Abstract - Security Symposium - 2000
A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols
Jonathan Katz, Columbia University; Bruce Schneier, Counterpane Internet Security, Inc.
Abstract
Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to proivide confidentialtiy and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serous security hole in these protocols: any encrypted e-mail can be decrypted using a one-message, adaptive chosen-ciphertext attack which exploits the structure of the block cipher chaining models used. Although such attacks seem to be of primarily theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used. We suggest several solutions to protect against this class of attack.
- View the full text of this paper in PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|