Volume 6 - Issue 1
On the security of CBC Mode in SSL3.0 and TLS1.0
- Takashi kurokaway
National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
blackriver@nict.go.jp
- Ryo Nojima
National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
ryo-no@nict.go.jp
- Shiho Moriai
National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
shiho.moriai@nict.go.jp
Keywords: SSL3.0, TLS1.0, CBC Mode, The BEAST attack, Security
Abstract
Currently, SSL (Secure Socket Layer) and TLS (Transport Layer Security) are two of the most widely
used security protocols on the Internet and TLS1.0 is one of the most supported protocol versions
through SSL/TLS. To protect the application data in SSL3.0/TLS1.0, two bulk data encryption algorithms
are selected by the ciphesuites of them: the stream cipher encryption or the block cipher
encryption in combination with the cipher block chaining (CBC) mode of operation. For these several
years, they have been criticized to be insecure when used in the real world. For example, the
BEAST attack against TLS1.0 and the POODLE attack against SSL3.0 had a significant impact on
the internet security not least because their techniques are clever and their computational costs are
low. In this paper, we survey their attacks and prove theoretically that the patched CBC mode in
TLS1.0 satisfies indistinguishability, which implies that it is secure against BEAST type of attack.