Adaptive Chosen-Ciphertext Attacks
XML Encryption typically uses a hybrid encryption scheme to protect data confidentiality. To this end, the data is first encrypted with a symmetric key (e.g., by using an AES-CBC algorithm). Afterwards, the symmetric key is encrypted with a public encryption scheme by applying the server's public key (e.g., by using RSA PKCS1). Servers using Cipher Block Chaining (CBC) mode of operation and RSA PKCS1 are under certain circumstances vulnerable to adaptive chosen-ciphertext attacks. These attacks allow an attacker to recover the encrypted data. In the following, we give a high-level description of these attacks and how they can be applied to XML Encryption applications.
In an adaptive chosen-ciphertext attack scenario, the attacker's goal is to decrypt a ciphertext C without any knowledge of the (symmetric or asymmetric) decryption key. To this end, he iteratively issues new ciphertexts C', C'', ... that are somehow related to the original ciphertext C. He sends the ciphertexts to a receiver, and observes its responses. The receiver acts as an oracle since its responses leak specific information about the validity of the decrypted message. With each response the attacker learns some plaintext information. He repeats these steps until he decrypts C. See the following figure for the description of this scenario.
Two major examples of these attacks are Vaudenay's attack on CBC-based symmetric encryption and Bleichenbacher's attack on RSA-PKCS1-based public-key encryption. Cryptographic details behind these attacks are not relevant to this description. It is just necessary to know that the attacks against these cryptographic algorithms are applicable if an oracle is given that decrypts a ciphertext and responds with 1 (valid) or 0 (invalid) according to the validity of the decrypted message. A typical reason for answering with 0 is that the decrypted message contains an invalid padding. Thus, the attacks are also known as padding oracle attacks.
Recently, two works on XML Encryption were published that are based on the attacks of Vaudenay and Bleichenbacher:
- Attack on CBC-based symmetric ciphertexts in XML Encryption
- Attack on RSA PKCS1-based asymmetric ciphertexts in XML Encryption
There exist two attack subtypes:
- Attack on symmetric ciphertexts in XML Encryption: The attack on symmetric CBC-ciphertexts generalizes the idea behind Vaudenay's padding oracle attacks. The attacker exploits the behavior of XML servers that need to parse XML messages after they are decrypted. In case the message cannot be parsed, the server responds with a failure, which gives the attacker a hint on message validity. This enables to perform a highly efficient attack and decrypt one encrypted byte by issuing only 14 server queries on average.
- Attack on asymmetric ciphertexts in XML Encryption: The attack on asymmetric ciphertexts completely breaks confidentiality of the exchanged symmetric keys encrypted with the RSA-PKCS#1 v1.5 padding scheme. The gained symmetric key enables the attacker to decrypt the symmetric ciphertext in the XML message. The attacker can determine validity of the modified RSA-PKCS#1 v1.5 ciphertext by an invalid server response, which is triggered when, for example, the RSA-PKCS#1 v1.5 ciphertext decrypts to a symmetric key of an invalid length.
Prerequisites for attack
The following prerequisites are needed to execute the attacks:
- Attacker can reach endpoint from its location.
- Attacker is in possession of an encrypted SOAP message.
- Attacker can modify the ciphertext inside the message and this modification is not rejected by the server. This means the ciphertext is not signed or the attacker can execute further attacks (e.g. XML Signature Wrapping) to modify the signed ciphertext.
- The server responds with 1 or 0 according to the validity of the decrypted message. The different messages can, for example, be a result of incorrect decryption processing or parsing of the decrypted message.
Graphical representation of attack
The attack targets the decryption component of a Web Service, in combination with the application logic (if the ciphertext is correctly decrypted, the attacker can get information based on the error messages coming from the application logic).
- Red = attacked web service component
- Black = location of attacker
- Blue = web service component not directly involved in attack.