4.14 STAYING UP TO DATE

EXERCISE 4.14: STAYING UP TO DATE

Despite the fact that this attack is over \(20\) years old, it continues to haunt the internet. Do a little Google searching and find out about the current state of this attack both in terms of prevention and updated variants. Make sure to find out about the ROBOT attack. We’ll talk about this one again when we discuss TLS.

---

In the original paper published by Daniel Bleichenbacher (Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PCKS #1), he outlines some ways to prevent the attack in the Conclusion section of the paper:

” We conclude not only that it is important to include a strong integrity check into an RSA encryption, but also that this integrity check must be perfomed in the correct step of the protocol – preferably immediately after decryption. The phase between decryption and integrity check is critical, because even sending out error messages can present a security risk. We also believe that we have provided a strong argument to use plaintext-aware encryption schemes, such as the one described by Bellare and Rogaway. Note that plaintext awareness implies security against chosen-ciphertext attacks. In particular, Version 2 of PKCS #1, which makes use [3] is not susceptible to the attack described in this paper. ”

He closed the paper by saying:

” It is a good idea to have a receiver check the integrity of a message immediately after decrypting that message. Even better is to check integrity before decrypting a message, as Cramer and Shoup show is possible [4] ”

If you want to know more about the ROBOT attack, head on over to: https://robotattack.org/