Subverting Decryption in AEAD

Armour, M.; Poettering, B.

doi:10.5281/zenodo.3951943

July 20, 2020 Conference paper Open Access

Subverting Decryption in AEAD

Armour, M.; Poettering, B.

This work introduces a new class of Algorithm Substitution Attack (ASA) on Symmetric Encryption Schemes. ASAs were introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance. An ASA replaces an encryption scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users. Previous work posited that a particular class of AEAD scheme (satisfying certain correctness and uniqueness properties) is resilient against subversion. Many if not all real-world constructions – such as GCM, CCM and OCB – are members of this class. Our results stand in opposition to those prior results. We present a potent ASA that generically applies to any AEAD scheme, is undetectable in all previous frameworks and which achieves successful exfiltration of user keys. We give even more efficient non-generic attacks against a selection of AEAD implementations that are most used in practice. In contrast to prior work, our new class of attack targets the decryption algorithm rather than encryption. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.

Preview

Files (657.4 kB)

Name	Size
28-Subverting Decryption in AEAD.pdf md5:ec188bc99e7ec227085c8a871392f41b	657.4 kB	Download

Citations

107

116

views

downloads

See more details...

	All versions	This version
Views	107	107
Downloads	116	116
Data volume	76.3 MB	76.3 MB
Unique views	102	102
Unique downloads	114	114

More info on how stats are collected.

Indexed in

Publication date:

July 20, 2020

DOI:

Keyword(s):

Algorithm Substitution Attacks Privacy Symmetric Encryption Mass Surveillance

Grants:

European Commission:

FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module (779391)

Meeting:

Cryptography and Coding - 17th IMA International Conference (IMACC 2019), St Anne's College, University of Oxford, 16 - 18 December 2019

Alternate identifiers:

10.1007/978-3-030-35199-1_2

Communities:

FutureTPM

License (for files):

Creative Commons Attribution 4.0 International

Versions

Version 1 10.5281/zenodo.3951943

Jul 20, 2020

Cite all versions? You can cite all versions by using the DOI 10.5281/zenodo.3951942. This DOI represents all versions, and will always resolve to the latest one. Read more.

Subverting Decryption in AEAD

Versions

Share

Cite as

Export

About

Blog

Help

Developers

Contribute

Subverting Decryption in AEAD

Zenodo DOI Badge

DOI

10.5281/zenodo.3951943

Markdown

[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.3951943.svg)](https://doi.org/10.5281/zenodo.3951943)

reStructedText

.. image:: https://zenodo.org/badge/DOI/10.5281/zenodo.3951943.svg :target: https://doi.org/10.5281/zenodo.3951943

HTML

<a href="https://doi.org/10.5281/zenodo.3951943"><img src="https://zenodo.org/badge/DOI/10.5281/zenodo.3951943.svg" alt="DOI"></a>

Image URL

https://zenodo.org/badge/DOI/10.5281/zenodo.3951943.svg

Target URL

https://doi.org/10.5281/zenodo.3951943

Versions

Share

Cite as

Export