Attack and Hack with Padding Oracle

• Published in: 2024 International Conference Automatics and Informatics (ICAI) pp. 34 - 39
• Main Authors: Dimitrova, Mariyana, Ivanov, Ivan
• Format: Conference Proceeding
• Language: English
• Published: IEEE 10.10.2024
• Subjects: AES; Business; cipher block chaining; Computer hacking; Cryptographic protocols; Encryption; Government; hacker attack; Libraries; Linux; padding; Padding Oracle Attack; Python; Reliability
• DOI: 10.1109/ICAI63388.2024.10851573

From ancient times cryptography is one of the key elements to keep data protected and secured. The necessity for the governments and business to keep their data and communication secure and safe originated the need for different kinds of cryptographic mechanisms and algorithms. Symmetric and asymmetric encryption has been developed together with different kinds of encrypting algorithms, encryption standards and cryptographic protocols to protect the data and the messages when it is in peace, in transfer or stored on a device. The goal is to provide integrity and confidentiality of the data and message contents. Very often, due to errors in the design, documentation and of the widespread libraries allow violations against encryption algorithms and protocols. This report examines one of the most famous symmetric encryption cryptographic protocols, i.e. the cipher block chaining (CBC) mode [1] which gives the possibility for the hackers to perform Padding Oracle attacks [2]. This attack can affect most of the communication channels secured by such protocols. A python code is used to show the padding workflow algorithm. For the tests in the experimental part are used python programing language and Burp Suite [3] installed on Kali Linux [4] to exploit Padding Oracle. This report highlights the padding decryption problem which is an actual issue in the cybersecurity area because an integrity feature is revealing information.