On the security of CBC Mode in SSL3.0 and TLS1.0 – Journal of Internet Services and Information Security

Volume 6 - Issue 1

On the security of CBC Mode in SSL3.0 and TLS1.0

Takashi kurokaway National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
blackriver@nict.go.jp
Ryo Nojima National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
ryo-no@nict.go.jp
Shiho Moriai National Institute of Information and Communications Technology, Koganei, Tokyo, Japan
shiho.moriai@nict.go.jp

DOI: 10.22667/JISIS.2016.02.31.002

Keywords: SSL3.0, TLS1.0, CBC Mode, The BEAST attack, Security

Abstract

Currently, SSL (Secure Socket Layer) and TLS (Transport Layer Security) are two of the most widely used security protocols on the Internet and TLS1.0 is one of the most supported protocol versions through SSL/TLS. To protect the application data in SSL3.0/TLS1.0, two bulk data encryption algorithms are selected by the ciphesuites of them: the stream cipher encryption or the block cipher encryption in combination with the cipher block chaining (CBC) mode of operation. For these several years, they have been criticized to be insecure when used in the real world. For example, the BEAST attack against TLS1.0 and the POODLE attack against SSL3.0 had a significant impact on the internet security not least because their techniques are clever and their computational costs are low. In this paper, we survey their attacks and prove theoretically that the patched CBC mode in TLS1.0 satisfies indistinguishability, which implies that it is secure against BEAST type of attack.

Date

February 2016

Page Number

2-19