SlideShare a Scribd company logo
1 of 17
CBC Bit-Flipping Attack
Team bi0s
1
Who am I
1. Ashutosh Ahelleya
2. 2nd Year CSE Undergrad @ Amrita University, Amritapuri Campus
3. Member of bi0s CTF Team
4. Focuses on Cryptography in CTFs
2
InCTFj
1. Cyber Security Competition
2. Exclusively for School Students below 18 years of age
3. Exciting prizes for the winners of each quarter
4. Know any student interested in Cyber Security?
a. https://junior.inctf.in/
3
Aim
1. Introduction to block ciphers
2. Discuss different block cipher modes
3. Describe CBC mode of encryption
4. Vulnerabilities in CBC mode
5. CBC Bit Flipping Attack- in depth with an example
6. Preventive measures against Bit-Flipping Attack
4
What is a block cipher?
1. Encrypting/Decrypting one block of data at a time deterministically
rather than each byte of plaintext
2. Symmetric key
3. Semantically much more secure than stream ciphers
4. What happens if the length of data isn’t a multiple of block size?
5. Implementation of block cipher using different modes
5
An example
1. Semantics
6
Block-cipher modes of operation
1. Describes how repeatedly to apply a cipher's single-block operation
securely
2. Mostly uses an IV (Initialisation Vector)
a. Unique
b. Secure (randomizes the encryption)
3. A symmetric key for encryption and decryption
7
Block-cipher modes of operation
8
CBC mode of encryption
1. CBC - Cipher Block Chaining
2. The ciphertext of one block of plaintext depends on the plaintext of all the
block processed upto that point. (Block Dependent)
1.Encryption: Ci = Ek(Pi xor Ci-1) for i>=1and C0 = IV
2.Decryption: Pi = Dk(Ci) xor Ci-1 for i>=1 and C0 = IV
9
Vulnerabilities in CBC
1. Depends on how it is implemented at the time of encryption
2. Poor semantics in block cipher mode -> more effective and efficient attack
3. AES function has not yet been efficiently attacked by the use of a normal
computer
4. Attacks are mostly discovered due to lack of precaution while
implementing it
Examples: Bit Flipping Attack, Padding Oracle Attack
10
Bit-Flipping Attack: in-depth
11
An example (Demo)
1. Such attacks have been used to bypass HTTP session tokens to gain
admin access
2. https://cryptopals.com/sets/2/challenges/16
12
How it works?
● The plain text block containing “?admin?true?” to be ‘P’.
● The cipher text block next to which we have the plain text block
containing “?admin?true?” to be ‘A’.
● The cipher text block of the corresponding plain text block containing
“?admin?true?” to be ‘B’.
13
The XORing
A = P xor BlockCipherDecryption(B)
A[n] = P[n] xor BlockCipherDecryption(B)[n]
BlockCipherDecryption(B[n]) = A[n] xor P[n] ----> Fixed
A[n] = PD xor (A[n] xor PA) (Plaintext value
desired - PD)
or A[n] = A[n] xor (PD xor PA) (Actual plaintext value -
PA)
14
Resources on CBC Bit Flipping Attack
1. http://swepssecurity.blogspot.nl/2014/05/bypassing-encrypted-session-
tokens.html
2. https://masterpessimistaa.wordpress.com/2017/05/03/cbc-bit-flipping-
attack/
15
How can it be prevented?
1. Do not prepend a random string before generating a cookie using
encryption function (sounds a bit absurd!)
2. Supply a function which verifies if the random string prepended before
encryption is the same after decryption of the cookie -> ensures no bit flip
and effective too!
16
Summary
1. Block Cipher
2. Block Cipher modes of operation
3. CBC mode of encryption semantically safer than the trivial ECB mode
4. Bit Flipping Attack
a. Change ciphertext in previous block changes plaintext of next block
b. Change session token to login as admin
5. Prevention against Bit Flipping Attack
17

More Related Content

What's hot

Intruders
IntrudersIntruders
Intruders
techn
 
Technique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSATechnique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSA
Houda Elmoutaoukil
 
SEH overwrite and its exploitability
SEH overwrite and its exploitabilitySEH overwrite and its exploitability
SEH overwrite and its exploitability
FFRI, Inc.
 

What's hot (20)

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentiality
 
Intruders
IntrudersIntruders
Intruders
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
 
Block Drivers
Block DriversBlock Drivers
Block Drivers
 
Technique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSATechnique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSA
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux
 
Alphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et Web
Alphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et WebAlphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et Web
Alphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et Web
 
BeagleBone Black Booting Process
BeagleBone Black Booting ProcessBeagleBone Black Booting Process
BeagleBone Black Booting Process
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
SEH overwrite and its exploitability
SEH overwrite and its exploitabilitySEH overwrite and its exploitability
SEH overwrite and its exploitability
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 

Similar to Bit flipping attack on aes cbc - ashutosh ahelleya

Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)
ceng
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 
Confidential data storage and deletion
Confidential data storage and deletionConfidential data storage and deletion
Confidential data storage and deletion
vitam,berhampur
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
DEEPAK948083
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
Mona Rajput
 
How To Become A Certified Blockchain Security Professional?
How To Become A Certified Blockchain Security Professional? How To Become A Certified Blockchain Security Professional?
How To Become A Certified Blockchain Security Professional?
101 Blockchains
 

Similar to Bit flipping attack on aes cbc - ashutosh ahelleya (20)

Information System Security.pptx
Information System  Security.pptxInformation System  Security.pptx
Information System Security.pptx
 
Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
Confidential data storage and deletion
Confidential data storage and deletionConfidential data storage and deletion
Confidential data storage and deletion
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
 
Nt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm PaperNt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm Paper
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
How To Become A Certified Blockchain Security Professional?
How To Become A Certified Blockchain Security Professional? How To Become A Certified Blockchain Security Professional?
How To Become A Certified Blockchain Security Professional?
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 

More from Cysinfo Cyber Security Community

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Analysis of android apk using adhrit by Abhishek J.M
 Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques   	monnappa k aUnderstanding evasive hollow process injection techniques   	monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication  by ajithkumar vyasaraoSecurity challenges in d2d communication  by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr   siddharth muraleeDynamic binary analysis using angr   siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Security Analytics using ELK stack
Security Analytics using ELK stack	Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis	Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation	Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat	ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack	XXE - XML External Entity Attack
XXE - XML External Entity Attack
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 

Bit flipping attack on aes cbc - ashutosh ahelleya

  • 2. Who am I 1. Ashutosh Ahelleya 2. 2nd Year CSE Undergrad @ Amrita University, Amritapuri Campus 3. Member of bi0s CTF Team 4. Focuses on Cryptography in CTFs 2
  • 3. InCTFj 1. Cyber Security Competition 2. Exclusively for School Students below 18 years of age 3. Exciting prizes for the winners of each quarter 4. Know any student interested in Cyber Security? a. https://junior.inctf.in/ 3
  • 4. Aim 1. Introduction to block ciphers 2. Discuss different block cipher modes 3. Describe CBC mode of encryption 4. Vulnerabilities in CBC mode 5. CBC Bit Flipping Attack- in depth with an example 6. Preventive measures against Bit-Flipping Attack 4
  • 5. What is a block cipher? 1. Encrypting/Decrypting one block of data at a time deterministically rather than each byte of plaintext 2. Symmetric key 3. Semantically much more secure than stream ciphers 4. What happens if the length of data isn’t a multiple of block size? 5. Implementation of block cipher using different modes 5
  • 7. Block-cipher modes of operation 1. Describes how repeatedly to apply a cipher's single-block operation securely 2. Mostly uses an IV (Initialisation Vector) a. Unique b. Secure (randomizes the encryption) 3. A symmetric key for encryption and decryption 7
  • 8. Block-cipher modes of operation 8
  • 9. CBC mode of encryption 1. CBC - Cipher Block Chaining 2. The ciphertext of one block of plaintext depends on the plaintext of all the block processed upto that point. (Block Dependent) 1.Encryption: Ci = Ek(Pi xor Ci-1) for i>=1and C0 = IV 2.Decryption: Pi = Dk(Ci) xor Ci-1 for i>=1 and C0 = IV 9
  • 10. Vulnerabilities in CBC 1. Depends on how it is implemented at the time of encryption 2. Poor semantics in block cipher mode -> more effective and efficient attack 3. AES function has not yet been efficiently attacked by the use of a normal computer 4. Attacks are mostly discovered due to lack of precaution while implementing it Examples: Bit Flipping Attack, Padding Oracle Attack 10
  • 12. An example (Demo) 1. Such attacks have been used to bypass HTTP session tokens to gain admin access 2. https://cryptopals.com/sets/2/challenges/16 12
  • 13. How it works? ● The plain text block containing “?admin?true?” to be ‘P’. ● The cipher text block next to which we have the plain text block containing “?admin?true?” to be ‘A’. ● The cipher text block of the corresponding plain text block containing “?admin?true?” to be ‘B’. 13
  • 14. The XORing A = P xor BlockCipherDecryption(B) A[n] = P[n] xor BlockCipherDecryption(B)[n] BlockCipherDecryption(B[n]) = A[n] xor P[n] ----> Fixed A[n] = PD xor (A[n] xor PA) (Plaintext value desired - PD) or A[n] = A[n] xor (PD xor PA) (Actual plaintext value - PA) 14
  • 15. Resources on CBC Bit Flipping Attack 1. http://swepssecurity.blogspot.nl/2014/05/bypassing-encrypted-session- tokens.html 2. https://masterpessimistaa.wordpress.com/2017/05/03/cbc-bit-flipping- attack/ 15
  • 16. How can it be prevented? 1. Do not prepend a random string before generating a cookie using encryption function (sounds a bit absurd!) 2. Supply a function which verifies if the random string prepended before encryption is the same after decryption of the cookie -> ensures no bit flip and effective too! 16
  • 17. Summary 1. Block Cipher 2. Block Cipher modes of operation 3. CBC mode of encryption semantically safer than the trivial ECB mode 4. Bit Flipping Attack a. Change ciphertext in previous block changes plaintext of next block b. Change session token to login as admin 5. Prevention against Bit Flipping Attack 17

Editor's Notes

  1. Deterministic Algorithm- given a particular input, will always produce the same output