A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols
Abstract:
Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to proivide confidentialtiy and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serous security hole in these protocols: any encrypted e-mail can be decrypted using a one-message, adaptive chosen-ciphertext attack which exploits the structure of the block cipher chaining models used. Although such attacks seem to be of primarily theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used. We suggest several solutions to protect against this class of attack.
BibTeX
@inproceedings {271260,
author = {Jonathan Katz and Bruce Schneier},
title = {A Chosen Ciphertext Attack Against Several {E-Mail} Encryption Protocols},
booktitle = {9th USENIX Security Symposium (USENIX Security 00)},
year = {2000},
address = {Denver, CO},
url = {https://www.usenix.org/conference/9th-usenix-security-symposium/chosen-ciphertext-attack-against-several-e-mail-encryption},
publisher = {USENIX Association},
month = aug
}
author = {Jonathan Katz and Bruce Schneier},
title = {A Chosen Ciphertext Attack Against Several {E-Mail} Encryption Protocols},
booktitle = {9th USENIX Security Symposium (USENIX Security 00)},
year = {2000},
address = {Denver, CO},
url = {https://www.usenix.org/conference/9th-usenix-security-symposium/chosen-ciphertext-attack-against-several-e-mail-encryption},
publisher = {USENIX Association},
month = aug
}