Adaptive Chosen-Ciphertext Attacks
XML Encryption typically uses a hybrid encryption scheme to protect data confidentiality. To this end, the data is first encrypted with a symmetric key (e.g., by using an AES-CBC algorithm). Afterwards, the symmetric key is encrypted with a public encryption scheme by applying the server's public key (e.g., by using RSA PKCS1). Servers using Cipher Block Chaining (CBC) mode of operation and RSA PKCS1 are under certain circumstances vulnerable to adaptive chosen-ciphertext attacks. These attacks allow an attacker to recover the encrypted data. In the following, we give a high-level description of these attacks and how they can be applied to XML Encryption applications.
In an adaptive chosen-ciphertext attack scenario, the attacker's goal is to decrypt a ciphertext C without any knowledge of the (symmetric or asymmetric) decryption key. To this end, he iteratively issues new ciphertexts C', C'', ... that are somehow related to the original ciphertext C. He sends the ciphertexts to a receiver, and observes its responses. The receiver acts as an oracle since its responses leak specific information about the validity of the decrypted message. With each response the attacker learns some plaintext information. He repeats these steps until he decrypts C. See the following figure for the description of this scenario.
Two major examples of these attacks are Vaudenay's attack on CBC-based symmetric encryption and Bleichenbacher's attack on RSA-PKCS1-based public-key encryption. Cryptographic details behind these attacks are not relevant to this description. It is just necessary to know that the attacks against these cryptographic algorithms are applicable if an oracle is given that decrypts a ciphertext and responds with 1 (valid) or 0 (invalid) according to the validity of the decrypted message. A typical reason for answering with 0 is that the decrypted message contains an invalid padding. Thus, the attacks are also known as padding oracle attacks.
Recently, two works on XML Encryption were published that are based on the attacks of Vaudenay and Bleichenbacher:
- Attack on CBC-based symmetric ciphertexts in XML Encryption
- Attack on RSA PKCS1-based asymmetric ciphertexts in XML Encryption
There exist two attack subtypes:
- Attack on symmetric ciphertexts in XML Encryption: The attack on symmetric CBC-ciphertexts generalizes the idea behind Vaudenay's padding oracle attacks. The attacker exploits the behavior of XML servers that need to parse XML messages after they are decrypted. In case the message cannot be parsed, the server responds with a failure, which gives the attacker a hint on message validity. This enables to perform a highly efficient attack and decrypt one encrypted byte by issuing only 14 server queries on average.
- Attack on asymmetric ciphertexts in XML Encryption: The attack on asymmetric ciphertexts completely breaks confidentiality of the exchanged symmetric keys encrypted with the RSA-PKCS#1 v1.5 padding scheme. The gained symmetric key enables the attacker to decrypt the symmetric ciphertext in the XML message. The attacker can determine validity of the modified RSA-PKCS#1 v1.5 ciphertext by an invalid server response, which is triggered when, for example, the RSA-PKCS#1 v1.5 ciphertext decrypts to a symmetric key of an invalid length.
Prerequisites for attack
The following prerequisites are needed to execute the attacks:
- Attacker can reach endpoint from its location.
- Attacker is in possession of an encrypted SOAP message.
- Attacker can modify the ciphertext inside the message and this modification is not rejected by the server. This means the ciphertext is not signed or the attacker can execute further attacks (e.g. XML Signature Wrapping) to modify the signed ciphertext.
- The server responds with 1 or 0 according to the validity of the decrypted message. The different messages can, for example, be a result of incorrect decryption processing or parsing of the decrypted message.
Graphical representation of attack
The attack targets the decryption component of a Web Service, in combination with the application logic (if the ciphertext is correctly decrypted, the attacker can get information based on the error messages coming from the application logic).
- Red = attacked web service component
- Black = location of attacker
- Blue = web service component not directly involved in attack.
Attack mitigation / countermeasures
There are several ways to mitigate these attacks:
- Use secure crypto algorithms: AES-CBC and RSA-PKCS#1 v1.5 are in general very old and proven to be insecure in many scenarios. The best way to mitigate these attacks is to use newer encryption schemes, like AES-GCM or RSA-PKCS#1 v2 (aka RSA-OAEP). Make sure the attacker cannot enforce your server to speak AES-CBC or RSA-PKCS#1 v1.5, otherwise you can still be vulnerable to backwards compatibility attacks.
- Protect the integrity and authenticity of the ciphertexts: You can used XML Signatures to protect your symmetric ciphertexts, by computing the signature over the ciphertext. However, make sure the attacker cannot force the server to decrypt unprotected ciphertexts. He could potentially achieve this by performing XML Signature Wrapping or XML Encryption Wrapping attacks. For example, he could execute an XML Signature Wrapping attack to get access to the unprotected ciphertext, and afterwards he could perform the adaptive chosen-ciphertext attack.
- Daniel Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Hugo Krawczyk, editor, Advances in Cryptology – CRYPTO’98, August 1998
- Serge Vaudenay. Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS ... In Lars R. Knudsen, editor, Advances in Cryptology – EUROCRYPT 2002, April / May 2002
- Tibor Jager, Juraj Somorovsky. How To Break XML Encryption. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), 2011. https://www.nds.rub.de/research/publications/breaking-xml-encryption/
- Tibor Jager, Sebastian Schinzel, Juraj Somorovsky. Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption. In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS), 2012. https://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15/
- Juraj Somorovsky, Jörg Schwenk. Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption. In Proceedings of the SERVICES Workshop on Security and Privacy Engineering, 2012. https://www.nds.rub.de/research/publications/breaking-xml-encryption-countermeasures/
- Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2013. https://www.nds.rub.de/research/publications/backwards-compatibility/
- Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky. How to Break XML Encryption - Automatically. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT), 2015. https://www.nds.rub.de/research/publications/how-to-break-xml-encryption-automatically/
- Juraj Somorovsky. How to attack XML Encryption in IBM Datapower (and other Web Services) with WS-Attacker. http://web-in-security.blogspot.de/2015/05/how-to-attack-xml-encryption-in-ibm.html
- Juraj Somorovsky. How to Break XML Encryption - Automatically. Blackhat Europe 2015. https://www.youtube.com/watch?v=qZPPdW3Asgs
- Juraj Somorovsky. On the Insecurity of XML Security. PhD thesis supervised by Jörg Schwenk and Kenny Paterson, Ruhr University Bochum. https://www.nds.rub.de/research/publications/xmlinsecurity/
- Configure IBM DataPower Gateways effectively to prevent XML Encryption attacks, July 2015. http://www-01.ibm.com/support/docview.wss?uid=swg21962335