ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
On the security of CBC Mode in SSL3.0 and TLS1.0
Currently, SSL (Secure Socket Layer) and TLS (Transport Layer Security) are two of the most widely used security protocols on the Internet and TLS1.0 is one of the most supported protocol versions through SSL/TLS. To protect the application data in SSL3.0/TLS1.0, two bulk data encryption algorithms are selected by the ciphesuites of them: the stream cipher encryption or the block cipher encryption in combination with the cipher block chaining (CBC) mode of operation. For these several years, they have been criticized to be insecure when used in the real world. For example, the BEAST attack against TLS1.0 and the POODLE attack against SSL3.0 had a significant impact on the internet security not least because their techniques are clever and their computational costs are low. In this paper, we survey their attacks and prove theoretically that the patched CBC mode in TLS1.0 satisfies indistinguishability, which implies that it is secure against BEAST type of attack.