in Computer science and plans on earning a graduate degree in the same field. He is the Project manager for the Research team.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats